| Bernd Brot | 15.09.2014 10:07 |
Win7: Fund Rce.Gen3 in Quarantäne. Weitere Vorgehensweise
Hallo
Gestern bekam ich von Antivir die Meldung, dass Rce.Gen3 in Quarantäne verschoben wurde.
Wie gehe ich jetzt weiter vor ?
Einfach nur löschen kann u.U. ungesund sein, habe ich gehört.
Gibt es auch eine Möglichkeit, herauszufinden, wo ich mir das eingefangen habe ?
Achja, ich bin freiberuflicher Fotograf, fällt das auch unter den gewerblichen Ausschluss ?
In bester Hoffnung, dass das nicht so ist, sende ich hier die Logfiles:
Defogger Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:18 on 15/09/2014 (EMQI Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by EMQI (ATTENTION: The logged in user is not administrator) on EMQI-PC on 15-09-2014 09:22:18
Running from C:\Users\EMQI\Desktop\Trojaner Board
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-09-03] (APN)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1815360027-1045131646-433386647-1000\...\MountPoints2: {330fb04a-b8e3-11e3-bf6c-806e6f6e6963} - D:\start.exe
ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\EMQI\AppData\Roaming\Mozilla\Firefox\Profiles\pfzra16c.FirefoxMarkus Alt
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-09-03] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 hasplms; C:\Windows\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [82800 2013-07-02] (X-Rite Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-10] (Avira Operations GmbH & Co. KG)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2013-07-10] (Nicomsoft Ltd.)
R2 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [10240 2013-07-10] (Nicomsoft Ltd.) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-15 09:22 - 2014-09-15 09:22 - 00000000 ____D () C:\FRST
2014-09-15 09:10 - 2014-09-15 09:22 - 00000000 ____D () C:\Users\EMQI\Desktop\Trojaner Board
2014-09-13 10:36 - 2014-09-13 10:36 - 00032108 _____ () C:\Users\EMQI\AppData\Local\recently-used.xbel
2014-09-13 00:08 - 2014-09-13 00:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 09:34 - 2014-09-12 09:34 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 00:49 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 00:49 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 00:49 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 00:49 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 00:49 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 00:49 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 00:49 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 00:49 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 00:49 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 00:49 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 00:49 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 00:49 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 00:49 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 00:49 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 00:49 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 00:49 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 00:49 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 00:49 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 00:49 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 00:49 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 00:49 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 00:49 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 00:49 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 00:49 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 00:49 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 00:49 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 00:49 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 00:49 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 00:49 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 00:49 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 00:49 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 00:49 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 00:49 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 00:49 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 00:49 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 00:49 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 00:49 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 00:49 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 00:49 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 00:49 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 00:49 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 00:49 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 00:49 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 00:49 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 00:49 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 00:49 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 00:48 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 00:48 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 00:48 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 00:48 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 00:48 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 00:48 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 00:48 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 00:48 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 00:48 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 00:48 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 00:44 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 00:44 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 19:59 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 19:59 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 19:59 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 19:59 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 19:59 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 19:59 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 19:59 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 19:59 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 19:59 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 19:59 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 19:59 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-08 13:52 - 2014-09-08 14:01 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-09-08 13:52 - 2014-09-08 13:52 - 00001040 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-09-08 13:36 - 2014-09-08 13:36 - 00000000 ___RD () C:\Users\EMQI\Creative Cloud Files
2014-09-08 13:31 - 2014-09-08 13:31 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-09-08 13:31 - 2014-09-08 13:31 - 00001297 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-09-08 13:26 - 2014-09-08 13:27 - 00615304 _____ (Adobe Systems Incorporated) C:\Users\EMQI\Downloads\CreativeCloudSet-Up.exe
2014-08-31 08:47 - 2014-08-31 08:47 - 00084592 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 08:47 - 2014-08-31 08:47 - 00084592 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-29 17:45 - 2014-08-29 17:45 - 00000000 ____D () C:\Users\EMQI\Desktop\Adobe Creative Cloud Fotografie (Photoshop CC + Lightroom) - 1 Jahreslizenz (PC Download)
2014-08-29 17:26 - 2014-08-29 17:27 - 01038704 _____ (Amazon Services LLC) C:\Users\EMQI\Downloads\Adobe_Creative_Cloud_Fotografie_Photoshop_CC_Lightroom_1_Jahreslizenz_Downloader.exe
2014-08-28 07:23 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 07:23 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 07:23 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 21:13 - 2014-08-20 21:13 - 00000000 ____D () C:\Users\EMQI\AppData\Local\Tools&More
2014-08-20 21:12 - 2014-08-20 21:12 - 00001942 _____ () C:\Users\Public\Desktop\Joe.lnk
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools&More
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\Program Files (x86)\Tools&More
2014-08-20 21:05 - 2014-08-20 21:05 - 01101648 _____ () C:\Users\EMQI\Downloads\Joe letzte Freeware Version - CHIP-Installer.exe
2014-08-19 12:56 - 2014-08-28 22:16 - 00000000 ____D () C:\Users\EMQI\AppData\Roaming\FileZilla
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-19 12:54 - 2014-09-15 09:18 - 00000000 ____D () C:\Users\EMQI Admin
2014-08-19 12:53 - 2014-08-19 12:53 - 06052529 _____ (Tim Kosse) C:\Users\EMQI\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 ____D () C:\Users\Surfer
2014-08-18 07:33 - 2014-09-15 08:34 - 00000000 ____D () C:\Users\EMQI\AppData\Local\Adobe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-15 09:22 - 2014-09-15 09:22 - 00000000 ____D () C:\FRST
2014-09-15 09:22 - 2014-09-15 09:10 - 00000000 ____D () C:\Users\EMQI\Desktop\Trojaner Board
2014-09-15 09:18 - 2014-08-19 12:54 - 00000000 ____D () C:\Users\EMQI Admin
2014-09-15 08:35 - 2013-10-29 16:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-15 08:35 - 2013-10-29 16:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-15 08:34 - 2014-08-18 07:33 - 00000000 ____D () C:\Users\EMQI\AppData\Local\Adobe
2014-09-15 08:34 - 2013-11-13 10:43 - 00001406 ____H () C:\Windows\Tasks\{DD8046B0-2077-4899-AFCD-A0D034E183D4}.job
2014-09-15 08:32 - 2009-07-14 06:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 08:32 - 2009-07-14 06:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 08:29 - 2013-10-28 19:02 - 02000409 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 08:29 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-15 08:29 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-15 08:29 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 08:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 08:24 - 2009-07-14 06:51 - 00084068 _____ () C:\Windows\setupact.log
2014-09-13 11:54 - 2013-10-29 15:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-13 10:39 - 2013-10-29 18:12 - 00000000 ____D () C:\Users\EMQI\.gimp-2.8
2014-09-13 10:39 - 2013-10-28 19:04 - 00000000 ____D () C:\Users\EMQI
2014-09-13 10:36 - 2014-09-13 10:36 - 00032108 _____ () C:\Users\EMQI\AppData\Local\recently-used.xbel
2014-09-13 08:44 - 2013-10-30 16:39 - 00000000 ____D () C:\Users\EMQI\AppData\Local\gtk-2.0
2014-09-13 08:00 - 2013-11-13 10:43 - 00000388 _____ () C:\Windows\Tasks\X-Rite Device Services Software Updater.job
2014-09-13 00:08 - 2014-09-13 00:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 09:34 - 2014-09-12 09:34 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-12 09:34 - 2013-12-04 21:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-12 09:34 - 2013-10-29 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-12 09:34 - 2013-10-29 15:35 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-11 00:48 - 2013-12-04 21:31 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 00:48 - 2013-10-30 15:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 00:47 - 2013-10-29 16:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 00:44 - 2014-05-06 11:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 00:44 - 2013-10-29 16:43 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-08 14:01 - 2014-09-08 13:52 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-09-08 14:01 - 2013-10-28 20:07 - 00000000 ____D () C:\Users\EMQI\AppData\Roaming\Adobe
2014-09-08 13:59 - 2013-10-28 20:08 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-08 13:57 - 2013-10-30 13:27 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-08 13:57 - 2013-10-28 20:08 - 00000000 ____D () C:\Program Files\Adobe
2014-09-08 13:52 - 2014-09-08 13:52 - 00001040 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-09-08 13:52 - 2013-10-28 20:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-08 13:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-08 13:36 - 2014-09-08 13:36 - 00000000 ___RD () C:\Users\EMQI\Creative Cloud Files
2014-09-08 13:31 - 2014-09-08 13:31 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-09-08 13:31 - 2014-09-08 13:31 - 00001297 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-09-08 13:27 - 2014-09-08 13:26 - 00615304 _____ (Adobe Systems Incorporated) C:\Users\EMQI\Downloads\CreativeCloudSet-Up.exe
2014-09-05 04:10 - 2014-09-10 19:59 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 19:59 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 16:24 - 2013-10-29 15:48 - 00000000 ____D () C:\Users\EMQI\AppData\Roaming\Mozilla
2014-08-31 08:47 - 2014-08-31 08:47 - 00084592 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 08:47 - 2014-08-31 08:47 - 00084592 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-29 17:45 - 2014-08-29 17:45 - 00000000 ____D () C:\Users\EMQI\Desktop\Adobe Creative Cloud Fotografie (Photoshop CC + Lightroom) - 1 Jahreslizenz (PC Download)
2014-08-29 17:27 - 2014-08-29 17:26 - 01038704 _____ (Amazon Services LLC) C:\Users\EMQI\Downloads\Adobe_Creative_Cloud_Fotografie_Photoshop_CC_Lightroom_1_Jahreslizenz_Downloader.exe
2014-08-29 08:21 - 2009-07-14 06:45 - 00338904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 22:16 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\EMQI\AppData\Roaming\FileZilla
2014-08-23 04:07 - 2014-08-28 07:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 07:23 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 07:23 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 21:13 - 2014-08-20 21:13 - 00000000 ____D () C:\Users\EMQI\AppData\Local\Tools&More
2014-08-20 21:12 - 2014-08-20 21:12 - 00001942 _____ () C:\Users\Public\Desktop\Joe.lnk
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools&More
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\Program Files (x86)\Tools&More
2014-08-20 21:05 - 2014-08-20 21:05 - 01101648 _____ () C:\Users\EMQI\Downloads\Joe letzte Freeware Version - CHIP-Installer.exe
2014-08-19 20:05 - 2014-09-11 00:49 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 00:49 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-19 12:53 - 2014-08-19 12:53 - 06052529 _____ (Tim Kosse) C:\Users\EMQI\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-19 01:01 - 2014-09-11 00:49 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 00:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 00:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 00:48 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 00:49 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 00:48 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 00:49 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 00:49 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 00:49 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 00:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 00:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 00:49 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:08 - 2014-09-11 00:48 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:05 - 2014-09-11 00:49 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 00:49 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 00:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 00:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 00:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 00:49 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 00:49 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 00:49 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 00:49 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 00:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 00:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 00:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 00:49 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 00:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 00:49 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 00:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 00:49 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 00:49 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 00:49 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 00:49 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 00:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 00:49 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 00:49 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 00:49 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 00:49 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:23 - 2014-09-11 00:48 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:22 - 2014-09-11 00:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 00:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 00:49 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 00:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 00:48 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 00:49 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:15 - 2014-09-11 00:48 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:09 - 2014-09-11 00:49 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 00:48 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 00:49 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 00:48 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 00:48 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 00:49 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:38 - 2014-09-11 00:48 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:37 - 2013-10-29 15:35 - 00000000 ____D () C:\ProgramData\Avira
2014-08-18 22:36 - 2014-09-11 00:49 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 ____D () C:\Users\Surfer
2014-08-18 14:40 - 2014-05-16 22:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
Files to move or delete:
====================
C:\Windows\Tasks\{DD8046B0-2077-4899-AFCD-A0D034E183D4}.job
Some content of TEMP:
====================
C:\Users\EMQI\AppData\Local\Temp\avgnt.exe
C:\Users\EMQI\AppData\Local\Temp\ose00000.exe
C:\Users\EMQI\AppData\Local\Temp\res1.tmp.exe
C:\Users\EMQI\AppData\Local\Temp\twi1.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by EMQI at 2014-09-15 09:22:39
Running from C:\Users\EMQI\Desktop\Trojaner Board
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1008.932.15229 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C1002}) (Version: 12.16.2.2040 - APN, LLC)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
GIMP 2.8.8 (HKLM\...\GIMP-2_is1) (Version: 2.8.8 - The GIMP Team)
GIMP Extensions 2.8.20131021 (HKLM\...\GIMP Extensions) (Version: 2.8.20131021 - Pedro Cunha)
i1Profiler (HKLM-x32\...\i1Profiler_is1) (Version: 1.5.0 - X-Rite)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Joe (HKLM-x32\...\{0AD3DEBC-5321-457E-8B43-8F546940169B}) (Version: 4.00.0050 - Wirth IT Design)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20051 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.19900.9.11 - Nero AG) Hidden
Nero CoverDesigner 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10800.6.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10300 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero MediaHome Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.10400 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
The Photographer's Ephemeris (HKLM-x32\...\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1) (Version: 1.1.1 - UNKNOWN)
The Photographer's Ephemeris (x32 Version: 1.1.1 - UNKNOWN) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
XRD i1d3 (x32 Version: 1.0.135 - X-Rite) Hidden
X-Rite Device Services Manager (HKLM-x32\...\{DD8046B0-2077-4899-AFCD-A0D034E183D4}) (Version: 2.3.75 - X-Rite)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: C:\Windows\Tasks\X-Rite Device Services Software Updater.job => ?
Task: C:\Windows\Tasks\{DD8046B0-2077-4899-AFCD-A0D034E183D4}.job => ?
==================== Loaded Modules (whitelisted) =============
2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-10-29 20:25 - 2012-12-11 14:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-10-08 10:34 - 2013-10-08 10:34 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-07-16 11:05 - 2014-07-16 11:05 - 05558432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^i1Profiler Tray.lnk => C:\Windows\pss\i1Profiler Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^XRGamma.lnk => C:\Windows\pss\XRGamma.lnk.CommonStartup
==================== Faulty Device Manager Devices =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/15/2014 08:26:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/14/2014 09:53:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/14/2014 04:16:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (09/14/2014 00:24:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/14/2014 08:44:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.1.5367, Zeitstempel: 0x541259dd
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.1.5367, Zeitstempel: 0x541225d2
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x474
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (09/14/2014 08:02:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/13/2014 07:16:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (09/13/2014 06:02:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/13/2014 01:45:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/13/2014 11:56:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (09/09/2014 06:44:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 09.09.2014 um 16:22:18 unerwartet heruntergefahren.
Error: (09/07/2014 06:26:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk10\DR12 gefunden.
Error: (09/07/2014 06:26:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk10\DR12 gefunden.
Error: (09/07/2014 05:07:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (09/06/2014 11:16:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (09/01/2014 11:27:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (08/30/2014 03:08:26 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error: (08/30/2014 03:08:25 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error: (08/30/2014 03:08:25 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error: (08/30/2014 03:08:24 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Microsoft Office Sessions:
=========================
Error: (09/15/2014 08:26:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/14/2014 09:53:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/14/2014 04:16:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe
Error: (09/14/2014 00:24:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/14/2014 08:44:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.1.5367541259ddmozalloc.dll32.0.1.5367541225d2800000030000141b47401cfcfe28ff98114C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll9ca9bed1-3bda-11e4-81b5-8c89a5599717
Error: (09/14/2014 08:02:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/13/2014 07:16:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe
Error: (09/13/2014 06:02:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/13/2014 01:45:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/13/2014 11:56:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD A6-3650 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 16%
Total physical RAM: 15845.4 MB
Available physical RAM: 13161.66 MB
Total Pagefile: 31688.98 MB
Available Pagefile: 28898.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:29.26 GB) NTFS
Drive d: (Video-Training) (CDROM) (Total:3.69 GB) (Free:0 GB) CDFS
Drive i: (Volume) (Fixed) (Total:1863.01 GB) (Free:141.76 GB) NTFS
Drive m: (NIKON D700) (Removable) (Total:7.45 GB) (Free:4.77 GB) FAT32
Drive o: () (Removable) (Total:14.72 GB) (Free:12.3 GB) FAT32
==================== MBR & Partition Table ==================
==================== End Of Log ============================
GMER Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-15 10:36:54
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 KINGSTON_SV300S37A120G rev.505ABBF1 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\EMQIAD~1\AppData\Local\Temp\kxldapod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077241465 2 bytes [24, 77]
.text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772414bb 2 bytes [24, 77]
.text ... * 2
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077241465 2 bytes [24, 77]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772414bb 2 bytes [24, 77]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077241465 2 bytes [24, 77]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772414bb 2 bytes [24, 77]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [3296] entry point in ".rdata" section 000000005b6e71e6
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077241465 2 bytes [24, 77]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772414bb 2 bytes [24, 77]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077241465 2 bytes [24, 77]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772414bb 2 bytes [24, 77]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077241465 2 bytes [24, 77]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772414bb 2 bytes [24, 77]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077241465 2 bytes [24, 77]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772414bb 2 bytes [24, 77]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077241465 2 bytes [24, 77]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772414bb 2 bytes [24, 77]
.text ... * 2
---- EOF - GMER 2.1 ----
Malwarebytes Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 15.09.2014
Suchlauf-Zeit: 10:20:11
Logdatei: Malwarebytes logfile.txt
Administrator: Nein
Version: 2.00.2.1012
Malware Datenbank: v2014.09.15.04
Rootkit Datenbank: v2014.09.13.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: EMQI
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 245511
Verstrichene Zeit: 5 Min, 38 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 0
(No malicious items detected)
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 0
(No malicious items detected)
Physische Sektoren: 0
(No malicious items detected)
(end)
Antivir Code:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 14. September 2014 23:14
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : EMQI-PC
Versionsinformationen:
BUILD.DAT : 14.0.6.570 92022 Bytes 15.08.2014 10:30:00
AVSCAN.EXE : 14.0.6.548 1046608 Bytes 30.07.2014 11:17:44
AVSCANRC.DLL : 14.0.6.522 62544 Bytes 30.07.2014 11:17:45
LUKE.DLL : 14.0.6.522 57936 Bytes 30.07.2014 11:18:51
AVSCPLR.DLL : 14.0.6.548 92752 Bytes 30.07.2014 11:17:45
AVREG.DLL : 14.0.6.522 262224 Bytes 30.07.2014 11:17:36
avlode.dll : 14.0.6.526 603728 Bytes 30.07.2014 11:17:34
avlode.rdf : 14.0.4.46 64835 Bytes 08.09.2014 11:36:52
XBV00009.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00010.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00011.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00012.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00013.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00014.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00015.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00016.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00244.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00245.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00246.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00247.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00248.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00249.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00250.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00251.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00252.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00253.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00254.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00255.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 18:14:08
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 18:14:08
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 18:14:08
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 18:14:08
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 18:14:08
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 18:14:08
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 13:38:07
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 18:01:59
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 11:23:30
XBV00042.VDF : 8.11.167.234 1073152 Bytes 19.08.2014 11:29:08
XBV00043.VDF : 8.11.167.236 3584 Bytes 19.08.2014 11:29:08
XBV00044.VDF : 8.11.167.238 17408 Bytes 19.08.2014 17:29:07
XBV00045.VDF : 8.11.167.242 7168 Bytes 19.08.2014 17:29:07
XBV00046.VDF : 8.11.167.248 2048 Bytes 19.08.2014 17:29:07
XBV00047.VDF : 8.11.168.26 19968 Bytes 19.08.2014 17:29:07
XBV00048.VDF : 8.11.168.44 10240 Bytes 19.08.2014 13:53:25
XBV00049.VDF : 8.11.168.60 2048 Bytes 19.08.2014 13:53:25
XBV00050.VDF : 8.11.168.78 27136 Bytes 20.08.2014 13:53:25
XBV00051.VDF : 8.11.168.80 2048 Bytes 20.08.2014 13:53:25
XBV00052.VDF : 8.11.168.98 15360 Bytes 20.08.2014 13:53:25
XBV00053.VDF : 8.11.168.100 2048 Bytes 20.08.2014 13:53:25
XBV00054.VDF : 8.11.168.116 28160 Bytes 20.08.2014 19:53:25
XBV00055.VDF : 8.11.168.118 9216 Bytes 20.08.2014 04:55:56
XBV00056.VDF : 8.11.168.120 4096 Bytes 20.08.2014 04:55:56
XBV00057.VDF : 8.11.168.124 12800 Bytes 21.08.2014 17:01:48
XBV00058.VDF : 8.11.168.126 25088 Bytes 21.08.2014 17:01:48
XBV00059.VDF : 8.11.168.132 33280 Bytes 21.08.2014 05:11:34
XBV00060.VDF : 8.11.168.134 2048 Bytes 21.08.2014 05:11:34
XBV00061.VDF : 8.11.168.138 11776 Bytes 21.08.2014 05:11:34
XBV00062.VDF : 8.11.168.140 3584 Bytes 21.08.2014 05:11:34
XBV00063.VDF : 8.11.168.158 3584 Bytes 22.08.2014 11:11:37
XBV00064.VDF : 8.11.168.174 2048 Bytes 22.08.2014 11:11:37
XBV00065.VDF : 8.11.168.180 5120 Bytes 22.08.2014 11:11:37
XBV00066.VDF : 8.11.168.220 7168 Bytes 22.08.2014 11:11:37
XBV00067.VDF : 8.11.168.222 20480 Bytes 22.08.2014 17:11:35
XBV00068.VDF : 8.11.168.226 17920 Bytes 22.08.2014 05:32:26
XBV00069.VDF : 8.11.168.230 8704 Bytes 22.08.2014 05:32:26
XBV00070.VDF : 8.11.168.234 4608 Bytes 23.08.2014 14:27:08
XBV00071.VDF : 8.11.168.236 4608 Bytes 23.08.2014 14:27:08
XBV00072.VDF : 8.11.168.238 4608 Bytes 23.08.2014 14:27:08
XBV00073.VDF : 8.11.168.240 37376 Bytes 23.08.2014 07:12:09
XBV00074.VDF : 8.11.168.242 2048 Bytes 23.08.2014 07:12:09
XBV00075.VDF : 8.11.168.244 38400 Bytes 24.08.2014 13:12:09
XBV00076.VDF : 8.11.168.246 2048 Bytes 24.08.2014 13:12:09
XBV00077.VDF : 8.11.168.248 14848 Bytes 24.08.2014 19:12:10
XBV00078.VDF : 8.11.168.252 2048 Bytes 24.08.2014 19:12:10
XBV00079.VDF : 8.11.168.254 24576 Bytes 24.08.2014 19:12:10
XBV00080.VDF : 8.11.169.2 2048 Bytes 24.08.2014 05:04:38
XBV00081.VDF : 8.11.169.4 22528 Bytes 25.08.2014 05:04:38
XBV00082.VDF : 8.11.169.20 6656 Bytes 25.08.2014 11:04:35
XBV00083.VDF : 8.11.169.36 4608 Bytes 25.08.2014 11:04:35
XBV00084.VDF : 8.11.169.38 11264 Bytes 25.08.2014 11:04:35
XBV00085.VDF : 8.11.169.40 2048 Bytes 25.08.2014 11:04:35
XBV00086.VDF : 8.11.169.54 8192 Bytes 25.08.2014 17:04:35
XBV00087.VDF : 8.11.169.62 28672 Bytes 25.08.2014 07:17:00
XBV00088.VDF : 8.11.169.66 14336 Bytes 25.08.2014 07:17:00
XBV00089.VDF : 8.11.169.68 3584 Bytes 25.08.2014 07:17:00
XBV00090.VDF : 8.11.169.72 15872 Bytes 26.08.2014 07:17:00
XBV00091.VDF : 8.11.169.74 6144 Bytes 26.08.2014 07:17:00
XBV00092.VDF : 8.11.169.76 12288 Bytes 26.08.2014 07:17:00
XBV00093.VDF : 8.11.169.78 5632 Bytes 26.08.2014 13:17:00
XBV00094.VDF : 8.11.169.80 25088 Bytes 26.08.2014 13:17:00
XBV00095.VDF : 8.11.169.82 5120 Bytes 26.08.2014 13:17:00
XBV00096.VDF : 8.11.169.88 24064 Bytes 26.08.2014 19:17:21
XBV00097.VDF : 8.11.169.90 9216 Bytes 26.08.2014 19:17:22
XBV00098.VDF : 8.11.169.94 33280 Bytes 26.08.2014 05:32:56
XBV00099.VDF : 8.11.169.108 7680 Bytes 26.08.2014 05:32:56
XBV00100.VDF : 8.11.169.122 5120 Bytes 26.08.2014 05:32:56
XBV00101.VDF : 8.11.169.136 3072 Bytes 27.08.2014 05:32:56
XBV00102.VDF : 8.11.169.138 8704 Bytes 27.08.2014 05:32:56
XBV00103.VDF : 8.11.169.140 15872 Bytes 27.08.2014 11:32:56
XBV00104.VDF : 8.11.169.142 10240 Bytes 27.08.2014 11:32:56
XBV00105.VDF : 8.11.169.144 17408 Bytes 27.08.2014 11:32:56
XBV00106.VDF : 8.11.169.148 18944 Bytes 27.08.2014 18:05:18
XBV00107.VDF : 8.11.169.150 2048 Bytes 27.08.2014 18:05:18
XBV00108.VDF : 8.11.169.152 14336 Bytes 27.08.2014 05:23:49
XBV00109.VDF : 8.11.169.154 2048 Bytes 27.08.2014 05:23:49
XBV00110.VDF : 8.11.169.156 2048 Bytes 27.08.2014 05:23:49
XBV00111.VDF : 8.11.169.160 11264 Bytes 27.08.2014 05:23:49
XBV00112.VDF : 8.11.169.164 31744 Bytes 28.08.2014 05:23:49
XBV00113.VDF : 8.11.169.166 18432 Bytes 28.08.2014 11:23:53
XBV00114.VDF : 8.11.169.168 10240 Bytes 28.08.2014 17:23:49
XBV00115.VDF : 8.11.169.186 35328 Bytes 28.08.2014 17:23:49
XBV00116.VDF : 8.11.169.202 8192 Bytes 28.08.2014 06:26:46
XBV00117.VDF : 8.11.169.214 2048 Bytes 28.08.2014 06:26:46
XBV00118.VDF : 8.11.169.216 2048 Bytes 28.08.2014 06:26:46
XBV00119.VDF : 8.11.169.230 40960 Bytes 29.08.2014 06:26:46
XBV00120.VDF : 8.11.169.232 8192 Bytes 29.08.2014 12:26:46
XBV00121.VDF : 8.11.169.238 45056 Bytes 29.08.2014 12:26:46
XBV00122.VDF : 8.11.169.242 4096 Bytes 29.08.2014 12:26:46
XBV00123.VDF : 8.11.169.248 52224 Bytes 29.08.2014 18:26:54
XBV00124.VDF : 8.11.170.12 4096 Bytes 29.08.2014 05:09:09
XBV00125.VDF : 8.11.170.24 2560 Bytes 29.08.2014 05:09:09
XBV00126.VDF : 8.11.170.38 5632 Bytes 30.08.2014 11:51:00
XBV00127.VDF : 8.11.170.40 19456 Bytes 30.08.2014 11:51:02
XBV00128.VDF : 8.11.170.42 25088 Bytes 30.08.2014 17:50:06
XBV00129.VDF : 8.11.170.44 69632 Bytes 31.08.2014 13:19:50
XBV00130.VDF : 8.11.170.48 7168 Bytes 31.08.2014 19:19:50
XBV00131.VDF : 8.11.170.50 8192 Bytes 31.08.2014 19:19:50
XBV00132.VDF : 8.11.170.52 19456 Bytes 01.09.2014 11:01:01
XBV00133.VDF : 8.11.170.64 3072 Bytes 01.09.2014 11:01:02
XBV00134.VDF : 8.11.170.74 3584 Bytes 01.09.2014 11:01:02
XBV00135.VDF : 8.11.170.84 8192 Bytes 01.09.2014 11:01:03
XBV00136.VDF : 8.11.170.90 41472 Bytes 01.09.2014 06:18:25
XBV00137.VDF : 8.11.170.94 2048 Bytes 01.09.2014 06:18:25
XBV00138.VDF : 8.11.170.96 29696 Bytes 01.09.2014 06:18:25
XBV00139.VDF : 8.11.170.100 28160 Bytes 01.09.2014 06:18:25
XBV00140.VDF : 8.11.170.102 23552 Bytes 01.09.2014 06:18:25
XBV00141.VDF : 8.11.170.106 13824 Bytes 02.09.2014 06:18:25
XBV00142.VDF : 8.11.170.116 10752 Bytes 02.09.2014 14:13:51
XBV00143.VDF : 8.11.170.126 5632 Bytes 02.09.2014 14:13:51
XBV00144.VDF : 8.11.170.136 13824 Bytes 02.09.2014 14:13:51
XBV00145.VDF : 8.11.170.140 23040 Bytes 02.09.2014 20:43:02
XBV00146.VDF : 8.11.170.142 7168 Bytes 02.09.2014 20:43:02
XBV00147.VDF : 8.11.170.144 16384 Bytes 02.09.2014 20:43:02
XBV00148.VDF : 8.11.170.148 25600 Bytes 02.09.2014 20:43:02
XBV00149.VDF : 8.11.170.150 12800 Bytes 02.09.2014 20:43:02
XBV00150.VDF : 8.11.170.152 5632 Bytes 02.09.2014 06:31:46
XBV00151.VDF : 8.11.170.158 4608 Bytes 03.09.2014 06:31:46
XBV00152.VDF : 8.11.170.160 3072 Bytes 03.09.2014 06:31:46
XBV00153.VDF : 8.11.170.166 25600 Bytes 03.09.2014 12:31:48
XBV00154.VDF : 8.11.170.168 14848 Bytes 03.09.2014 12:31:48
XBV00155.VDF : 8.11.170.170 2048 Bytes 03.09.2014 12:31:48
XBV00156.VDF : 8.11.170.174 18944 Bytes 03.09.2014 18:31:46
XBV00157.VDF : 8.11.170.186 4608 Bytes 03.09.2014 04:53:57
XBV00158.VDF : 8.11.170.194 7680 Bytes 03.09.2014 04:53:57
XBV00159.VDF : 8.11.170.202 2560 Bytes 03.09.2014 04:53:57
XBV00160.VDF : 8.11.170.204 5120 Bytes 04.09.2014 04:53:57
XBV00161.VDF : 8.11.170.208 15360 Bytes 04.09.2014 10:53:59
XBV00162.VDF : 8.11.170.212 2048 Bytes 04.09.2014 10:53:59
XBV00163.VDF : 8.11.170.214 6656 Bytes 04.09.2014 16:53:56
XBV00164.VDF : 8.11.170.218 14848 Bytes 04.09.2014 16:53:56
XBV00165.VDF : 8.11.170.222 27648 Bytes 04.09.2014 06:30:37
XBV00166.VDF : 8.11.170.226 8192 Bytes 04.09.2014 06:30:37
XBV00167.VDF : 8.11.170.228 3072 Bytes 05.09.2014 06:30:37
XBV00168.VDF : 8.11.170.230 3072 Bytes 05.09.2014 06:30:37
XBV00169.VDF : 8.11.170.232 2560 Bytes 05.09.2014 06:30:37
XBV00170.VDF : 8.11.170.234 3584 Bytes 05.09.2014 12:30:37
XBV00171.VDF : 8.11.170.236 17920 Bytes 05.09.2014 12:30:37
XBV00172.VDF : 8.11.170.240 58368 Bytes 05.09.2014 18:30:38
XBV00173.VDF : 8.11.170.250 13312 Bytes 05.09.2014 06:27:51
XBV00174.VDF : 8.11.171.2 4608 Bytes 05.09.2014 06:27:51
XBV00175.VDF : 8.11.171.10 5632 Bytes 05.09.2014 06:27:51
XBV00176.VDF : 8.11.171.18 12288 Bytes 06.09.2014 12:28:25
XBV00177.VDF : 8.11.171.20 4608 Bytes 06.09.2014 12:28:25
XBV00178.VDF : 8.11.171.22 24576 Bytes 06.09.2014 18:28:25
XBV00179.VDF : 8.11.171.24 25600 Bytes 07.09.2014 15:32:44
XBV00180.VDF : 8.11.171.26 2048 Bytes 07.09.2014 15:32:44
XBV00181.VDF : 8.11.171.28 31744 Bytes 07.09.2014 15:32:44
XBV00182.VDF : 8.11.171.30 2048 Bytes 07.09.2014 15:32:45
XBV00183.VDF : 8.11.171.32 2048 Bytes 07.09.2014 15:32:45
XBV00184.VDF : 8.11.171.34 38912 Bytes 08.09.2014 05:36:52
XBV00185.VDF : 8.11.171.42 3072 Bytes 08.09.2014 11:36:52
XBV00186.VDF : 8.11.171.48 3584 Bytes 08.09.2014 11:36:52
XBV00187.VDF : 8.11.171.54 9728 Bytes 08.09.2014 11:36:53
XBV00188.VDF : 8.11.171.56 2048 Bytes 08.09.2014 11:36:53
XBV00189.VDF : 8.11.171.58 19968 Bytes 08.09.2014 17:36:53
XBV00190.VDF : 8.11.171.66 2048 Bytes 08.09.2014 17:36:53
XBV00191.VDF : 8.11.171.74 29184 Bytes 08.09.2014 06:10:44
XBV00192.VDF : 8.11.171.76 2048 Bytes 08.09.2014 06:10:44
XBV00193.VDF : 8.11.171.78 2048 Bytes 08.09.2014 06:10:44
XBV00194.VDF : 8.11.171.86 28160 Bytes 08.09.2014 06:10:44
XBV00195.VDF : 8.11.171.88 2048 Bytes 09.09.2014 06:10:44
XBV00196.VDF : 8.11.171.94 11776 Bytes 09.09.2014 06:10:44
XBV00197.VDF : 8.11.171.96 10240 Bytes 09.09.2014 06:10:44
XBV00198.VDF : 8.11.171.98 5120 Bytes 09.09.2014 20:04:07
XBV00199.VDF : 8.11.171.100 4096 Bytes 09.09.2014 20:04:07
XBV00200.VDF : 8.11.171.102 7680 Bytes 09.09.2014 20:04:07
XBV00201.VDF : 8.11.171.104 5120 Bytes 09.09.2014 20:04:07
XBV00202.VDF : 8.11.171.106 9216 Bytes 09.09.2014 20:04:07
XBV00203.VDF : 8.11.171.110 24576 Bytes 09.09.2014 20:04:07
XBV00204.VDF : 8.11.171.112 5632 Bytes 09.09.2014 20:04:07
XBV00205.VDF : 8.11.171.116 13824 Bytes 09.09.2014 09:21:34
XBV00206.VDF : 8.11.171.118 3584 Bytes 09.09.2014 09:21:34
XBV00207.VDF : 8.11.171.120 7680 Bytes 09.09.2014 09:21:34
XBV00208.VDF : 8.11.171.128 12288 Bytes 10.09.2014 09:21:34
XBV00209.VDF : 8.11.171.134 16384 Bytes 10.09.2014 09:21:34
XBV00210.VDF : 8.11.171.140 12288 Bytes 10.09.2014 09:21:34
XBV00211.VDF : 8.11.171.142 15872 Bytes 10.09.2014 15:21:35
XBV00212.VDF : 8.11.171.146 15872 Bytes 10.09.2014 21:21:35
XBV00213.VDF : 8.11.171.148 2048 Bytes 10.09.2014 21:21:35
XBV00214.VDF : 8.11.171.150 15360 Bytes 10.09.2014 21:21:35
XBV00215.VDF : 8.11.171.152 8192 Bytes 10.09.2014 21:21:35
XBV00216.VDF : 8.11.171.158 13312 Bytes 10.09.2014 05:29:26
XBV00217.VDF : 8.11.171.160 6656 Bytes 10.09.2014 05:29:26
XBV00218.VDF : 8.11.171.166 21504 Bytes 11.09.2014 05:29:26
XBV00219.VDF : 8.11.171.168 6144 Bytes 11.09.2014 12:14:18
XBV00220.VDF : 8.11.171.170 6144 Bytes 11.09.2014 12:14:18
XBV00221.VDF : 8.11.171.172 11264 Bytes 11.09.2014 12:14:18
XBV00222.VDF : 8.11.171.176 16896 Bytes 11.09.2014 21:09:37
XBV00223.VDF : 8.11.171.178 11264 Bytes 11.09.2014 21:09:37
XBV00224.VDF : 8.11.171.180 11776 Bytes 11.09.2014 21:09:37
XBV00225.VDF : 8.11.171.188 5120 Bytes 11.09.2014 21:09:37
XBV00226.VDF : 8.11.171.192 20992 Bytes 11.09.2014 07:33:49
XBV00227.VDF : 8.11.171.196 5120 Bytes 12.09.2014 07:33:49
XBV00228.VDF : 8.11.171.202 8192 Bytes 12.09.2014 07:33:49
XBV00229.VDF : 8.11.171.204 13824 Bytes 12.09.2014 07:33:49
XBV00230.VDF : 8.11.171.206 5632 Bytes 12.09.2014 13:33:49
XBV00231.VDF : 8.11.171.208 21504 Bytes 12.09.2014 13:33:49
XBV00232.VDF : 8.11.171.210 2560 Bytes 12.09.2014 13:33:49
XBV00233.VDF : 8.11.171.214 2048 Bytes 12.09.2014 13:33:49
XBV00234.VDF : 8.11.171.218 37888 Bytes 12.09.2014 19:56:47
XBV00235.VDF : 8.11.171.224 23040 Bytes 12.09.2014 05:26:45
XBV00236.VDF : 8.11.171.228 3584 Bytes 13.09.2014 11:48:28
XBV00237.VDF : 8.11.171.232 31744 Bytes 13.09.2014 11:48:28
XBV00238.VDF : 8.11.171.234 15872 Bytes 13.09.2014 17:48:28
XBV00239.VDF : 8.11.171.238 2048 Bytes 13.09.2014 17:48:28
XBV00240.VDF : 8.11.171.242 32768 Bytes 14.09.2014 12:05:14
XBV00241.VDF : 8.11.171.244 2048 Bytes 14.09.2014 12:05:14
XBV00242.VDF : 8.11.171.250 17920 Bytes 14.09.2014 18:05:13
XBV00243.VDF : 8.11.171.252 2048 Bytes 14.09.2014 18:05:13
LOCAL001.VDF : 8.11.171.252 110920704 Bytes 14.09.2014 18:05:26
Engineversion : 8.3.24.22
AEVDF.DLL : 8.3.1.6 133992 Bytes 20.08.2014 13:53:25
AESCRIPT.DLL : 8.2.0.22 436136 Bytes 04.09.2014 10:53:59
AESCN.DLL : 8.3.2.2 139456 Bytes 21.07.2014 11:20:52
AESBX.DLL : 8.2.20.24 1409224 Bytes 08.05.2014 17:02:46
AERDL.DLL : 8.2.0.138 704888 Bytes 02.12.2013 13:45:19
AEPACK.DLL : 8.4.0.50 792488 Bytes 07.08.2014 19:03:33
AEOFFICE.DLL : 8.3.0.20 216104 Bytes 14.08.2014 16:35:38
AEHEUR.DLL : 8.1.4.1266 7473064 Bytes 04.09.2014 10:53:59
AEHELP.DLL : 8.3.1.0 278728 Bytes 28.05.2014 19:33:47
AEGEN.DLL : 8.1.7.28 450752 Bytes 06.06.2014 12:06:14
AEEXP.DLL : 8.4.2.32 247712 Bytes 02.09.2014 14:13:49
AEEMU.DLL : 8.1.3.4 399264 Bytes 07.08.2014 19:03:31
AEDROID.DLL : 8.4.2.24 442568 Bytes 04.06.2014 12:47:16
AECORE.DLL : 8.3.2.6 243712 Bytes 07.08.2014 19:03:30
AEBB.DLL : 8.1.2.0 60448 Bytes 07.08.2014 19:03:30
AVWINLL.DLL : 14.0.6.522 24144 Bytes 30.07.2014 11:17:01
AVPREF.DLL : 14.0.6.522 50256 Bytes 30.07.2014 11:17:36
AVREP.DLL : 14.0.6.522 219216 Bytes 30.07.2014 11:17:36
AVARKT.DLL : 14.0.5.368 226384 Bytes 24.06.2014 12:19:41
AVEVTLOG.DLL : 14.0.6.522 182352 Bytes 30.07.2014 11:17:29
SQLITE3.DLL : 14.0.6.522 452176 Bytes 30.07.2014 11:18:58
AVSMTP.DLL : 14.0.6.522 76368 Bytes 30.07.2014 11:17:45
NETNT.DLL : 14.0.6.522 13392 Bytes 30.07.2014 11:18:51
RCIMAGE.DLL : 14.0.6.544 4863568 Bytes 30.07.2014 11:17:01
RCTEXT.DLL : 14.0.6.558 76080 Bytes 28.08.2014 11:23:52
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_5415f1c3\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Reparieren
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig
Beginn des Suchlaufs: Sonntag, 14. September 2014 23:14
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '146' Modul(e) wurden durchsucht
Durchsuche Prozess 'WTabletServiceCon.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Fuel.Service.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '130' Modul(e) wurden durchsucht
Durchsuche Prozess 'apnmcp.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'hasplms.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'xrdd.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '128' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '168' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'TBNotifier.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'Creative Cloud.exe' - '145' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeIPCBroker.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '259' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'avwebg7.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'Lightroom.exe' - '170' Modul(e) wurden durchsucht
Durchsuche Prozess 'CoreSync.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '138' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TabletUser.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'WacomHost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_Tablet.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TouchUser.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'Adobe CEF Helper.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'Adobe CEF Helper.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'Adobe CEF Helper.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_14_0_0_179.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_14_0_0_179.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'thunderbird.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\EMQI\AppData\Local\Mozilla\Firefox\Profiles\pfzra16c.FirefoxMarkus Alt\cache2\entries\63E16C3FD28A359DED41CF85FF677B92A77F6C1B'
C:\Users\EMQI\AppData\Local\Mozilla\Firefox\Profiles\pfzra16c.FirefoxMarkus Alt\cache2\entries\63E16C3FD28A359DED41CF85FF677B92A77F6C1B
[FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Rce.Gen3
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50b1971a.qua' verschoben!
Ende des Suchlaufs: Sonntag, 14. September 2014 23:14
Benötigte Zeit: 00:18 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
1148 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1147 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Mit bestem Gruß
Bernd |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
WARNUNG an die MITLESER: 