Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf

Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


Plagegeister aller Art und deren Bekämpfung: Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 23.09.2013, 10:35   #1
Schgazbarek
 
Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf - Standard

Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


Leider muss ich nochmal fragen, ob Ihr mal über meine logdateien schauen könnt.

Problem: Avira meldete den Zip-opener Reinstaller(auf Filepony hatte ich einst diese Anzeige angeklickt, im Glauben, ich würde mir das gewünschte Hilfsprogramm downloaden) und noch eine Adware.

Ich wählte "Entfernen". Kurz danach kam es wieder. Avira startete dann einen Scan, der aber bei 34% hängt und nicht weitergeht.

Als ich FRST starten wollte, meldete Avira, es wolle nun erst mal im Zuge von Clud-Sicherheit überprrüfen, was das denn sei.

Nun die geforderten Log-Dateien:

FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-09-2013
Ran by Win7 (administrator) on WIN7-PC on 23-09-2013 11:08:42
Running from C:\Users\Win7\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\avscan.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [3743344 2011-08-01] (VIA)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [EPSON BX620FWD Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBU.EXE /FU "C:\Windows\TEMP\E_S12E4.tmp" /EF "HKCU"
HKCU\...\Run: [Epson Stylus Office BX620FWD(Netzwerk)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBU.EXE /FU "C:\Windows\TEMP\E_S46B1.tmp" /EF "HKCU"
HKCU\...\Run: [Epson Stylus Office BX620FWD(Netzwerk) (1 kopieren)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBU.EXE /FU "C:\Windows\TEMP\E_S59F1.tmp" /EF "HKCU"
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
MountPoints2: {38128ffd-decd-11e1-9a70-50e5499b8e6f} - F:\ZTE_Handset_USB_Driver.exe
MountPoints2: {ed07447c-d25f-11e1-9167-50e5499b8e6f} - F:\LaunchU3.exe -a
MountPoints2: {eeb0ab7e-6f5b-11e1-916a-806e6f6e6963} - E:\Run.exe
Startup: C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA6DBD5EB2A1CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 33 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\90v3nyul.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\90v3nyul.default\Extensions\staged
FF Extension: Flashblock - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\90v3nyul.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: No Name - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\90v3nyul.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2011-07-28] (Advanced Micro Devices, Inc.)
R2 AntiVirFirewallService; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [655928 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-08-20] (Avira Operations GmbH & Co. KG)
S4 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-07-12] (VIA Technologies, Inc.)
S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]

==================== Drivers (Whitelisted) ====================

S3 AF9035BDA; C:\Windows\System32\Drivers\AF9035BDA.sys [462952 2009-07-16] (AfaTech                  )
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2010-06-29] (Advanced Micro Devices Inc.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [66688 2011-04-15] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [33408 2011-04-15] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [18544 2011-01-10] ()
S3 AVerAF35; C:\Windows\System32\Drivers\AVerAF35.sys [642560 2010-04-02] (AVerMedia TECHNOLOGIES, Inc.)
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [92448 2013-08-05] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [113024 2013-08-05] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-08-05] (Avira Operations GmbH & Co. KG)
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [44544 2009-08-24] (AzureWave Technologies, Inc.)
S4 btiaa2dp; C:\Windows\System32\drivers\btiaa2dp.sys [67456 2008-09-16] (iAnywhere Solutions)
S4 BTiAPan; C:\Windows\System32\DRIVERS\btiapan.sys [30720 2008-09-16] (iAnywhere Solutions)
S4 btiarcp; C:\Windows\System32\DRIVERS\btiarcp.sys [9216 2008-07-30] (iAnywhere Solutions)
S4 btiaspp; C:\Windows\System32\DRIVERS\btiaspp.sys [79744 2008-09-16] (iAnywhere Solutions)
S4 BTIAUSB; C:\Windows\System32\DRIVERS\btiausb.sys [23808 2008-11-14] (iAnywhere Solutions)
S4 BTPROT; C:\Windows\System32\DRIVERS\btprot.sys [484096 2008-11-14] (iAnywhere Solutions)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S4 iAnywhere_btAudio; C:\Windows\System32\drivers\btiasco.sys [19712 2008-07-30] (iAnywhere Solutions)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-10-01] (Generic USB smartcard reader)
R3 mod7700; C:\Windows\System32\Drivers\mod7700.sys [914816 2010-11-19] (DiBcom SA)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-05] (Avira GmbH)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1810032 2011-07-12] (VIA Technologies, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-23 11:06 - 2013-09-23 11:06 - 01088367 _____ (Farbar) C:\Users\Win7\Desktop\FRST.exe
2013-09-23 11:05 - 2013-09-23 11:05 - 00000470 _____ C:\Users\Win7\Desktop\defogger_disable.log
2013-09-23 11:05 - 2013-09-23 11:05 - 00000000 _____ C:\Users\Win7\defogger_reenable
2013-09-23 11:04 - 2013-09-23 11:04 - 00050477 _____ C:\Users\Win7\Desktop\Defogger.exe
2013-09-23 08:27 - 2013-09-23 10:27 - 98615842 _____ C:\Windows\system32\앴�᭔f
2013-09-19 21:02 - 2013-09-19 21:02 - 98395704 _____ C:\Windows\system32\훐㫥᭔j
2013-09-19 17:03 - 2013-09-19 19:02 - 98395704 _____ C:\Windows\system32\લ㞌᭔f
2013-09-17 12:07 - 2013-09-17 22:07 - 98062984 _____ C:\Windows\system32\竘迤᭔]
2013-09-11 22:57 - 2013-09-11 22:59 - 00000000 ____D C:\Users\Win7\Documents\Fax
2013-09-11 21:51 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 21:51 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 21:51 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 21:51 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 21:51 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 21:51 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 21:51 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 21:51 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 21:51 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 21:51 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 21:51 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 21:51 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 21:51 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 21:51 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 21:51 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 21:51 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 12:52 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 12:52 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 12:52 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 12:52 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 12:52 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 12:52 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 12:52 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 12:52 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 12:52 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 12:04 - 2013-09-10 12:05 - 00000000 ____D C:\Users\Win7\Documents\Musicnotes
2013-09-10 12:04 - 2013-09-10 12:04 - 00001054 _____ C:\Users\Public\Desktop\Musicnotes Player.lnk
2013-09-10 12:04 - 2013-09-10 12:04 - 00000000 ____D C:\Program Files\Musicnotes
2013-09-10 12:02 - 2013-09-10 12:02 - 02502128 _____ (Musicnotes Inc.                                             ) C:\Users\Win7\Downloads\InstallMusicnotes.exe
2013-09-06 09:02 - 2013-09-06 15:02 - 96334488 _____ C:\Windows\system32\늅᭔b
2013-08-28 13:29 - 2013-08-28 13:29 - 05281306 _____ C:\Users\Win7\Downloads\STRATO-HiDrive-Setup.exe

==================== One Month Modified Files and Folders =======

2013-09-23 11:06 - 2013-09-23 11:06 - 01088367 _____ (Farbar) C:\Users\Win7\Desktop\FRST.exe
2013-09-23 11:05 - 2013-09-23 11:05 - 00000470 _____ C:\Users\Win7\Desktop\defogger_disable.log
2013-09-23 11:05 - 2013-09-23 11:05 - 00000000 _____ C:\Users\Win7\defogger_reenable
2013-09-23 11:05 - 2012-03-16 13:40 - 00000000 ____D C:\Users\Win7
2013-09-23 11:04 - 2013-09-23 11:04 - 00050477 _____ C:\Users\Win7\Desktop\Defogger.exe
2013-09-23 10:27 - 2013-09-23 08:27 - 98615842 _____ C:\Windows\system32\앴�᭔f
2013-09-23 10:11 - 2012-10-09 23:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-23 09:21 - 2012-08-18 13:18 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2013-09-23 09:00 - 2012-03-16 13:36 - 01978181 _____ C:\Windows\WindowsUpdate.log
2013-09-23 08:34 - 2009-07-14 06:34 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-23 08:34 - 2009-07-14 06:34 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-23 08:31 - 2010-11-20 23:01 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-23 08:26 - 2012-07-12 11:23 - 00064642 _____ C:\Windows\setupact.log
2013-09-23 08:26 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-19 21:02 - 2013-09-19 21:02 - 98395704 _____ C:\Windows\system32\훐㫥᭔j
2013-09-19 19:02 - 2013-09-19 17:03 - 98395704 _____ C:\Windows\system32\લ㞌᭔f
2013-09-17 22:07 - 2013-09-17 12:07 - 98062984 _____ C:\Windows\system32\竘迤᭔]
2013-09-16 23:50 - 2013-08-13 14:28 - 00000000 ____D C:\Users\Win7\AppData\Roaming\vlc
2013-09-12 13:40 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-11 23:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-11 22:59 - 2013-09-11 22:57 - 00000000 ____D C:\Users\Win7\Documents\Fax
2013-09-11 22:59 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-11 22:34 - 2012-03-16 14:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 21:57 - 2009-07-14 06:33 - 00367920 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 21:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-11 21:49 - 2013-08-15 09:03 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 21:48 - 2012-03-18 18:58 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 15:11 - 2012-04-08 22:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 15:11 - 2012-03-19 14:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-10 12:15 - 2012-09-14 20:35 - 00000000 ____D C:\Users\Win7\AppData\Roaming\Musicnotes
2013-09-10 12:05 - 2013-09-10 12:04 - 00000000 ____D C:\Users\Win7\Documents\Musicnotes
2013-09-10 12:04 - 2013-09-10 12:04 - 00001054 _____ C:\Users\Public\Desktop\Musicnotes Player.lnk
2013-09-10 12:04 - 2013-09-10 12:04 - 00000000 ____D C:\Program Files\Musicnotes
2013-09-10 12:02 - 2013-09-10 12:02 - 02502128 _____ (Musicnotes Inc.                                             ) C:\Users\Win7\Downloads\InstallMusicnotes.exe
2013-09-06 15:02 - 2013-09-06 09:02 - 96334488 _____ C:\Windows\system32\늅᭔b
2013-09-04 13:51 - 2012-03-18 16:36 - 00000000 ____D C:\Users\Win7\AppData\Local\Adobe
2013-09-02 15:53 - 2013-08-05 11:18 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-28 13:29 - 2013-08-28 13:29 - 05281306 _____ C:\Users\Win7\Downloads\STRATO-HiDrive-Setup.exe
2013-08-25 10:25 - 2013-01-10 00:21 - 00000000 ____D C:\Users\Win7\Desktop\Eigenes
2013-08-25 09:01 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 13:49

==================== End Of Log ============================
Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-09-2013
Ran by Win7 at 2013-09-23 11:09:19
Running from C:\Users\Win7\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs ======================

Adobe AIR (Version: 3.5.0.1060)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04)
Amazon MP3-Downloader 1.0.17 (Version: 1.0.17)
AMD APP SDK Runtime (Version: 2.5.709.2)
AMD Catalyst Install Manager (Version: 3.0.838.0)
AMD Fuel (Version: 2011.0728.1756.30366)
AMD VISION Engine Control Center (Version: 2011.0728.1756.30366)
Ashampoo Burning Studio 2013 v.11.0.6 (Version: 11.0.6)
Ashampoo Burning Studio 6 FREE v.6.81 (Version: 6.8.1)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 2.0.4.4)
AutoUpdate (Version: 1.1)
Avira Internet Security (Version: 13.0.0.4052)
Avira UnErase Personal
Catalyst Control Center InstallProxy (Version: 2011.0728.1756.30366)
Catalyst Control Center Localization All (Version: 2011.0728.1756.30366)
Catalyst Control Center Profiles Mobile (Version: 2011.0728.1756.30366)
CCC Help Chinese Standard (Version: 2011.0728.1755.30366)
CCC Help Chinese Traditional (Version: 2011.0728.1755.30366)
CCC Help Czech (Version: 2011.0728.1755.30366)
CCC Help Danish (Version: 2011.0728.1755.30366)
CCC Help Dutch (Version: 2011.0728.1755.30366)
CCC Help English (Version: 2011.0728.1755.30366)
CCC Help Finnish (Version: 2011.0728.1755.30366)
CCC Help French (Version: 2011.0728.1755.30366)
CCC Help German (Version: 2011.0728.1755.30366)
CCC Help Greek (Version: 2011.0728.1755.30366)
CCC Help Hungarian (Version: 2011.0728.1755.30366)
CCC Help Italian (Version: 2011.0728.1755.30366)
CCC Help Japanese (Version: 2011.0728.1755.30366)
CCC Help Korean (Version: 2011.0728.1755.30366)
CCC Help Norwegian (Version: 2011.0728.1755.30366)
CCC Help Polish (Version: 2011.0728.1755.30366)
CCC Help Portuguese (Version: 2011.0728.1755.30366)
CCC Help Russian (Version: 2011.0728.1755.30366)
CCC Help Spanish (Version: 2011.0728.1755.30366)
CCC Help Swedish (Version: 2011.0728.1755.30366)
CCC Help Thai (Version: 2011.0728.1755.30366)
CCC Help Turkish (Version: 2011.0728.1755.30366)
ccc-utility (Version: 2011.0728.1756.30366)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Deutsche Post E-Porto (Version: 2.3.0)
DivX Codec (Version: 6.6.1)
EPSON BX620FWD Series Handbuch
EPSON BX620FWD Series Netzwerk-Handbuch
EPSON BX620FWD Series Printer Uninstall
Epson FAX Utility (Version: 1.10.00)
Epson PC-FAX Driver
EPSON Scan
EpsonNet Print (Version: 2.4i)
EpsonNet Setup 3.3 (Version: 3.3a)
FileZilla Client 3.5.3 (Version: 3.5.3)
GMX SMS-Manager (Version: 2.7.2)
GMX SMS-Manager (Version: 2.7.2.6)
Google Earth (Version: 6.2.2.6613)
KVB-Erstattungsantrag PC 2.62
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
Musicnotes Player V1.32.2 and Viewer V1.19.0 (Version: 1.32.2)
MyTomTom 3.2.0.1116 (Version: 3.2.0.1116)
ON_OFF Charge B11.0110.1 (Version: 1.00.0001)
Opera 12.15 (Version: 12.15.1748)
PDF Architect (Version: 1.0.52.8917)
PDFCreator (Version: 1.6.2)
Platform (Version: 1.36)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Sibelius Scorch (Firefox, Opera, Netscape only) (Version: 6.2.0)
Skype™ 6.1 (Version: 6.1.129)
TVCenter (Version: 6.4.1.858)
Ubuntu One (Version: 4.1.91)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
VIA Plattform-Geräte-Manager (Version: 1.36)
Video Power (Version: 1.0.24)
Visual Studio C++ 10.0 Runtime (Version: 10.0.0)
VLC media player 2.0.7 (Version: 2.0.7)

==================== Restore Points  =========================

22-08-2013 16:42:54 Geplanter Prüfpunkt
29-08-2013 18:24:34 Geplanter Prüfpunkt
04-09-2013 12:43:30 Windows Update
11-09-2013 19:48:08 Windows Update
11-09-2013 20:30:27 Windows Update
19-09-2013 15:56:38 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {47D71ABE-5EEC-474F-BFF6-F5F2B0C7B45F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated)
Task: {8BCAD73C-3CA6-4075-81CF-92EE883A5AF1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-01-09 18:36 - 2013-01-09 18:36 - 00533064 _____ (pdfforge GbR) C:\Program Files\PDF Architect\ContextMenuExt.dll
2012-03-16 13:48 - 2011-08-01 05:43 - 00080496 ____R () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2012-03-16 13:48 - 2011-08-01 05:42 - 00113264 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2012-03-16 13:48 - 2011-08-01 05:43 - 00623216 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2012-03-16 13:48 - 2011-08-01 05:43 - 03151472 ____R (TODO: <Company name>) C:\Program Files\VIA\VIAudioi\VDeck\Skin1.dll
2013-08-17 11:39 - 2013-08-17 11:39 - 03551640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files\Adobe\Reader 11.0\Reader\sqlite.dll
2013-05-11 12:37 - 2013-05-11 12:37 - 14588632 _____ () C:\Program Files\Adobe\Reader 11.0\Reader\NPSWF32.dll
2012-12-21 17:26 - 2012-12-16 16:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\ATMLIB.dll
2013-08-06 21:49 - 2013-08-06 21:49 - 02244504 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2013-08-06 21:49 - 2013-08-06 21:49 - 00158104 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2013-08-06 21:49 - 2013-08-06 21:49 - 00022424 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-08-06 21:49 - 2013-08-06 21:49 - 00579480 _____ (sqlite.org) C:\Program Files\Mozilla Thunderbird\mozsqlite3.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/23/2013 08:28:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 03:59:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 01:10:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 00:16:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/19/2013 08:16:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/19/2013 05:03:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/19/2013 01:13:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/19/2013 11:15:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/19/2013 09:15:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2013 07:17:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (09/23/2013 08:28:19 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 03:59:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 01:10:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 00:16:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/19/2013 08:16:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/19/2013 05:03:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/19/2013 01:13:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/19/2013 11:15:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/19/2013 09:15:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2013 07:17:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 3325.41 MB
Available physical RAM: 1807.27 MB
Total Pagefile: 6649.12 MB
Available Pagefile: 4767.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:244.04 GB) (Free:192.3 GB) NTFS
Drive d: () (Fixed) (Total:110.81 GB) (Free:109.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 46188D82)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=111 GB) - (Type=05)

==================== End Of Log ============================
GMER
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-23 11:25:20
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000061 WDC_WD50 rev.15.0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Win7\AppData\Local\Temp\kxldqpod.sys


---- System - GMER 2.1 ----

SSDT            910C873E                                                                                                            ZwCreateSection
SSDT            910C8716                                                                                                            ZwCreateSymbolicLinkObject
SSDT            910C871B                                                                                                            ZwLoadDriver
SSDT            910C8711                                                                                                            ZwOpenSection
SSDT            910C8748                                                                                                            ZwRequestWaitReplyPort
SSDT            910C8743                                                                                                            ZwSetContextThread
SSDT            910C874D                                                                                                            ZwSetSecurityObject
SSDT            910C8720                                                                                                            ZwSetSystemInformation
SSDT            910C8752                                                                                                            ZwSystemDebugControl
SSDT            910C86DF                                                                                                            ZwTerminateProcess
SSDT            910C86DA                                                                                                            ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                            82C41A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82C7B212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                 82C8258C 4 Bytes  [3E, 87, 0C, 91] {XCHG [ECX+EDX*4], ECX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11FF                                                                                 82C82594 4 Bytes  [16, 87, 0C, 91] {PUSH SS; XCHG [ECX+EDX*4], ECX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1313                                                                                 82C826A8 4 Bytes  [1B, 87, 0C, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 13AF                                                                                 82C82744 4 Bytes  [11, 87, 0C, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                 82C828E8 4 Bytes  CALL 8F4F716F 
.text           ...                                                                                                                 
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x91E3E000, 0x39CB05, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3640] ntdll.dll!LdrGetProcedureAddress + 26                    76FA22A9 7 Bytes  JMP 554FF70F C:\Program Files\Mozilla Thunderbird\xul.dll
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3640] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D            75AE941E 7 Bytes  JMP 55FA419C C:\Program Files\Mozilla Thunderbird\xul.dll
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3640] kernel32.dll!QueryPerformanceCounter + 13                75AEC425 7 Bytes  JMP 55FA4154 C:\Program Files\Mozilla Thunderbird\xul.dll
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3640] kernel32.dll!LoadAppInitDlls + 355                       75AEF4E6 7 Bytes  JMP 55501774 C:\Program Files\Mozilla Thunderbird\xul.dll
.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3640] GDI32.dll!GetViewportOrgEx + 26C                         75D9884B 7 Bytes  JMP 55FA41C3 C:\Program Files\Mozilla Thunderbird\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4044] ntdll.dll!LdrGetProcedureAddress + 26                            76FA22A9 7 Bytes  JMP 67C3F140 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4044] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D                    75AE941E 7 Bytes  JMP 6825FDD2 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4044] kernel32.dll!QueryPerformanceCounter + 13                        75AEC425 7 Bytes  JMP 6825FDF5 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4044] kernel32.dll!LoadAppInitDlls + 355                               75AEF4E6 7 Bytes  JMP 67C42942 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4044] GDI32.dll!GetViewportOrgEx + 26C                                 75D9884B 7 Bytes  JMP 6825FD53 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtAddAtom + 6                                76F8526E 4 Bytes  [28, 05, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtAddAtom + B                                76F85273 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtCreateFile + 6                             76F8560E 4 Bytes  [28, 00, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtCreateFile + B                             76F85613 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtCreateKey + 6                              76F8564E 4 Bytes  [68, 01, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtCreateKey + B                              76F85653 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtCreateMutant + 6                           76F8568E 4 Bytes  [68, 02, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtCreateMutant + B                           76F85693 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtCreateSection + 6                          76F8572E 4 Bytes  [A8, 02, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtCreateSection + B                          76F85733 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtDeleteAtom + 6                             76F8581E 4 Bytes  [A8, 05, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtDeleteAtom + B                             76F85823 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtDeleteValueKey + 6                         76F8588E 1 Byte  [28]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtDeleteValueKey + 6                         76F8588E 4 Bytes  [28, 03, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtDeleteValueKey + B                         76F85893 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtFindAtom + 6                               76F8598E 4 Bytes  [68, 05, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtFindAtom + B                               76F85993 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtMapViewOfSection + 6                       76F85C6E 4 Bytes  [28, 06, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtMapViewOfSection + B                       76F85C73 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenFile + 6                               76F85D1E 4 Bytes  [68, 00, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenFile + B                               76F85D23 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenKey + 6                                76F85D4E 4 Bytes  [A8, 01, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenKey + B                                76F85D53 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenKeyEx + 6                              76F85D5E 4 Bytes  CALL 75F95564 C:\Windows\system32\MSCTF.dll
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenKeyEx + B                              76F85D63 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenMutant + 6                             76F85D9E 4 Bytes  [28, 02, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenMutant + B                             76F85DA3 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenProcess + 6                            76F85DCE 1 Byte  [A8]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenProcess + 6                            76F85DCE 4 Bytes  [A8, 03, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenProcess + B                            76F85DD3 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenProcessToken + 6                       76F85DDE 1 Byte  [E8]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenProcessToken + 6                       76F85DDE 4 Bytes  CALL 75F955E6 C:\Windows\system32\MSCTF.dll
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenProcessToken + B                       76F85DE3 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenProcessTokenEx + 6                     76F85DEE 4 Bytes  [A8, 04, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenProcessTokenEx + B                     76F85DF3 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenSection + 6                            76F85E0E 4 Bytes  CALL 75F95615 C:\Windows\system32\MSCTF.dll
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenSection + B                            76F85E13 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenThread + 6                             76F85E4E 1 Byte  [68]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenThread + 6                             76F85E4E 4 Bytes  [68, 03, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenThread + B                             76F85E53 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenThreadToken + 6                        76F85E5E 4 Bytes  [68, 04, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenThreadToken + B                        76F85E63 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenThreadTokenEx + 6                      76F85E6E 4 Bytes  CALL 75F95677 C:\Windows\system32\MSCTF.dll
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtOpenThreadTokenEx + B                      76F85E73 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtQueryAttributesFile + 6                    76F85F7E 4 Bytes  [A8, 00, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtQueryAttributesFile + B                    76F85F83 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtQueryFullAttributesFile + 6                76F8602E 4 Bytes  CALL 75F95833 C:\Windows\system32\MSCTF.dll
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtQueryFullAttributesFile + B                76F86033 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtQueryInformationAtom + 6                   76F8603E 4 Bytes  CALL 75F95848 C:\Windows\system32\MSCTF.dll
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtQueryInformationAtom + B                   76F86043 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtSetInformationFile + 6                     76F8667E 4 Bytes  [28, 01, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtSetInformationFile + B                     76F86683 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtSetInformationThread + 6                   76F866DE 4 Bytes  [28, 04, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtSetInformationThread + B                   76F866E3 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtUnmapViewOfSection + 6                     76F869FE 4 Bytes  [68, 06, F8, 00]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ntdll.dll!NtUnmapViewOfSection + B                     76F86A03 1 Byte  [E2]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] kernel32.dll!CreateProcessW                            75AA204D 5 Bytes  JMP 00F90030 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] kernel32.dll!CreateProcessA                            75AA2082 5 Bytes  JMP 00F90070 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] USER32.dll!ActivateKeyboardLayout                      75E98203 5 Bytes  JMP 011303F0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] USER32.dll!EmptyClipboard                              75EB290C 5 Bytes  JMP 01130130 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] USER32.dll!SetClipboardData                            75EB2962 5 Bytes  JMP 01130170 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] USER32.dll!GetClipboardData                            75EB2BA7 5 Bytes  JMP 01130030 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] USER32.dll!GetClipboardFormatNameW                     75EB5FD2 5 Bytes  JMP 01130230 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] USER32.dll!GetClipboardFormatNameA                     75EB700A 5 Bytes  JMP 01130270 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] USER32.dll!CloseClipboard                              75EC446C 5 Bytes  JMP 011300B0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] USER32.dll!OpenClipboard                               75EC447E 5 Bytes  JMP 01130070 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] USER32.dll!IsClipboardFormatAvailable                  75EC44FF 5 Bytes  JMP 011300F0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] USER32.dll!GetClipboardSequenceNumber                  75EC4513 5 Bytes  JMP 011302B0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] USER32.dll!GetClipboardOwner                           75EC4525 5 Bytes  JMP 011302F0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] USER32.dll!CountClipboardFormats                       75EC470A 5 Bytes  JMP 011301F0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] USER32.dll!EnumClipboardFormats                        75EC47EC 5 Bytes  JMP 011301B0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] USER32.dll!GetOpenClipboardWindow                      75EC480B 5 Bytes  JMP 01130370 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] USER32.dll!GetClipboardViewer                          75EF4AF7 5 Bytes  JMP 011303B0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] USER32.dll!GetPriorityClipboardFormat                  75EF4BF9 5 Bytes  JMP 01130330 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!DeleteObject                                 75D95F14 5 Bytes  JMP 011401B0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!SelectObject                                 75D96640 5 Bytes  JMP 011405B0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!SetTextColor                                 75D96906 5 Bytes  JMP 01140970 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!SetBkMode                                    75D969B1 5 Bytes  JMP 01140830 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!DeleteDC                                     75D96EAA 5 Bytes  JMP 01140170 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!GetDeviceCaps                                75D96F7F 5 Bytes  JMP 01140370 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!ExtSelectClipRgn                             75D97114 5 Bytes  JMP 011402F0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!SelectClipRgn                                75D97242 5 Bytes  JMP 01140570 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!SetStretchBltMode                            75D97705 5 Bytes  JMP 011405F0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!GetTextMetricsW                              75D97B8F 5 Bytes  JMP 01140D30 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!IntersectClipRect                            75D97DFE 5 Bytes  JMP 011403B0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!ExtTextOutW                                  75D98192 5 Bytes  JMP 011408B0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!SetTextAlign                                 75D9828E 5 Bytes  JMP 01140930 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!GetClipBox                                   75D98525 5 Bytes  JMP 01140330 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!MoveToEx                                     75D98C21 5 Bytes  JMP 01140430 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!StretchDIBits                                75D9A53E 5 Bytes  JMP 011406B0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!RestoreDC                                    75D9A67B 5 Bytes  JMP 011404F0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!SaveDC                                       75D9A74B 5 Bytes  JMP 01140530 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!GetTextFaceW                                 75D9B73A 2 Bytes  JMP 01140C70 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!GetTextFaceW + 3                             75D9B73D 2 Bytes  [3A, 8B]
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!GetFontData                                  75D9BCC4 5 Bytes  JMP 01140BB0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!SetWorldTransform                            75D9C90A 5 Bytes  JMP 01140630 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!CreateDCA                                    75D9CCA9 5 Bytes  JMP 011400B0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!CreateDCW                                    75D9CF79 5 Bytes  JMP 011400F0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!CreateICW                                    75D9CFD0 5 Bytes  JMP 01140130 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!GetTextMetricsA                              75D9D0F2 5 Bytes  JMP 01140CF0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!Rectangle                                    75D9F1FF 5 Bytes  JMP 011408F0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!LineTo                                       75D9F59B 5 Bytes  JMP 011403F0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!SetICMMode                                   75D9FAA4 5 Bytes  JMP 01140CB0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!ExtTextOutA                                  75DA03F9 5 Bytes  JMP 01140870 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!ExtEscape                                    75DA2949 5 Bytes  JMP 011402B0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!Escape                                       75DA3939 5 Bytes  JMP 01140270 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!GetTextFaceA                                 75DA3E6A 5 Bytes  JMP 01140C30 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!SetPolyFillMode                              75DAD851 5 Bytes  JMP 01140A70 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!SetMiterLimit                                75DADA0D 5 Bytes  JMP 01140AB0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!EndPage                                      75DB00D7 5 Bytes  JMP 01140230 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!ResetDCW                                     75DB050D 5 Bytes  JMP 011409F0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!GetGlyphOutlineW                             75DBC1BA 5 Bytes  JMP 01140BF0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!CreateScalableFontResourceW                  75DBE817 5 Bytes  JMP 01140AF0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!AddFontResourceW                             75DBEC13 5 Bytes  JMP 01140B30 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!RemoveFontResourceW                          75DBF109 5 Bytes  JMP 01140B70 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!AbortDoc                                     75DC4C63 5 Bytes  JMP 01140030 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!EndDoc                                       75DC50AA 5 Bytes  JMP 011401F0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!StartPage                                    75DC5195 5 Bytes  JMP 01140670 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!StartDocW                                    75DC5BB0 5 Bytes  JMP 01140730 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!BeginPath                                    75DC635D 5 Bytes  JMP 01140770 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!SelectClipPath                               75DC63B4 5 Bytes  JMP 01140A30 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!CloseFigure                                  75DC640F 5 Bytes  JMP 01140070 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!EndPath                                      75DC6466 5 Bytes  JMP 011409B0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!StrokePath                                   75DC6699 5 Bytes  JMP 011406F0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!FillPath                                     75DC6726 5 Bytes  JMP 011407B0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!PolylineTo                                   75DC6B94 5 Bytes  JMP 011404B0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!PolyBezierTo                                 75DC6C25 5 Bytes  JMP 01140470 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] GDI32.dll!PolyDraw                                     75DC6CD7 5 Bytes  JMP 011407F0 
.text           C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe[5312] ole32.dll!OleSetClipboard                              75540045 5 Bytes  JMP 01260030 

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                             avfwot.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                                             avfwot.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                           avfwot.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xC8 0x28 0x51 0xAF ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x6A 0x9C 0xD6 0x61 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0xFF 0x7C 0x85 0xE0 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x3E 0x1E 0x9E 0xE0 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xE9 0x02 0x6C 0xFA ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0x50 0x93 0xE5 0xAB ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0xFB 0xA7 0x78 0xE6 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x83 0x6C 0x56 0x8B ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0x51 0xFA 0x6E 0x91 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x37 0xA4 0xAA 0xC3 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0x2A 0xB7 0xCC 0xB5 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0x6C 0x43 0x2D 0x1E ...

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                               unknown MBR code

---- EOF - GMER 2.1 ----
An sich funktioniert der Computer. Nur wenn ich an eine Email etwas dranhängen will, kommt die Avira Meldung. Scan hängt immer noch.

Würde mich freuen, wenn jemand mal schauen könnte.

 

Themen zu Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf
adobe, antivir, avira, browser, converter, email, entfernen, excel, farbar, farbar recovery scan tool, firefox, flash player, frage, home, hängen, hängt, mozilla, netzwerk, ntdll.dll, ntopenkeyex, registry, scan, services.exe, starten, svchost.exe, system, udp, usb, windows


« Fehlermeldung:regedit.exe ist keine zulässige WIN32-Anwendung | Windows XP nach Rootkit und Fremdzugriff noch Infiziert? »


Ähnliche Themen: Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


  1. PC hängt sich auf, Probleme beim Booten, Avira beeinträchtigt
    Log-Analyse und Auswertung - 19.08.2015 (11)
  2. Avira findet beim Scan 65 Infektionen mit PUA/Linkury.Gen2
    Log-Analyse und Auswertung - 17.06.2015 (24)
  3. Windows 7: Avira lässt sich nach GMER-Scan nicht mehr aktivieren
    Antiviren-, Firewall- und andere Schutzprogramme - 08.03.2015 (4)
  4. Avira findet seit Tagen db29.exe, In Quarantäne verschieben funktioniert nicht, Programm lässt sich nicht löschen
    Log-Analyse und Auswertung - 20.02.2015 (12)
  5. Laptop kommt beim hochfahren nur bis zum Windowssymbol und hängt sich dann auf
    Plagegeister aller Art und deren Bekämpfung - 12.02.2015 (3)
  6. avira findet versteckte objekte, bei neustart und erneutem scan gehen diese nicht weg
    Log-Analyse und Auswertung - 30.06.2014 (6)
  7. Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird
    Log-Analyse und Auswertung - 05.06.2014 (7)
  8. Avira reinstall bricht beim Entpacken ab, Sicherheitsdienst läuft nicht, MBAM findet viel
    Log-Analyse und Auswertung - 19.01.2014 (9)
  9. Avira Scan findet Tr/Bublik.B.183
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (14)
  10. Avira findet erst JS.Expack.EM und dann Spy.Zbot
    Log-Analyse und Auswertung - 11.03.2013 (24)
  11. Mbam findet PUP.InstallBrain, PC hängt und Incredibar lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (10)
  12. GVU-Virus entfernt dann Maleware scan
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (1)
  13. USB-Stick kann nicht formatiert werden, alles hängt sich dann auf!
    Netzwerk und Hardware - 12.06.2012 (7)
  14. Kasperky meldet Trojaner, aber beim Scan findet er ihn nicht
    Plagegeister aller Art und deren Bekämpfung - 14.04.2012 (7)
  15. Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden
    Log-Analyse und Auswertung - 23.01.2012 (21)
  16. PC hängt sich mehrfach auf - läuft dann eine Weile problemlos - hängt dann wieder...
    Log-Analyse und Auswertung - 06.12.2009 (1)
  17. Notebook erst langsam, dann hängt er sich auf
    Alles rund um Windows - 06.01.2008 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf - Leider muss ich nochmal fragen, ob Ihr mal über meine logdateien schauen könnt. Problem: Avira meldete den Zip-opener Reinstaller(auf Filepony hatte ich einst diese Anzeige angeklickt, im Glauben, ich würde - Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf...
Archiv
Du betrachtest: Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131