| |
| |||||||
Log-Analyse und Auswertung: Emsisoft kann Datei weder löschen noch in quarantäne setzen.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.01.2014, 20:10
| #1 |
 |  Emsisoft kann Datei weder löschen noch in quarantäne setzen. Hallo, ich hoffe hier habe ich nun alles richtig gemacht. Das Problem: Der Pc öffnete seltsame Pop Ups und wurde langsamer. Daher habe ich mit Emsisoft und Antivir einen Scan durchgeführt und auch einiges gefunden. Das meiste ließ sich entfernen, jedoch gibts es bei einer Datei immer Probleme, ich kann sie nicht löschen oder in quarantäne setzen. Hier die benötigten Logs: (Gmer hat nicht funktioniert, bzw ich habe es nicht laufen lassen, da diese Fehlermeldung kam: C:\windows\system32\config\system  er Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. )Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by Anwender (administrator) on ANWENDERPC on 05-01-2014 19:50:29
Running from C:\Users\Anwender\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Telefónica) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Zhorn Software) C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\stickies.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(Google) C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exe
(Adobe Systems Incorporated ) C:\Program Files (x86)\Common Files\Adobe\dynamiclink\CS6\dynamiclinkmanager.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Atheros Communications)
HKLM\...\Run: [Ocs_SM] - C:\Users\Anwender\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [emsisoft anti-malware] - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [4329408 2013-12-04] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
MountPoints2: F - "F:\AutoRun.exe"
MountPoints2: {07dd5104-5ebf-11e3-bede-001e101f8da1} - "F:\AutoRun.exe"
MountPoints2: {be3b95f0-4e94-11e3-bed5-50b7c3621954} - "F:\AutoRun.exe"
MountPoints2: {be3b9630-4e94-11e3-bed5-50b7c3621954} - "F:\AutoRun.exe"
MountPoints2: {cf11b934-29a5-11e2-be84-806e6f6e6963} - "D:\autorun.exe"
Startup: C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\stickies.exe (Zhorn Software)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - {102A0DF5-266A-4314-895F-C278DD310434} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=6b263835-67e9-4004-9694-a1390b4dd9f4&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {210A58C8-EDE3-469F-BC89-F959C4104C6F} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=6b263835-67e9-4004-9694-a1390b4dd9f4&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} URL = hxxp://www.basicserve.com/?prt=bscsrvgup1&sp=&keywords={searchTerms}
SearchScopes: HKCU - {47C34D58-06F2-453C-BB0B-BF2D28823565} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=6b263835-67e9-4004-9694-a1390b4dd9f4&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL =
SearchScopes: HKCU - {B6604649-ADAA-49D7-B8AD-D6BD2A8711A7} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=6b263835-67e9-4004-9694-a1390b4dd9f4&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {BE23E48B-8380-4556-91DD-D7468529AD4F} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=6b263835-67e9-4004-9694-a1390b4dd9f4&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {C927E1FE-D09D-4DF5-B1DB-D1A04F523E86} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=6b263835-67e9-4004-9694-a1390b4dd9f4&pid=ccleanerde&mode=bounce&k=0
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\dej038ht.default-1387923768465
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.basicserve.com/?prt=bscsrvgup1&sp=google&keywords=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\dej038ht.default-1387923768465\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: BasicServe - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (FastestChrome - Browse Faster) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.7.1_0
==================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4161512 2013-12-04] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-24] (IObit)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [201080 2011-06-14] (Telefónica)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros)
==================== Drivers (Whitelisted) ====================
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-08-24] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-05 19:50 - 2014-01-05 19:50 - 00019503 _____ C:\Users\Anwender\Desktop\FRST.txt
2014-01-05 19:49 - 2014-01-05 19:49 - 01931368 _____ (Farbar) C:\Users\Anwender\Desktop\FRST64.exe
2014-01-05 19:48 - 2014-01-05 19:48 - 00000478 _____ C:\Users\Anwender\Desktop\defogger_disable.log
2014-01-05 19:47 - 2014-01-05 19:47 - 00050477 _____ C:\Users\Anwender\Desktop\Defogger.exe
2014-01-05 15:55 - 2014-01-05 15:55 - 00134492 _____ C:\Users\Anwender\Desktop\OTL.Txt
2014-01-05 15:55 - 2014-01-05 15:55 - 00080430 _____ C:\Users\Anwender\Desktop\Extras.Txt
2014-01-05 15:40 - 2014-01-05 15:40 - 00602112 _____ (OldTimer Tools) C:\Users\Anwender\Desktop\OTL.exe
2014-01-05 15:35 - 2014-01-05 15:35 - 00001050 _____ C:\Users\Anwender\Desktop\a2scan_140105-014240.txt
2014-01-04 21:40 - 2014-01-04 21:40 - 00000000 ___RD C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-01-02 20:40 - 2014-01-02 20:40 - 00000000 ____D C:\FRST
2014-01-02 20:35 - 2014-01-02 20:35 - 00000000 _____ C:\Users\Anwender\defogger_reenable
2014-01-02 16:08 - 2014-01-02 16:08 - 00001117 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-01-02 16:07 - 2014-01-05 18:55 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2014-01-02 16:07 - 2014-01-02 16:07 - 00000000 ____D C:\Users\Anwender\Documents\Anti-Malware
2014-01-02 11:24 - 2014-01-02 11:24 - 00000000 ____D C:\Users\Anwender\AppData\Roaming\Avira
2014-01-02 11:22 - 2014-01-02 11:22 - 00002086 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2014-01-02 11:22 - 2014-01-02 11:22 - 00000000 ____D C:\Program Files (x86)\Avira
2014-01-02 11:22 - 2013-12-09 11:37 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-01-02 11:22 - 2013-12-09 11:37 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-01-02 11:22 - 2013-12-09 11:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-01-02 11:22 - 2013-12-09 11:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2014-01-01 20:16 - 2014-01-04 19:54 - 00000000 ____D C:\Program Files (x86)\BasicServe
2014-01-01 20:16 - 2014-01-01 20:16 - 00000000 _____ C:\ProgramData\2927243121363c3a3930_c
2014-01-01 20:16 - 2013-11-13 21:51 - 00970520 _____ (TMRG, Inc.) C:\windows\system32\rlls64.dll
2014-01-01 20:16 - 2013-11-13 21:51 - 00660248 _____ (TMRG, Inc.) C:\windows\SysWOW64\rlls.dll
2013-12-24 23:05 - 2013-12-24 23:05 - 00000000 ____D C:\windows\ERUNT
2013-12-24 22:56 - 2013-12-24 22:59 - 00000000 ____D C:\AdwCleaner
2013-12-24 17:31 - 2013-12-24 17:31 - 00000000 ____D C:\Users\Anwender\AppData\Roaming\Malwarebytes
2013-12-24 17:31 - 2013-12-24 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-24 17:24 - 2014-01-04 19:56 - 00000000 ____D C:\ProgramData\ProductData
2013-12-24 17:24 - 2013-12-24 17:24 - 00000000 ____D C:\Users\Anwender\AppData\Roaming\IObit
2013-12-24 17:24 - 2013-12-24 17:24 - 00000000 ____D C:\ProgramData\IObit
2013-12-24 17:24 - 2013-12-24 17:24 - 00000000 ____D C:\Program Files (x86)\IObit
2013-12-24 16:01 - 2013-12-24 17:25 - 00000000 ____D C:\Program Files (x86)\WebexpEnhancedV1
2013-12-21 23:20 - 2013-12-21 23:20 - 00002038 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2013-12-21 21:32 - 2013-12-21 21:32 - 00000000 ____D C:\Users\Anwender\Documents\theHunter
2013-12-21 11:33 - 2013-12-21 11:33 - 00000000 ____D C:\Users\Anwender\Documents\Bluetooth Folder
2013-12-20 23:25 - 2013-12-20 23:26 - 00000000 ____D C:\Users\Anwender\Documents\Tamron
2013-12-19 22:16 - 2013-12-19 22:16 - 00000000 ____D C:\Users\Anwender\AppData\Roaming\EPSON
2013-12-19 20:45 - 2013-12-19 20:45 - 00000000 _____ C:\Users\Anwender\Sti_Trace.log
2013-12-19 20:44 - 2007-06-22 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK2.dll
2013-12-19 20:44 - 2007-06-22 00:10 - 00000097 _____ C:\windows\SysWOW64\PICSDK.ini
2013-12-19 20:44 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EpPicPrt.dll
2013-12-19 20:44 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EPPicMgr.dll
2013-12-19 20:44 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICEntry.dll
2013-12-19 20:44 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK.dll
2013-12-19 20:44 - 2005-06-01 00:20 - 00111932 _____ C:\windows\SysWOW64\EPPICPrinterDB.dat
2013-12-19 20:44 - 2004-03-03 06:10 - 00031053 _____ C:\windows\SysWOW64\EPPICPattern131.dat
2013-12-19 20:44 - 2004-03-03 06:10 - 00027417 _____ C:\windows\SysWOW64\EPPICPattern121.dat
2013-12-19 20:44 - 2004-03-03 06:10 - 00026154 _____ C:\windows\SysWOW64\EPPICPattern1.dat
2013-12-19 20:44 - 2004-03-03 06:10 - 00024903 _____ C:\windows\SysWOW64\EPPICPattern3.dat
2013-12-19 20:44 - 2004-03-03 06:10 - 00021390 _____ C:\windows\SysWOW64\EPPICPattern5.dat
2013-12-19 20:44 - 2004-03-03 06:10 - 00020148 _____ C:\windows\SysWOW64\EPPICPattern2.dat
2013-12-19 20:44 - 2004-03-03 06:10 - 00013732 _____ C:\windows\SysWOW64\EPPICLocal_EN.cfg
2013-12-19 20:44 - 2004-03-03 06:10 - 00011811 _____ C:\windows\SysWOW64\EPPICPattern4.dat
2013-12-19 20:44 - 2004-03-03 06:10 - 00006442 _____ C:\windows\SysWOW64\EPPICLocal_IT.cfg
2013-12-19 20:44 - 2004-03-03 06:10 - 00006347 _____ C:\windows\SysWOW64\EPPICLocal_PT.cfg
2013-12-19 20:44 - 2004-03-03 06:10 - 00006347 _____ C:\windows\SysWOW64\EPPICLocal_BP.cfg
2013-12-19 20:44 - 2004-03-03 06:10 - 00006335 _____ C:\windows\SysWOW64\EPPICLocal_GE.cfg
2013-12-19 20:44 - 2004-03-03 06:10 - 00006195 _____ C:\windows\SysWOW64\EPPICLocal_FR.cfg
2013-12-19 20:44 - 2004-03-03 06:10 - 00006195 _____ C:\windows\SysWOW64\EPPICLocal_CF.cfg
2013-12-19 20:44 - 2004-03-03 06:10 - 00006122 _____ C:\windows\SysWOW64\EPPICLocal_DU.cfg
2013-12-19 20:44 - 2004-03-03 06:10 - 00006103 _____ C:\windows\SysWOW64\EPPICLocal_ES.cfg
2013-12-19 20:44 - 2004-03-03 06:10 - 00005817 _____ C:\windows\SysWOW64\EPPICLocal_KO.cfg
2013-12-19 20:44 - 2004-03-03 06:10 - 00005436 _____ C:\windows\SysWOW64\EPPICLocal_SC.cfg
2013-12-19 20:44 - 2004-03-03 06:10 - 00004943 _____ C:\windows\SysWOW64\EPPICPattern6.dat
2013-12-19 20:44 - 2004-03-03 06:10 - 00002889 _____ C:\windows\SysWOW64\EPPICLocal_RU.cfg
2013-12-19 20:44 - 2004-03-03 06:10 - 00002426 _____ C:\windows\SysWOW64\EPPICLocal_TC.cfg
2013-12-19 20:44 - 2004-03-03 06:10 - 00001146 _____ C:\windows\SysWOW64\EPPICPresetData_DU.dat
2013-12-19 20:44 - 2004-03-03 06:10 - 00001139 _____ C:\windows\SysWOW64\EPPICPresetData_PT.dat
2013-12-19 20:44 - 2004-03-03 06:10 - 00001139 _____ C:\windows\SysWOW64\EPPICPresetData_BP.dat
2013-12-19 20:44 - 2004-03-03 06:10 - 00001136 _____ C:\windows\SysWOW64\EPPICPresetData_ES.dat
2013-12-19 20:44 - 2004-03-03 06:10 - 00001129 _____ C:\windows\SysWOW64\EPPICPresetData_FR.dat
2013-12-19 20:44 - 2004-03-03 06:10 - 00001129 _____ C:\windows\SysWOW64\EPPICPresetData_CF.dat
2013-12-19 20:44 - 2004-03-03 06:10 - 00001120 _____ C:\windows\SysWOW64\EPPICPresetData_IT.dat
2013-12-19 20:44 - 2004-03-03 06:10 - 00001107 _____ C:\windows\SysWOW64\EPPICPresetData_GE.dat
2013-12-19 20:44 - 2004-03-03 06:10 - 00001104 _____ C:\windows\SysWOW64\EPPICPresetData_EN.dat
2013-12-19 20:43 - 2013-12-19 20:43 - 00000000 ____D C:\Users\Anwender\AppData\Roaming\InstallShield
2013-12-19 20:43 - 2013-12-19 20:43 - 00000000 ____D C:\ProgramData\EPSON
2013-12-19 20:40 - 2013-12-22 21:49 - 00000000 ____D C:\Program Files (x86)\epson
2013-12-14 11:25 - 2013-12-14 11:25 - 00001793 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-14 11:23 - 2013-12-14 11:25 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-14 11:23 - 2013-12-14 11:25 - 00000000 ____D C:\Program Files\iTunes
2013-12-14 11:23 - 2013-12-14 11:25 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-14 11:23 - 2013-12-14 11:23 - 00000000 ____D C:\Program Files\iPod
2013-12-14 09:31 - 2013-12-14 09:31 - 05050552 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-12 16:04 - 2013-12-12 16:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-12 01:27 - 2013-12-04 01:53 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-12 01:27 - 2013-12-04 01:53 - 00078304 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 12:01 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-11 12:01 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-11 12:01 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-11 12:01 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-11 12:01 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-11 12:01 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-11 12:01 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-11 12:01 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-11 12:01 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-11 12:01 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-12-11 12:00 - 2013-10-25 07:19 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2013-12-11 12:00 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-11 12:00 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-11 12:00 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-11 12:00 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-11 12:00 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-11 12:00 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-11 12:00 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-12-11 12:00 - 2013-10-19 06:45 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 12:00 - 2013-10-19 05:04 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-11 12:00 - 2013-10-09 02:33 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2013-12-11 12:00 - 2013-10-08 23:30 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2013-12-11 12:00 - 2013-10-08 23:30 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2013-12-11 12:00 - 2013-10-08 23:30 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2013-12-11 12:00 - 2013-10-08 23:30 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2013-12-11 12:00 - 2013-10-08 23:28 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2013-12-11 12:00 - 2013-10-08 23:27 - 03279872 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2013-12-11 12:00 - 2013-10-08 23:27 - 01622016 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2013-12-11 12:00 - 2013-10-08 23:27 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2013-12-11 12:00 - 2013-10-08 23:27 - 00252928 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2013-12-11 12:00 - 2013-10-08 23:27 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2013-12-11 12:00 - 2013-10-08 23:27 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2013-12-11 12:00 - 2013-10-08 23:27 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2013-12-11 12:00 - 2013-10-05 07:10 - 00285016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2013-12-11 12:00 - 2013-10-03 23:09 - 00385528 _____ C:\windows\system32\ApnDatabase.xml
2013-12-11 12:00 - 2013-10-02 03:50 - 00447320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2013-12-11 12:00 - 2013-09-28 06:48 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2013-12-11 12:00 - 2013-09-28 04:58 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2013-12-11 12:00 - 2013-09-19 08:32 - 01455448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-12-11 12:00 - 2013-08-30 06:19 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\resutils.dll
2013-12-11 12:00 - 2013-08-30 06:18 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll
2013-12-11 12:00 - 2013-08-30 00:48 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\resutils.dll
2013-12-11 12:00 - 2013-08-30 00:47 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll
2013-12-11 11:59 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 11:59 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-11 11:59 - 2013-11-07 00:18 - 04036608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-11 11:59 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 11:59 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-11 11:59 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-11 11:59 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrobj.dll
2013-12-11 11:59 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-11 11:59 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 11:59 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 11:59 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\windows\system32\scrobj.dll
2013-12-11 11:59 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 11:59 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-10 12:23 - 2013-12-10 12:23 - 00002228 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-08 12:38 - 2013-12-08 12:38 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2013-12-08 12:38 - 2009-09-27 09:39 - 00369152 ___SH (The Public) C:\windows\SysWOW64\avisynth.dll
2013-12-08 12:38 - 2005-07-14 12:31 - 00032256 ___SH C:\windows\SysWOW64\AVSredirect.dll
2013-12-08 12:38 - 2004-02-22 10:11 - 00719872 ___SH (Abysmal Software) C:\windows\SysWOW64\devil.dll
2013-12-08 12:38 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\windows\SysWOW64\yv12vfw.dll
2013-12-08 12:38 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\windows\SysWOW64\i420vfw.dll
2013-12-08 12:34 - 2013-12-08 13:48 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2013-12-08 12:34 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\windows\SysWOW64\pncrt.dll
2013-12-08 12:34 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\windows\SysWOW64\drvc.dll
2013-12-08 08:47 - 2013-12-08 08:56 - 00000000 ____D C:\Users\Anwender\AppData\Roaming\GF-Player
2013-12-07 19:29 - 2013-12-07 22:33 - 00000000 ____D C:\Users\Anwender\AppData\Roaming\dvdcss
2013-12-06 22:32 - 2013-12-06 22:32 - 00001531 _____ C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\stickies.lnk
==================== One Month Modified Files and Folders =======
2014-01-05 19:51 - 2014-01-05 19:50 - 00019503 _____ C:\Users\Anwender\Desktop\FRST.txt
2014-01-05 19:51 - 2013-01-19 21:15 - 00001136 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-05 19:51 - 2013-01-19 21:15 - 00001132 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-05 19:49 - 2014-01-05 19:49 - 01931368 _____ (Farbar) C:\Users\Anwender\Desktop\FRST64.exe
2014-01-05 19:48 - 2014-01-05 19:48 - 00000478 _____ C:\Users\Anwender\Desktop\defogger_disable.log
2014-01-05 19:47 - 2014-01-05 19:47 - 00050477 _____ C:\Users\Anwender\Desktop\Defogger.exe
2014-01-05 19:43 - 2012-09-18 12:15 - 00000360 _____ C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2014-01-05 19:15 - 2013-01-19 20:10 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-05 19:08 - 2013-01-20 17:09 - 01314347 _____ C:\windows\WindowsUpdate.log
2014-01-05 19:02 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru
2014-01-05 18:55 - 2014-01-02 16:07 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2014-01-05 15:55 - 2014-01-05 15:55 - 00134492 _____ C:\Users\Anwender\Desktop\OTL.Txt
2014-01-05 15:55 - 2014-01-05 15:55 - 00080430 _____ C:\Users\Anwender\Desktop\Extras.Txt
2014-01-05 15:40 - 2014-01-05 15:40 - 00602112 _____ (OldTimer Tools) C:\Users\Anwender\Desktop\OTL.exe
2014-01-05 15:35 - 2014-01-05 15:35 - 00001050 _____ C:\Users\Anwender\Desktop\a2scan_140105-014240.txt
2014-01-05 10:50 - 2012-09-18 11:55 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-01-04 21:43 - 2013-10-21 11:35 - 00000000 ____D C:\Program Files (x86)\theHunter
2014-01-04 21:43 - 2012-09-18 12:06 - 00000000 ____D C:\ProgramData\WinClon
2014-01-04 21:42 - 2012-12-27 10:08 - 00000000 ____D C:\Users\Anwender\AppData\Local\CrashDumps
2014-01-04 21:40 - 2014-01-04 21:40 - 00000000 ___RD C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-01-04 21:39 - 2012-09-18 11:55 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-01-04 21:38 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-04 19:56 - 2013-12-24 17:24 - 00000000 ____D C:\ProgramData\ProductData
2014-01-04 19:56 - 2013-05-27 00:06 - 00000000 ____D C:\Users\Anwender\AppData\Roaming\stickies
2014-01-04 19:54 - 2014-01-01 20:16 - 00000000 ____D C:\Program Files (x86)\BasicServe
2014-01-04 19:54 - 2013-01-29 20:51 - 00164740 _____ C:\windows\PFRO.log
2014-01-04 19:54 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI
2014-01-04 19:52 - 2012-12-27 10:06 - 00000000 ____D C:\Users\Anwender
2014-01-02 20:40 - 2014-01-02 20:40 - 00000000 ____D C:\FRST
2014-01-02 20:35 - 2014-01-02 20:35 - 00000000 _____ C:\Users\Anwender\defogger_reenable
2014-01-02 16:08 - 2014-01-02 16:08 - 00001117 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-01-02 16:07 - 2014-01-02 16:07 - 00000000 ____D C:\Users\Anwender\Documents\Anti-Malware
2014-01-02 11:24 - 2014-01-02 11:24 - 00000000 ____D C:\Users\Anwender\AppData\Roaming\Avira
2014-01-02 11:22 - 2014-01-02 11:22 - 00002086 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2014-01-02 11:22 - 2014-01-02 11:22 - 00000000 ____D C:\Program Files (x86)\Avira
2014-01-02 11:22 - 2013-01-19 20:51 - 00000000 ____D C:\ProgramData\Avira
2014-01-01 23:39 - 2013-10-18 00:10 - 00000039 _____ C:\Users\Anwender\AppData\Roaming\TheHunterSettings_live.cfg
2014-01-01 20:16 - 2014-01-01 20:16 - 00000000 _____ C:\ProgramData\2927243121363c3a3930_c
2014-01-01 20:15 - 2013-01-19 21:15 - 00000000 ____D C:\Users\Anwender\AppData\Local\Google
2013-12-30 17:45 - 2013-01-24 21:39 - 00000000 ____D C:\Users\Anwender\AppData\Roaming\vlc
2013-12-26 22:43 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\NDF
2013-12-25 14:34 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-12-24 23:05 - 2013-12-24 23:05 - 00000000 ____D C:\windows\ERUNT
2013-12-24 22:59 - 2013-12-24 22:56 - 00000000 ____D C:\AdwCleaner
2013-12-24 22:39 - 2012-09-19 02:58 - 00754172 _____ C:\windows\system32\perfh007.dat
2013-12-24 22:39 - 2012-09-19 02:58 - 00156362 _____ C:\windows\system32\perfc007.dat
2013-12-24 22:39 - 2012-07-26 08:28 - 01748838 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-24 17:31 - 2013-12-24 17:31 - 00000000 ____D C:\Users\Anwender\AppData\Roaming\Malwarebytes
2013-12-24 17:31 - 2013-12-24 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-24 17:25 - 2013-12-24 16:01 - 00000000 ____D C:\Program Files (x86)\WebexpEnhancedV1
2013-12-24 17:24 - 2013-12-24 17:24 - 00000000 ____D C:\Users\Anwender\AppData\Roaming\IObit
2013-12-24 17:24 - 2013-12-24 17:24 - 00000000 ____D C:\ProgramData\IObit
2013-12-24 17:24 - 2013-12-24 17:24 - 00000000 ____D C:\Program Files (x86)\IObit
2013-12-23 00:24 - 2012-12-27 10:13 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2678595623-4148133582-4009595467-1001
2013-12-22 21:49 - 2013-12-19 20:40 - 00000000 ____D C:\Program Files (x86)\epson
2013-12-21 23:20 - 2013-12-21 23:20 - 00002038 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2013-12-21 21:32 - 2013-12-21 21:32 - 00000000 ____D C:\Users\Anwender\Documents\theHunter
2013-12-21 11:33 - 2013-12-21 11:33 - 00000000 ____D C:\Users\Anwender\Documents\Bluetooth Folder
2013-12-20 23:26 - 2013-12-20 23:25 - 00000000 ____D C:\Users\Anwender\Documents\Tamron
2013-12-20 23:21 - 2013-06-18 23:36 - 00000000 ____D C:\Users\Anwender\Documents\Evertech 5.0 Backup
2013-12-20 19:42 - 2013-12-01 22:07 - 00000000 ____D C:\Users\Anwender\Documents\Höhlen
2013-12-19 23:21 - 2013-08-24 21:59 - 00312320 ___SH C:\Users\Anwender\Documents\Thumbs.db
2013-12-19 22:16 - 2013-12-19 22:16 - 00000000 ____D C:\Users\Anwender\AppData\Roaming\EPSON
2013-12-19 20:45 - 2013-12-19 20:45 - 00000000 _____ C:\Users\Anwender\Sti_Trace.log
2013-12-19 20:43 - 2013-12-19 20:43 - 00000000 ____D C:\Users\Anwender\AppData\Roaming\InstallShield
2013-12-19 20:43 - 2013-12-19 20:43 - 00000000 ____D C:\ProgramData\EPSON
2013-12-14 11:25 - 2013-12-14 11:25 - 00001793 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-14 11:25 - 2013-12-14 11:23 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-14 11:25 - 2013-12-14 11:23 - 00000000 ____D C:\Program Files\iTunes
2013-12-14 11:25 - 2013-12-14 11:23 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-14 11:23 - 2013-12-14 11:23 - 00000000 ____D C:\Program Files\iPod
2013-12-14 10:00 - 2013-07-30 11:12 - 00000000 ____D C:\windows\system32\MRT
2013-12-14 09:57 - 2013-01-19 20:11 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-14 09:31 - 2013-12-14 09:31 - 05050552 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-14 09:31 - 2013-01-23 01:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-12 16:04 - 2013-12-12 16:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-12 09:58 - 2012-07-26 09:12 - 00000000 ____D C:\windows\rescache
2013-12-12 01:24 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\SecureBootUpdates
2013-12-11 12:07 - 2013-10-12 00:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 12:05 - 2012-07-26 06:38 - 00000000 ____D C:\windows\system32\oobe
2013-12-10 19:38 - 2013-01-19 20:10 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 12:23 - 2013-12-10 12:23 - 00002228 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-10 12:23 - 2013-01-19 21:15 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-10 10:12 - 2013-01-20 20:55 - 00004040 _____ C:\windows\setupact.log
2013-12-09 11:37 - 2014-01-02 11:22 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-12-09 11:37 - 2014-01-02 11:22 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-09 11:37 - 2014-01-02 11:22 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-12-09 11:37 - 2014-01-02 11:22 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-12-08 13:48 - 2013-12-08 12:34 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2013-12-08 13:46 - 2013-01-23 16:50 - 00000000 ____D C:\Users\Public\CyberLink
2013-12-08 13:45 - 2012-09-18 12:11 - 00000000 ____D C:\ProgramData\CyberLink
2013-12-08 12:38 - 2013-12-08 12:38 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2013-12-08 08:56 - 2013-12-08 08:47 - 00000000 ____D C:\Users\Anwender\AppData\Roaming\GF-Player
2013-12-07 22:33 - 2013-12-07 19:29 - 00000000 ____D C:\Users\Anwender\AppData\Roaming\dvdcss
2013-12-06 22:33 - 2013-05-27 00:06 - 00000000 ____D C:\Program Files (x86)\Stickies
2013-12-06 22:32 - 2013-12-06 22:32 - 00001531 _____ C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\stickies.lnk
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
Some content of TEMP:
====================
C:\Users\Anwender\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-29 11:14
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:48 on 05/01/2014 (Anwender)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
|
05.01.2014, 21:25
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Emsisoft kann Datei weder löschen noch in quarantäne setzen. Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Außerdem fehlt das andere Log von FRST (additions.txt).  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
05.01.2014, 22:03
| #3 |
| | Emsisoft kann Datei weder löschen noch in quarantäne setzen. Hier die letzten Logs von Emsisoft:
__________________Code:
ATTFilter Emsisoft Anti-Malware - Version 8.1
Letztes Update: 02.01.2014 16:09:49
Benutzerkonto: AnwenderPc\Anwender
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 02.01.2014 16:18:33
C:\Program Files (x86)\RelevantKnowledge\ gefunden: FileSubmit.A (A)
C:\Program Files (x86)\RelevantKnowledge gefunden: RelevantKnowledge (A)
C:\windows\system32\rlls.dll gefunden: RelevantKnowledge (A)
C:\Program Files (x86)\RelevantKnowledge\rlservice.exe gefunden: FileSubmit.A (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D08D9F98-1C78-4704-87E6-368B0023D831} gefunden: FileSubmit.A (A)
C:\Program Files (x86)\RelevantKnowledge\components\rlxg.dll gefunden: Adware.Relevant.CC (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\0048c35f.qua -> (Quarantine-8) -> (NSIS o) -> zlib_nsis0003 gefunden: Adware.Relevant.BH (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\03dce51d.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.Barys.5042 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1042be73.qua -> (Quarantine-8) -> BNvttyro.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1042be73.qua -> (Quarantine-8) -> Blllat.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1042be73.qua -> (Quarantine-8) -> Bobo.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1042be73.qua -> (Quarantine-8) -> Butter.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1042be73.qua -> (Quarantine-8) -> Foutm.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1042be73.qua -> (Quarantine-8) -> Gamz.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1042be73.qua -> (Quarantine-8) -> Main.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1042be73.qua -> (Quarantine-8) -> Mak.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1042be73.qua -> (Quarantine-8) -> Mimipla.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1042be73.qua -> (Quarantine-8) -> OPpp.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1042be73.qua -> (Quarantine-8) -> Tagma.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1042be73.qua -> (Quarantine-8) -> Takxi.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\13cc99f9.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.Barys.5042 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\142be90e.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.Barys.5042 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\307ffb0d.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.Barys.5042 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4212e498.qua -> (Quarantine-8) -> BNvttyro.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4212e498.qua -> (Quarantine-8) -> Blllat.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4212e498.qua -> (Quarantine-8) -> Bobo.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4212e498.qua -> (Quarantine-8) -> Butter.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4212e498.qua -> (Quarantine-8) -> Foutm.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4212e498.qua -> (Quarantine-8) -> Gamz.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4212e498.qua -> (Quarantine-8) -> Main.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4212e498.qua -> (Quarantine-8) -> Mak.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4212e498.qua -> (Quarantine-8) -> Mimipla.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4212e498.qua -> (Quarantine-8) -> OPpp.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4212e498.qua -> (Quarantine-8) -> Tagma.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4212e498.qua -> (Quarantine-8) -> Takxi.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\529e8a09.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.Barys.5042 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\580994ee.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.Barys.5042 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5904ecaf.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.Barys.5042 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5b5fcb01.qua -> (Quarantine-8) -> BNvttyro.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5b5fcb01.qua -> (Quarantine-8) -> Mak.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5b5fcb01.qua -> (Quarantine-8) -> Tagma.class gefunden: Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\609e89d0.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.Barys.5042 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\77aaf18c.qua -> (Quarantine-8) -> (NSIS o) -> zlib_nsis0003 gefunden: Adware.Relevant.BH (B)
C:\Users\Anwender\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWX7P073\ChromeSpeedUp_Installer[1].exe gefunden: Application.Win32.InstallAd (A)
C:\Users\Anwender\AppData\Local\Temp\200870.exe gefunden: Application.Win32.InstallAd (A)
C:\Users\Anwender\AppData\Local\Temp\CSMA0CD.tmp gefunden: Adware.Relevant.CA (B)
Gescannt 655652
Gefunden 46
Scan Ende: 02.01.2014 19:28:50
Scan Zeit: 3:10:17
C:\Users\Anwender\AppData\Local\Temp\CSMA0CD.tmp Quarantäne Adware.Relevant.CA (B)
C:\Users\Anwender\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWX7P073\ChromeSpeedUp_Installer[1].exe Quarantäne Application.Win32.InstallAd (A)
C:\Users\Anwender\AppData\Local\Temp\200870.exe Quarantäne Application.Win32.InstallAd (A)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1042be73.qua Quarantäne Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4212e498.qua Quarantäne Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5b5fcb01.qua Quarantäne Java.Exploit.CVE-2013-2423.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\03dce51d.qua Quarantäne Gen:Variant.Adware.Barys.5042 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\13cc99f9.qua Quarantäne Gen:Variant.Adware.Barys.5042 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\142be90e.qua Quarantäne Gen:Variant.Adware.Barys.5042 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\307ffb0d.qua Quarantäne Gen:Variant.Adware.Barys.5042 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\529e8a09.qua Quarantäne Gen:Variant.Adware.Barys.5042 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\580994ee.qua Quarantäne Gen:Variant.Adware.Barys.5042 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5904ecaf.qua Quarantäne Gen:Variant.Adware.Barys.5042 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\609e89d0.qua Quarantäne Gen:Variant.Adware.Barys.5042 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\0048c35f.qua Quarantäne Adware.Relevant.BH (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\77aaf18c.qua Quarantäne Adware.Relevant.BH (B)
C:\Program Files (x86)\RelevantKnowledge\components\rlxg.dll Quarantäne Adware.Relevant.CC (B)
C:\Program Files (x86)\RelevantKnowledge Quarantäne RelevantKnowledge (A)
C:\Program Files (x86)\RelevantKnowledge\ Quarantäne FileSubmit.A (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D08D9F98-1C78-4704-87E6-368B0023D831} Quarantäne FileSubmit.A (A)
Quarantäne 20
Code:
ATTFilter Emsisoft Anti-Malware - Version 8.1
Letztes Update: 04.01.2014 20:12:43
Benutzerkonto: AnwenderPc\Anwender
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 04.01.2014 20:23:24
C:\windows\system32\rlls.dll gefunden: RelevantKnowledge (A)
Gescannt 442990
Gefunden 1
Scan Ende: 04.01.2014 21:35:51
Scan Zeit: 1:12:27
Quarantäne 0
Code:
ATTFilter Emsisoft Anti-Malware - Version 8.1
Letztes Update: 05.01.2014 01:41:56
Benutzerkonto: AnwenderPc\Anwender
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 05.01.2014 01:42:40
C:\windows\system32\rlls.dll gefunden: RelevantKnowledge (A)
Gescannt 655927
Gefunden 1
Scan Ende: 05.01.2014 05:01:44
Scan Zeit: 3:19:04
Quarantäne 0
Ich musste sie neu erstellen, da das Häckchen vorher nicht gesetzt war. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2014
Ran by Anwender at 2014-01-05 22:01:07
Running from C:\Users\Anwender\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Emsisoft Anti-Malware (Disabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
==================== Installed Programs ======================
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.8 - Adobe Systems)
Adobe AIR (x32 Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1280 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (x32 Version: 6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Widget Browser (x32 Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Emsisoft Anti-Malware (x32 Version: 8.1 - Emsisoft GmbH)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.13.925 (x32 Version: 3.2.13.925 - DVDVideoSoft Ltd.)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Help Desk (Version: 1.0.5 - Samsung Electronics CO., LTD.)
HUAWEI DataCard Driver 4.20.12.00 (x32 Version: 4.20.12.00 - Huawei technologies Co., Ltd.)
iCloud (Version: 3.0.2.163 - Apple Inc.)
Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11 - Intel)
Intel(R) Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3097 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mobile Connection Manager (x32 Version: 8.7.6.756 - Mobile Connection Manager)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MP4 To MP3 Converter V3.0 (x32 Version: - hxxp://www.MP4ToMP3Converter.net)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photomatix Pro version 4.2.7 (x32 Version: 4.2.7 - HDRsoft Ltd)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (x32 Version: 6.0.6.5 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Settings (x32 Version: 2.0.0 - Samsung Electronics CO., LTD.)
Stickies 7.1e (x32 Version: - Zhorn Software)
Support Center (Version: 2.0.12 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.3 - Samsung Electronics CO., LTD.) Hidden
SW Update (x32 Version: 2.0.19 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (Version: 16.2.11.3 - Synaptics Incorporated)
theHunter (remove only) (x32 Version: - Expansive Worlds)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
User Guide (x32 Version: 1.2.00 - Samsung Electronics CO., LTD.)
VisiPics V1.31 (x32 Version: - Ozone)
VLC media player 2.1.0 (x32 Version: 2.1.0 - VideoLAN)
win8codecs (x32 Version: 1.4.0 - Shark007)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
Xerox PhotoCafe (x32 Version: 1.0.0.6162 - Xerox)
==================== Restore Points =========================
22-12-2013 00:42:46 Geplanter Prüfpunkt
30-12-2013 02:09:10 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2012-07-26 06:26 - 2013-01-20 17:55 - 00001650 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na2m-pr.licenses.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 ereg.wip4.adobe.com
127.0.0.1 wip.adobe.com
127.0.0.1 wip1.adobe.com
127.0.0.1 wip2.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wip4.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
There are 1 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2FA5A95D-8BC4-441C-82E1-4946D0D7A2EE} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {384BE781-5910-4849-8492-38CBD0AF0425} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {3B817D30-94B8-457E-A302-1DDA92A7F577} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {3C340FC8-D852-4B1E-A70D-C5D7C91552D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-19] (Google Inc.)
Task: {48F2142D-FAD6-42FD-B1CF-8B84D40BAEE0} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {4E0EC955-F743-46F7-A533-2A4ED0A2E79A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {55A71CE9-A563-4500-8F9D-991DBB074751} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {76C4DC21-3582-449E-BA2D-E514E6432085} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-17] (SEC)
Task: {789305D1-A5DB-43A8-807C-0B0A8373272F} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {79965DF2-6A72-4F28-92BD-57C9E1D075E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-19] (Google Inc.)
Task: {9178B62B-3314-4B94-99A8-9A40D35A3921} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-09-14] (Samsung Electronics CO., LTD.)
Task: {9DCAE56A-934A-4476-8952-E3B213C0E1F2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B4550096-4847-4F74-992B-9B9950441993} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {BD9E47B3-38BD-434B-9A98-A996D6A6926B} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CA0126CC-8003-4179-9809-AB563C944D79} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {CCAA43C7-A484-4D97-8B40-495CB3711C68} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {D42D55C4-7018-4F24-A21B-64053CFE48B3} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EF831793-EEAE-43E6-AD8F-798318BF0451} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe
==================== Loaded Modules (whitelisted) =============
2012-09-14 04:42 - 2012-09-14 04:42 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-09-14 04:37 - 2012-09-14 04:37 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-07-20 07:16 - 2012-07-20 07:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-02 11:22 - 2013-12-09 11:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-09-18 12:12 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 03:34 - 2012-06-08 03:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-09-03 14:54 - 2013-09-03 14:54 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2013-08-17 06:27 - 2013-08-17 06:27 - 00017920 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSIClient\d4b49cde56288aa4c132208d7aba2a82\PSIClient.ni.dll
2012-09-18 11:54 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-12-12 16:04 - 2013-12-12 16:04 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-03-09 16:26 - 2012-03-09 16:26 - 00100352 _____ () C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\zlib1.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Microsoft:UiyPnZ68VFFeN3vmjUUo
AlternateDataStreams: C:\ProgramData\Microsoft:YmP7zLz48075018EndXaIlRWwh
AlternateDataStreams: C:\Users\Anwender\Lokale Einstellungen:R4n0hzWCuDvl3Zo9z1XxXw
AlternateDataStreams: C:\Users\Anwender\AppData\Local:R4n0hzWCuDvl3Zo9z1XxXw
AlternateDataStreams: C:\Users\Anwender\AppData\Local\Anwendungsdaten:R4n0hzWCuDvl3Zo9z1XxXw
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/05/2014 08:00:10 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16628, Zeitstempel: 0x51a94434
Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.2.9200.16622, Zeitstempel: 0x519e9904
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000009e2f
ID des fehlerhaften Prozesses: 0xb74
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5
Error: (01/05/2014 00:50:50 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c20
Startzeit: 01cf098d4f058195
Endzeit: 31
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 06ba62e4-759b-11e3-bee7-50b7c3621954
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (01/04/2014 09:40:07 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0xaf0
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5
Error: (01/04/2014 07:56:47 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0xa80
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5
Error: (01/04/2014 03:15:45 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0x146c
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5
Error: (01/04/2014 02:09:56 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0x20d0
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5
Error: (01/04/2014 03:37:28 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error
Error: (01/03/2014 00:54:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0x1308
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5
Error: (01/03/2014 00:52:30 PM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.
Error: (01/03/2014 04:11:06 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error
System errors:
=============
Error: (01/04/2014 09:38:19 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 04.01.2014 um 21:14:59 unerwartet heruntergefahren.
Error: (01/02/2014 11:29:59 AM) (Source: Service Control Manager) (User: )
Description: Dienst "BasicServe Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (01/05/2014 08:00:10 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.2.9200.1662851a94434RPCRT4.dll6.2.9200.16622519e9904c00000050000000000009e2fb7401cf098d017a6bf8C:\windows\Explorer.EXEC:\windows\system32\RPCRT4.dll98dbdff2-763b-11e3-bee7-50b7c3621954
Error: (01/05/2014 00:50:50 AM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.5087c2001cf098d4f05819531C:\Program Files (x86)\Mozilla Firefox\firefox.exe06ba62e4-759b-11e3-bee7-50b7c3621954
Error: (01/04/2014 09:40:07 PM) (Source: Application Error)(User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7ccaf001cf098d014f8041C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe6503f620-7580-11e3-bee7-50b7c3621954
Error: (01/04/2014 07:56:47 PM) (Source: Application Error)(User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cca8001cf097e7c19b8cfC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exef5d3dcde-7571-11e3-bee6-50b7c3621954
Error: (01/04/2014 03:15:45 PM) (Source: Application Error)(User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc146c01cf095748c78666C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exeb3001949-754a-11e3-bee5-50b7c3621954
Error: (01/04/2014 02:09:56 PM) (Source: Application Error)(User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc20d001cf094e02369179C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe81a8bedb-7541-11e3-bee5-50b7c3621954
Error: (01/04/2014 03:37:28 AM) (Source: ATIeRecord)(User: )
Description:
Error: (01/03/2014 00:54:15 PM) (Source: Application Error)(User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc130801cf087a4e76f18fC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exec42f9ffc-746d-11e3-bee5-50b7c3621954
Error: (01/03/2014 00:52:30 PM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
Error: (01/03/2014 04:11:06 AM) (Source: ATIeRecord)(User: )
Description:
==================== Memory info ===========================
Percentage of memory in use: 25%
Total physical RAM: 8083.44 MB
Available physical RAM: 5989.85 MB
Total Pagefile: 14575.26 MB
Available Pagefile: 8223.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:673.74 GB) (Free:314.76 GB) NTFS
Drive d: (theHunter) (CDROM) (Total:1.15 GB) (Free:0 GB) UDF
Drive e: () (Removable) (Total:15.08 GB) (Free:12.68 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)
==================== End Of Log ============================
|
|
05.01.2014, 22:06
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Emsisoft kann Datei weder löschen noch in quarantäne setzen.Code:
ATTFilter 127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na2m-pr.licenses.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 ereg.wip4.adobe.com
127.0.0.1 wip.adobe.com
127.0.0.1 wip1.adobe.com
127.0.0.1 wip2.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wip4.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
 Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.01.2014, 17:59
| #5 |
| | Emsisoft kann Datei weder löschen noch in quarantäne setzen. Hallo, wenn ich die Programme lösche, wären dann auch die 'gecrackten' Daten mit gelöscht? Weil sonst weiß ich leider nicht mehr genau wo ich die zum separaten Löschen finden könnte. Grüße |
|
08.01.2014, 20:49
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Emsisoft kann Datei weder löschen noch in quarantäne setzen. Wenn du das Zeug selbst installiert hast wist du ja wohl wissen wo die eigentlichen Cracks/Keygens sind. Oder hast du Zitat:
__________________ --> Emsisoft kann Datei weder löschen noch in quarantäne setzen. |
|
08.01.2014, 20:55
| #7 |
| | Emsisoft kann Datei weder löschen noch in quarantäne setzen. Ist schon etwas länger her, dass ich das nach einer Anleitung installiert habe. Deswegen weiß ich jetzt auch nicht mehr genau, wo sich die einzelnen Daten befinden. Ich habe mir nun aber gedacht, dass es wohl am besten wäre wenn ich Windows komplett neu installiere, das ganze System läuft einfach immer langsamer und macht keinen Spaß mehr. Nun ist es aber so, dass ich einen Laptop mit installiertem Win8 gekauft habe, sprich ohne eine Win8 CD. Ich kann aber soweit ich es nun herausgefunden habe den Pc das Win8 von selbst neu installieren lassen. Die Frage ist nur, ob das 'normalen' Neuinstallation gleichkommt und auch alle Schädlinge dabei entfernt werden?! Wäre nett wenn Sie eine Antwort darauf hätten Grüße |
|
08.01.2014, 22:02
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Emsisoft kann Datei weder löschen noch in quarantäne setzen. Ja, nennt sich Recovern. Sollte einer Neuinstallation gleich kommen. Vorher alles wichtigen Daten extern sichern!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Emsisoft kann Datei weder löschen noch in quarantäne setzen. |
| adblock, adobe, adware.relevant.bh, adware.relevant.ca, adware.relevant.cc, application.win32.installad, avira, bonjour, defender, emsisoft, entfernen, filesubmit.a, firefox, flash player, gen:variant.adware.barys.5042, homepage, java.exploit.cve-2013-2423.a, mozilla, plug-in, pop ups, problem, realtek, registry, relevantknowledge, software, svchost.exe, windows, wlan |
Linear-Darstellung
