![]() |
|
Plagegeister aller Art und deren Bekämpfung: Vorgang written konnte nicht im Speicher durchgeführt werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 | ||
![]() | ![]() Vorgang written konnte nicht im Speicher durchgeführt werden Hallo, auf dem Rechner meines Vaters tritt immer wieder folgende Fehlermeldung bei verschiedenen exe-Files auf: Zitat:
Ich hatte am Anfang auf Arbeitsspeicher oder Festplatte getippt. Den Arbeitsspeicher habe ich mit der OnBoard-Diagnose des BIOS getestet: kein Fehler. Die Festplatte habe ich mit einem WD-Tool testet: keine Fehler. Ich habe auch schon Code:
ATTFilter sfc /scannow Da das Problem immer noch da ist und sogar Avira (avcenter.exe) inzwischen eine Zitat:
Es wäre daher ganz toll, wenn ihr mir helfen könntet. Ein Problem könnte eventuell sein, dass ich mich auf den Rechner nur per RDP aufschalten kann, weil der Rechner mehrere 100 km weit weg steht. Ich kann nichts offline durchführen. Und meinen Vater kann ich nicht mit sowas beauftragen. Ich habe jetzt angefangen die Anleitung zu befolgen: Schritt 1: keine Fehlermeldung Schritt 2: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Admin (administrator) on Computer1 on 21-03-2014 20:26:20 Running from C:\Users\Admin\Downloads Windows 8.1 Pro (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\system32\nvwmi64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (AVM Berlin) C:\Program Files (x86)\Common Files\AVM\de_serv.exe (SpamPal.org) C:\Program Files (x86)\SpamPal\spampal.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (AGFEO ) C:\Program Files (x86)\AGFEO\Tk-Suite\tkserver\tksock.exe (UltraVNC) C:\Program Files\UltraVnc\winvnc.exe (AGFEO ) C:\Program Files (x86)\AGFEO\Tk-Suite\tkserver\tkmedia.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\system32\LogonUI.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\system32\nvwmi64.exe (UltraVNC) C:\Program Files\UltraVnc\winvnc.exe (Microsoft Corporation) C:\Windows\system32\rdpclip.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Greenshot) C:\Program Files\Greenshot\Greenshot.exe (AVM Berlin) C:\Program Files (x86)\FRITZ!\Iwatch.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis) C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe (Saitek) C:\Program Files (x86)\Saitek\DirectOutput\DirectOutputManager.exe (Saitek) C:\Program Files (x86)\Saitek\Software\ProfilerU.exe (Saitek) C:\Program Files (x86)\Saitek\Software\SaiMfd.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2722080 2013-06-29] () HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403888 2012-08-23] (Acronis) HKLM\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [495616 2013-12-12] (Greenshot) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-06] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.) HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6049096 2012-08-23] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [943856 2012-07-24] (Acronis) HKLM-x32\...\Run: [adm_tray.exe] - C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [533808 2010-06-04] (Acronis) HKLM-x32\...\Run: [DirectOutput] - C:\Program Files (x86)\Saitek\DirectOutput\DirectOutputManager.exe [151552 2006-09-28] (Saitek) HKLM-x32\...\Run: [Profiler] - C:\Program Files (x86)\Saitek\Software\ProfilerU.exe [184320 2006-09-05] (Saitek) HKLM-x32\...\Run: [SaiMfd] - C:\Program Files (x86)\Saitek\Software\SaiMfd.exe [180736 2006-09-28] (Saitek) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!fax.lnk ShortcutTarget: FRITZ!fax.lnk -> C:\Program Files (x86)\FRITZ!\FriFax32.exe (AVM Berlin) ==================== Internet (Whitelisted) ==================== BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\Program Files (x86)\SpamPal\spampalLSP.dll [172032] () Winsock: Catalog9 02 C:\Program Files (x86)\SpamPal\spampalLSP.dll [172032] () Winsock: Catalog9 03 C:\Program Files (x86)\SpamPal\spampalLSP.dll [172032] () Winsock: Catalog9 04 C:\Program Files (x86)\SpamPal\spampalLSP.dll [172032] () Winsock: Catalog9 05 C:\Program Files (x86)\SpamPal\spampalLSP.dll [172032] () Winsock: Catalog9 06 C:\Program Files (x86)\SpamPal\spampalLSP.dll [172032] () Winsock: Catalog9 07 C:\Program Files (x86)\SpamPal\spampalLSP.dll [172032] () Winsock: Catalog9 08 C:\Program Files (x86)\SpamPal\spampalLSP.dll [172032] () Winsock: Catalog9 09 C:\Program Files (x86)\SpamPal\spampalLSP.dll [172032] () Winsock: Catalog9 10 C:\Program Files (x86)\SpamPal\spampalLSP.dll [172032] () Winsock: Catalog9 21 C:\Program Files (x86)\SpamPal\spampalLSP.dll [172032] () Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1z1ka1vb.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @xstandard.com/XStandard - C:\Program Files (x86)\XStandard\Bin\NPXStandard.dll (Belus Technology Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1z1ka1vb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-14] ==================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () S2 AntiVirFireWallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1012280 2013-12-18] (Avira Operations GmbH & Co. KG) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [910416 2014-03-06] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-06] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-03-06] (Avira Operations GmbH & Co. KG) R2 de_serv; C:\Program Files (x86)\Common Files\AVM\de_serv.exe [206128 2007-10-25] (AVM Berlin) R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-06-29] (NVIDIA Corporation) R2 SpamPal for Windows; C:\Program Files (x86)\SpamPal\spampal.exe [507904 2006-04-24] (SpamPal.org) R2 tksock; C:\Program Files (x86)\AGFEO\Tk-Suite\tkserver\tksock.exe [2210936 2013-05-24] (AGFEO ) R2 uvnc_service; C:\Program Files\UltraVnc\winvnc.exe [1940248 2013-12-05] (UltraVNC) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R3 avfwim; C:\Windows\system32\DRIVERS\avfwim.sys [114608 2013-01-25] (Avira GmbH) R1 avfwot; C:\Windows\system32\DRIVERS\avfwot.sys [141376 2013-01-25] (Avira GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-06] (Avira Operations GmbH & Co. KG) R3 AVMCOWAN; C:\Windows\system32\DRIVERS\AVMCOWAN.sys [82432 2012-07-19] (AVM GmbH) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R3 fpcibase; C:\Windows\system32\DRIVERS\fpcibase.sys [649344 2012-07-19] (AVM Berlin) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-23] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SaiH0762; C:\Windows\system32\DRIVERS\SaiH0762.sys [347904 2006-09-13] (Saitek) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2013-09-20] (Acronis) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit? S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-21 20:26 - 2014-03-21 20:26 - 00013874 _____ () C:\Users\Admin\Downloads\FRST.txt 2014-03-21 20:26 - 2014-03-21 20:26 - 00000000 ____D () C:\FRST 2014-03-21 20:25 - 2014-03-21 20:25 - 02157056 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe 2014-03-21 20:24 - 2014-03-21 20:24 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2014-03-21 20:20 - 2014-03-21 20:20 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe 2014-03-18 23:22 - 2014-01-08 02:46 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS 2014-03-18 23:22 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-03-18 23:22 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-03-18 23:22 - 2014-01-04 16:54 - 00138240 _____ () C:\Windows\system32\OEMLicense.dll 2014-03-18 23:22 - 2014-01-04 16:08 - 00103936 _____ () C:\Windows\SysWOW64\OEMLicense.dll 2014-03-18 23:22 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll 2014-03-18 23:22 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll 2014-03-18 23:22 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-03-18 23:22 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-03-18 23:22 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-03-18 23:22 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll 2014-03-18 23:22 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-03-18 23:22 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll 2014-03-18 23:22 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-03-18 23:22 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2014-03-18 23:22 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-03-18 23:22 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll 2014-03-18 23:22 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll 2014-03-18 23:22 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll 2014-03-18 23:22 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll 2014-03-18 23:22 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll 2014-03-18 23:22 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll 2014-03-18 23:22 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll 2014-03-18 23:22 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe 2014-03-18 23:22 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll 2014-03-18 23:22 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll 2014-03-18 23:22 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe 2014-03-18 23:22 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll 2014-03-18 23:22 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll 2014-03-18 23:22 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys 2014-03-18 23:22 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2014-03-18 23:22 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2014-03-18 23:22 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe 2014-03-18 23:22 - 2013-12-13 08:24 - 00121088 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys 2014-03-18 23:22 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll 2014-03-18 23:22 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll 2014-03-18 23:22 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-03-18 23:22 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-03-14 22:05 - 2014-03-14 22:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Thunderbird 2014-03-14 22:05 - 2014-03-14 22:05 - 00000000 ____D () C:\Users\Admin\AppData\Local\Thunderbird 2014-03-14 20:17 - 2014-03-14 20:17 - 00000000 ____D () C:\Program Files (x86)\Western Digital Corporation 2014-03-13 21:43 - 2014-03-13 21:43 - 00000890 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2014-03-13 21:43 - 2014-03-13 21:43 - 00000000 ____D () C:\Program Files\CPUID 2014-03-12 19:48 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-12 19:48 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-12 19:48 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-12 19:48 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-12 19:48 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-12 19:48 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-12 19:48 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-12 19:48 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-12 19:48 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-12 19:48 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-12 19:48 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-12 19:48 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-12 19:48 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-12 19:48 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-12 19:48 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-12 19:48 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-12 19:48 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-12 19:48 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 19:48 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-12 19:48 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-12 19:48 - 2014-01-31 17:15 - 00311640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2014-03-12 19:48 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-03-12 19:48 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll 2014-03-12 19:48 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll 2014-03-12 19:48 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll 2014-03-12 19:48 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-03-12 19:48 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2014-03-12 19:48 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2014-03-12 19:48 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll 2014-03-12 19:48 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-03-12 19:48 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll 2014-03-12 19:48 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2014-03-12 19:48 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2014-03-12 19:48 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll 2014-03-12 19:48 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll 2014-03-12 19:48 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll 2014-03-12 19:48 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-03-12 19:48 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE 2014-03-12 19:48 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-03-12 19:48 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll 2014-03-12 19:48 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-03-12 19:48 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE 2014-03-12 19:48 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-03-12 19:48 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2014-03-12 19:48 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll 2014-03-12 19:48 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll 2014-03-12 19:48 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-03-12 19:48 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-03-12 19:48 - 2014-01-27 12:45 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml 2014-03-12 19:48 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll 2014-03-12 19:48 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll 2014-03-12 19:48 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe 2014-03-12 19:48 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll 2014-03-12 19:48 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-03-12 19:48 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-03-12 19:48 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-03-12 19:48 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2014-03-12 19:48 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-02-20 18:25 - 2014-02-20 18:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\pdfforge 2014-02-20 18:25 - 2014-02-20 18:25 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-02-20 18:25 - 2012-05-05 10:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX 2014-02-20 18:25 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2014-02-20 18:25 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2014-02-20 18:25 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL 2014-02-20 18:25 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL 2014-02-20 18:25 - 1998-07-06 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL ==================== One Month Modified Files and Folders ======= 2014-03-21 20:26 - 2014-03-21 20:26 - 00013874 _____ () C:\Users\Admin\Downloads\FRST.txt 2014-03-21 20:26 - 2014-03-21 20:26 - 00000000 ____D () C:\FRST 2014-03-21 20:25 - 2014-03-21 20:25 - 02157056 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe 2014-03-21 20:24 - 2014-03-21 20:24 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2014-03-21 20:24 - 2013-10-14 17:56 - 00000000 ____D () C:\Users\Admin 2014-03-21 20:20 - 2014-03-21 20:20 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe 2014-03-21 20:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2014-03-21 19:55 - 2013-09-18 15:57 - 01530851 _____ () C:\Windows\WindowsUpdate.log 2014-03-21 19:54 - 2013-12-20 07:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-21 19:53 - 2013-09-20 16:36 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-21 19:53 - 2013-09-20 16:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-21 19:43 - 2014-02-09 09:13 - 00000000 ____D () C:\ProgramData\AAV 2014-03-21 19:14 - 2013-10-25 21:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1199332448-1111952254-1568684290-1002 2014-03-21 18:57 - 2013-10-25 21:39 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-21 18:57 - 2013-10-25 21:39 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-21 18:57 - 2013-08-22 15:46 - 00013301 _____ () C:\Windows\setupact.log 2014-03-21 08:36 - 2013-09-18 16:03 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1199332448-1111952254-1568684290-1001 2014-03-20 14:32 - 2013-10-14 22:51 - 00000000 ____D () C:\Users\User1\AppData\Local\FRITZ! 2014-03-19 08:16 - 2013-09-18 15:57 - 00000000 ___RD () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-19 08:16 - 2013-09-18 15:57 - 00000000 ___RD () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-19 06:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-03-19 05:48 - 2013-11-13 22:27 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-19 05:46 - 2013-11-13 22:27 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-19 05:46 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-03-19 00:52 - 2013-09-18 15:55 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-19 00:52 - 2013-08-23 00:24 - 00764340 _____ () C:\Windows\system32\perfh007.dat 2014-03-19 00:52 - 2013-08-23 00:24 - 00159160 _____ () C:\Windows\system32\perfc007.dat 2014-03-19 00:47 - 2013-09-20 16:08 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-19 00:47 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-19 00:46 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2014-03-19 00:46 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-03-18 22:51 - 2013-10-14 22:37 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Notepad++ 2014-03-18 22:51 - 2013-09-20 16:38 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-03-18 22:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-03-15 14:23 - 2013-09-18 15:57 - 00000000 ____D () C:\Users\User1 2014-03-14 22:05 - 2014-03-14 22:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Thunderbird 2014-03-14 22:05 - 2014-03-14 22:05 - 00000000 ____D () C:\Users\Admin\AppData\Local\Thunderbird 2014-03-14 20:17 - 2014-03-14 20:17 - 00000000 ____D () C:\Program Files (x86)\Western Digital Corporation 2014-03-13 21:43 - 2014-03-13 21:43 - 00000890 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2014-03-13 21:43 - 2014-03-13 21:43 - 00000000 ____D () C:\Program Files\CPUID 2014-03-13 21:04 - 2013-08-22 15:44 - 00410728 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-13 21:03 - 2013-09-18 15:26 - 00103518 _____ () C:\Windows\PFRO.log 2014-03-13 21:02 - 2013-09-20 17:21 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-13 21:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-13 21:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-13 21:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-03-13 21:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-03-05 07:39 - 2013-09-25 11:22 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-05 07:39 - 2013-09-25 11:22 - 00000000 ____D () C:\ProgramData\Skype 2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-01 07:05 - 2014-03-12 19:48 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 05:58 - 2014-03-12 19:48 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 05:30 - 2014-03-12 19:48 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 05:17 - 2014-03-12 19:48 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 04:54 - 2014-03-12 19:48 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 04:47 - 2014-03-12 19:48 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 04:42 - 2014-03-12 19:48 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 04:18 - 2014-03-12 19:48 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 04:14 - 2014-03-12 19:48 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-12 19:48 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-12 19:48 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 03:57 - 2014-03-12 19:48 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-12 19:48 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-12 19:48 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-12 19:48 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-12 19:48 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-12 19:48 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-27 09:12 - 2013-09-25 11:19 - 00000000 ____D () C:\Users\User1\AppData\Roaming\KeePass 2014-02-20 18:30 - 2014-02-09 10:38 - 00002226 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk 2014-02-20 18:25 - 2014-02-20 18:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\pdfforge 2014-02-20 18:25 - 2014-02-20 18:25 - 00000000 ____D () C:\Program Files (x86)\PDFCreator Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\avgnt.exe C:\Users\Admin\AppData\Local\Temp\finvap.exe C:\Users\Admin\AppData\Local\Temp\npp.6.5.5.Installer.exe C:\Users\Admin\AppData\Local\Temp\npp.6.5.Installer.exe C:\Users\Admin\AppData\Local\Temp\xmlUpdater.exe C:\Users\User1\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe C:\Users\User1\AppData\Local\Temp\avgnt.exe C:\Users\User1\AppData\Local\Temp\IPx64_1031.exe C:\Users\User1\AppData\Local\Temp\npp.6.5.2.Installer.exe C:\Users\User1\AppData\Local\Temp\vlc-2.1.1-win32.exe C:\Users\User1\AppData\Local\Temp\vlc-2.1.3-win32.exe C:\Users\User1\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2014-03-12 19:48] - [2014-01-31 17:15] - 0311640 ____A (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02 LastRegBack: 2014-03-15 22:12 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Admin at 2014-03-21 20:26:47 Running from C:\Users\Admin\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: FireWall (Disabled) {753F9273-B322-2907-AC37-03D0F1702F22} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.187 - Acronis) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) AGFEO TK-Suite Server (HKLM-x32\...\tksuite_tksuite_server) (Version: 4.4.8 - AGFEO GmbH & Co. KG) Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira Professional Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) AVM FRITZ! (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft) Flight Simulator X (HKLM-x32\...\RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: - ) Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: - ) Greenshot 1.1.7.17 (HKLM\...\Greenshot_is1) (Version: 1.1.7.17 - Greenshot) InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan) iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden KeePass Password Safe 2.23 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl) LANconfig (HKLM-x32\...\LANconfig) (Version: 8.82.42.0 - ) LANmonitor/WLANmonitor (HKLM-x32\...\LANmonitor) (Version: 8.82.20.0 - ) Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: 10.0.61637.0 - Microsoft Game Studios) Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla) MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team) NVIDIA 3D Vision Treiber 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 326.01 - NVIDIA Corporation) NVIDIA Grafiktreiber 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 326.01 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.126.821 - NVIDIA Corporation) Hidden NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2601 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 326.01 (Version: 326.01 - NVIDIA Corporation) Hidden NVIDIA WMI 2.14.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.14.0 - NVIDIA Corporation) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge) Saitek DirectOutput 5.7.0.24 (HKLM-x32\...\{05EB9A67-6A21-4390-A9C8-6165EEE1921A}) (Version: 5.7.0.24 - Saitek) Saitek SST Programming Software (HKLM-x32\...\{967FB80D-56BD-42EF-A942-9E8C78F984A4}) (Version: 1.00.0000 - Saitek) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SpamPal (HKLM-x32\...\{DE6CFFA1-4A51-11D6-BD6E-EF01F93E642D}) (Version: 1.72q - ) SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.07.73 - Akademische Arbeitsgemeinschaft) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer) True Image 2013 (HKLM-x32\...\{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}Visible) (Version: 16.0.5551 - Acronis) True Image 2013 (x32 Version: 16.0.5551 - Acronis) Hidden True Image 2013 Plus Pack (HKLM-x32\...\{C408E706-94A7-454C-8B52-538AA6CBD0FB}) (Version: 16.0.5551 - Acronis) UltraVnc (HKLM\...\{4ABD1242-7176-49CC-A128-AB9506C72DC7}) (Version: 1.1.93 - uvnc bvba) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft) VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN) XStandard (HKLM-x32\...\XStandard) (Version: - ) ==================== Restore Points ========================= 05-03-2014 06:39:10 Windows Update 13-03-2014 20:00:42 Windows Update 18-03-2014 23:34:31 Windows Update ==================== Hosts content: ========================== 2013-08-22 14:25 - 2013-09-20 16:48 - 00000860 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {3F271FDF-0836-43B9-9C6E-49F8BE3AD33C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7AFF4C44-46FF-4373-AE23-66A3FD7A53CD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-21] (Adobe Systems Incorporated) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E61E5086-22DA-49B5-AB66-D20EA6D41C0C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-03-19] (Microsoft Corporation) Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-14 22:43 - 2006-02-23 10:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll 2013-10-14 22:43 - 2006-02-22 09:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll 2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe 2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll 2013-09-20 16:08 - 2013-06-29 05:02 - 00496928 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll 2012-08-23 02:51 - 2012-08-23 02:51 - 02023808 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_view.dll 2006-04-18 21:22 - 2006-04-18 21:22 - 00172032 _____ () C:\Program Files (x86)\SpamPal\spampalLSP.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2005-12-02 17:45 - 2005-12-02 17:45 - 00171008 _____ () C:\Program Files (x86)\SpamPal\lang.dll 2012-08-22 23:42 - 2012-08-22 23:42 - 00435584 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2013-05-24 11:23 - 2013-05-24 11:23 - 00024576 _____ () C:\Program Files (x86)\AGFEO\Tk-Suite\tkserver\tkmedia_lib.dll 2013-05-24 11:23 - 2013-05-24 11:23 - 00028672 _____ () C:\Program Files (x86)\AGFEO\Tk-Suite\tkserver\tkmedia_capi.dll 2013-05-24 11:23 - 2013-05-24 11:23 - 00011776 _____ () C:\Program Files (x86)\AGFEO\Tk-Suite\tkserver\tkmedia_serial.dll 2013-05-24 11:23 - 2013-05-24 11:23 - 00012288 _____ () C:\Program Files (x86)\AGFEO\Tk-Suite\tkserver\tkmedia_xport.dll 2012-08-23 02:35 - 2012-08-23 02:35 - 13873200 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll 2012-08-23 02:31 - 2012-08-23 02:31 - 01590656 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll 2012-07-24 13:48 - 2012-07-24 13:48 - 00012160 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll 2010-06-04 17:40 - 2010-06-04 17:40 - 00012128 _____ () C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll 2013-10-15 21:16 - 2006-09-05 08:03 - 00147456 _____ () C:\Program Files (x86)\Saitek\Software\SAICFG.dll 2013-09-20 16:27 - 2013-06-20 14:04 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2013-12-20 07:45 - 2014-03-21 19:54 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2012-08-23 00:12 - 2012-08-23 00:12 - 00019840 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/21/2014 07:57:05 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: TrueImage.exe, Version: 16.0.0.5551, Zeitstempel: 0x50357196 Name des fehlerhaften Moduls: webio.dll, Version: 6.3.9600.16384, Zeitstempel: 0x52157b23 Ausnahmecode: 0xc0000409 Fehleroffset: 0x0001fe8e ID des fehlerhaften Prozesses: 0xe18 Startzeit der fehlerhaften Anwendung: 0xTrueImage.exe0 Pfad der fehlerhaften Anwendung: TrueImage.exe1 Pfad des fehlerhaften Moduls: TrueImage.exe2 Berichtskennung: TrueImage.exe3 Vollständiger Name des fehlerhaften Pakets: TrueImage.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TrueImage.exe5 Error: (03/21/2014 07:56:14 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) Description: Das Update von Computer1 (192.168.178.105) ist fehlgeschlagen. Ein vorhergehendes Update hat einen Systemneustart verlangt. Solange dieser nicht ausgeführt wurde sind keine weiteren Updates möglich.. Es wurden keine neuen Dateien geladen. Error: (03/21/2014 07:56:13 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avcenter.exe, Version: 14.0.3.332, Zeitstempel: 0x52f8ba8d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.16502, Zeitstempel: 0x52c35a76 Ausnahmecode: 0xc000000d Fehleroffset: 0x000eeb73 ID des fehlerhaften Prozesses: 0x418 Startzeit der fehlerhaften Anwendung: 0xavcenter.exe0 Pfad der fehlerhaften Anwendung: avcenter.exe1 Pfad des fehlerhaften Moduls: avcenter.exe2 Berichtskennung: avcenter.exe3 Vollständiger Name des fehlerhaften Pakets: avcenter.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avcenter.exe5 Error: (03/21/2014 07:56:13 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avcenter.exe, Version: 14.0.3.332, Zeitstempel: 0x52f8ba8d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.16502, Zeitstempel: 0x52c35a76 Ausnahmecode: 0xc000000d Fehleroffset: 0x000eeb73 ID des fehlerhaften Prozesses: 0x418 Startzeit der fehlerhaften Anwendung: 0xavcenter.exe0 Pfad der fehlerhaften Anwendung: avcenter.exe1 Pfad des fehlerhaften Moduls: avcenter.exe2 Berichtskennung: avcenter.exe3 Vollständiger Name des fehlerhaften Pakets: avcenter.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avcenter.exe5 Error: (03/21/2014 07:56:03 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) Description: Das Update von Computer1 (192.168.178.105) ist fehlgeschlagen. Ein vorhergehendes Update hat einen Systemneustart verlangt. Solange dieser nicht ausgeführt wurde sind keine weiteren Updates möglich.. Es wurden keine neuen Dateien geladen. Error: (03/21/2014 07:53:22 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 27.0.1.5156, Zeitstempel: 0x52fc0faa Name des fehlerhaften Moduls: webio.dll, Version: 6.3.9600.16384, Zeitstempel: 0x52157b23 Ausnahmecode: 0xc0000409 Fehleroffset: 0x0001fe8e ID des fehlerhaften Prozesses: 0x15f4 Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Vollständiger Name des fehlerhaften Pakets: firefox.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: firefox.exe5 Error: (03/21/2014 07:51:24 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: install_flashplayer12x32_mssd_aaa_aih.exe, Version: 3.3.9.0, Zeitstempel: 0x51c7f3cd Name des fehlerhaften Moduls: webio.dll, Version: 6.3.9600.16384, Zeitstempel: 0x52157b23 Ausnahmecode: 0xc0000409 Fehleroffset: 0x0001fe8e ID des fehlerhaften Prozesses: 0x13fc Startzeit der fehlerhaften Anwendung: 0xinstall_flashplayer12x32_mssd_aaa_aih.exe0 Pfad der fehlerhaften Anwendung: install_flashplayer12x32_mssd_aaa_aih.exe1 Pfad des fehlerhaften Moduls: install_flashplayer12x32_mssd_aaa_aih.exe2 Berichtskennung: install_flashplayer12x32_mssd_aaa_aih.exe3 Vollständiger Name des fehlerhaften Pakets: install_flashplayer12x32_mssd_aaa_aih.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: install_flashplayer12x32_mssd_aaa_aih.exe5 Error: (03/21/2014 07:51:19 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: install_flashplayer12x32_mssd_aaa_aih.exe, Version: 3.3.9.0, Zeitstempel: 0x51c7f3cd Name des fehlerhaften Moduls: webio.dll, Version: 6.3.9600.16384, Zeitstempel: 0x52157b23 Ausnahmecode: 0xc0000409 Fehleroffset: 0x0001fe8e ID des fehlerhaften Prozesses: 0x16bc Startzeit der fehlerhaften Anwendung: 0xinstall_flashplayer12x32_mssd_aaa_aih.exe0 Pfad der fehlerhaften Anwendung: install_flashplayer12x32_mssd_aaa_aih.exe1 Pfad des fehlerhaften Moduls: install_flashplayer12x32_mssd_aaa_aih.exe2 Berichtskennung: install_flashplayer12x32_mssd_aaa_aih.exe3 Vollständiger Name des fehlerhaften Pakets: install_flashplayer12x32_mssd_aaa_aih.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: install_flashplayer12x32_mssd_aaa_aih.exe5 Error: (03/21/2014 07:51:16 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: install_flashplayer12x32_mssd_aaa_aih.exe, Version: 3.3.9.0, Zeitstempel: 0x51c7f3cd Name des fehlerhaften Moduls: webio.dll, Version: 6.3.9600.16384, Zeitstempel: 0x52157b23 Ausnahmecode: 0xc0000409 Fehleroffset: 0x0001fe8e ID des fehlerhaften Prozesses: 0x2d4 Startzeit der fehlerhaften Anwendung: 0xinstall_flashplayer12x32_mssd_aaa_aih.exe0 Pfad der fehlerhaften Anwendung: install_flashplayer12x32_mssd_aaa_aih.exe1 Pfad des fehlerhaften Moduls: install_flashplayer12x32_mssd_aaa_aih.exe2 Berichtskennung: install_flashplayer12x32_mssd_aaa_aih.exe3 Vollständiger Name des fehlerhaften Pakets: install_flashplayer12x32_mssd_aaa_aih.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: install_flashplayer12x32_mssd_aaa_aih.exe5 Error: (03/21/2014 07:50:50 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: install_flashplayer12x32_mssd_aaa_aih.exe, Version: 3.3.9.0, Zeitstempel: 0x51c7f3cd Name des fehlerhaften Moduls: webio.dll, Version: 6.3.9600.16384, Zeitstempel: 0x52157b23 Ausnahmecode: 0xc0000409 Fehleroffset: 0x0001fe8e ID des fehlerhaften Prozesses: 0x1248 Startzeit der fehlerhaften Anwendung: 0xinstall_flashplayer12x32_mssd_aaa_aih.exe0 Pfad der fehlerhaften Anwendung: install_flashplayer12x32_mssd_aaa_aih.exe1 Pfad des fehlerhaften Moduls: install_flashplayer12x32_mssd_aaa_aih.exe2 Berichtskennung: install_flashplayer12x32_mssd_aaa_aih.exe3 Vollständiger Name des fehlerhaften Pakets: install_flashplayer12x32_mssd_aaa_aih.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: install_flashplayer12x32_mssd_aaa_aih.exe5 System errors: ============= Error: (03/21/2014 07:51:24 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10. Error: (03/21/2014 07:51:20 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10. Error: (03/21/2014 07:51:20 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10. Error: (03/21/2014 07:51:20 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10. Error: (03/21/2014 07:51:20 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10. Error: (03/21/2014 07:51:16 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10. Error: (03/21/2014 07:50:51 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10. Error: (03/21/2014 07:50:50 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10. Error: (03/21/2014 07:38:00 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Adobe Flash Player Update Service" wurde unerwartet beendet. Dies ist bereits 67 Mal passiert. Error: (03/21/2014 07:36:27 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10. Microsoft Office Sessions: ========================= Error: (03/21/2014 07:57:05 PM) (Source: Application Error)(User: ) Description: TrueImage.exe16.0.0.555150357196webio.dll6.3.9600.1638452157b23c00004090001fe8ee1801cf45374e178986C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exeC:\Windows\System32\webio.dll97ec0bd9-b12a-11e3-8283-b8ac6f808983 Error: (03/21/2014 07:56:14 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT) Description: Computer1 (192.168.178.105)Ein vorhergehendes Update hat einen Systemneustart verlangt. Solange dieser nicht ausgeführt wurde sind keine weiteren Updates möglich. Error: (03/21/2014 07:56:13 PM) (Source: Application Error)(User: ) Description: avcenter.exe14.0.3.33252f8ba8dntdll.dll6.3.9600.1650252c35a76c000000d000eeb7341801cf45373ae5e97aC:\program files (x86)\avira\antivir desktop\avcenter.exeC:\Windows\SYSTEM32\ntdll.dll790d0cf2-b12a-11e3-8283-b8ac6f808983 Error: (03/21/2014 07:56:13 PM) (Source: Application Error)(User: ) Description: avcenter.exe14.0.3.33252f8ba8dntdll.dll6.3.9600.1650252c35a76c000000d000eeb7341801cf45373ae5e97aC:\program files (x86)\avira\antivir desktop\avcenter.exeC:\Windows\SYSTEM32\ntdll.dll7902375b-b12a-11e3-8283-b8ac6f808983 Error: (03/21/2014 07:56:03 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT) Description: Computer1 (192.168.178.105)Ein vorhergehendes Update hat einen Systemneustart verlangt. Solange dieser nicht ausgeführt wurde sind keine weiteren Updates möglich. Error: (03/21/2014 07:53:22 PM) (Source: Application Error)(User: ) Description: firefox.exe27.0.1.515652fc0faawebio.dll6.3.9600.1638452157b23c00004090001fe8e15f401cf453691153564C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\SYSTEM32\webio.dll131c8cae-b12a-11e3-8283-b8ac6f808983 Error: (03/21/2014 07:51:24 PM) (Source: Application Error)(User: ) Description: install_flashplayer12x32_mssd_aaa_aih.exe3.3.9.051c7f3cdwebio.dll6.3.9600.1638452157b23c00004090001fe8e13fc01cf45368ee50699D:\User1\Downloads\install_flashplayer12x32_mssd_aaa_aih.exeC:\Windows\SYSTEM32\webio.dllcca133bd-b129-11e3-8283-b8ac6f808983 Error: (03/21/2014 07:51:19 PM) (Source: Application Error)(User: ) Description: install_flashplayer12x32_mssd_aaa_aih.exe3.3.9.051c7f3cdwebio.dll6.3.9600.1638452157b23c00004090001fe8e16bc01cf45368c0d71a5D:\User1\Downloads\install_flashplayer12x32_mssd_aaa_aih.exeC:\Windows\SYSTEM32\webio.dllc9c8d974-b129-11e3-8283-b8ac6f808983 Error: (03/21/2014 07:51:16 PM) (Source: Application Error)(User: ) Description: install_flashplayer12x32_mssd_aaa_aih.exe3.3.9.051c7f3cdwebio.dll6.3.9600.1638452157b23c00004090001fe8e2d401cf45368a0fec5bD:\User1\Downloads\install_flashplayer12x32_mssd_aaa_aih.exeC:\Windows\SYSTEM32\webio.dllc7cb565c-b129-11e3-8283-b8ac6f808983 Error: (03/21/2014 07:50:50 PM) (Source: Application Error)(User: ) Description: install_flashplayer12x32_mssd_aaa_aih.exe3.3.9.051c7f3cdwebio.dll6.3.9600.1638452157b23c00004090001fe8e124801cf45367a89ff19D:\User1\Downloads\install_flashplayer12x32_mssd_aaa_aih.exeC:\Windows\SYSTEM32\webio.dllb8489b34-b129-11e3-8283-b8ac6f808983 CodeIntegrity Errors: =================================== Date: 2014-03-21 20:16:15.786 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-03-21 20:07:44.314 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-03-21 19:42:27.473 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-03-21 19:33:56.341 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-03-21 19:26:02.765 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-03-21 19:05:32.764 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-03-21 18:58:09.298 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-03-19 00:00:40.416 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-03-18 22:49:38.851 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-03-18 22:05:35.777 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 12285.58 MB Available physical RAM: 9639.85 MB Total Pagefile: 14141.58 MB Available Pagefile: 10996.66 MB Total Virtual: 131072 MB Available Virtual: 131071.78 MB ==================== Drives ================================ Drive c: (Win 8) (Fixed) (Total:150 GB) (Free:92.7 GB) NTFS Drive d: (Data) (Fixed) (Total:150 GB) (Free:117.1 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6DC36E9C) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=150 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=165 GB) - (Type=OF Extended) ==================== End Of Log ============================ Übersprungen, da ich den Rechner nicht vom Internet trennen kann. (Sorry!) Schritt 4: Avira hat bisher keinen Virus gefunden, daher keine Logfiles. Vielen Dank schonmal im Vorraus. Habe hier schon oft mitverfolgt wie toll anderen geholfen wurde. 315 |
Themen zu Vorgang written konnte nicht im Speicher durchgeführt werden |
antivir, antivirus, avira, bonjour, browser, computer, desktop, excel, fehlermeldung, festplatte, firefox, firefox 28.0, flash player, mozilla, problem, proxy, registry, rootkit, rundll, security, services.exe, software, svchost.exe, system, virus, warnung |