| |
| |||||||
Log-Analyse und Auswertung: Windows Firewall startet nicht - Fehlercode 0x8007042cWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.12.2014, 18:18
| #1 |
| |  Windows Firewall startet nicht - Fehlercode 0x8007042c Windows Firewall laesst sich nicht mehr starten und liefert die Fehlermeldung 0x8007042c. Des weiteren ist keine Netzwerkverbindung mehr möglich und im Virenscanner lassen sich die Scanner für Browser und Email nicht mehr aktivieren. Rechner stuerzt sporadisch ab, teilweise mit Bluescreen. Die Anweisungen auf der Microsoft Support Seite zum genannten Windows Fehler wurden durchgefuehrt, blieben jedoch ohne Erfolg. Der Virenscanner (Avira Professional) findet keine Auffälligkeiten (Stand Virensignaturen heute). Der Rechner wird für selbstaendige Taetigkeit genutzt, es besteht aber kein Zugriff auf Administratoren / Spezialisten. Nachfolgend die Logfiles. Vielen Dank im Voraus für Ihre Hillfe! FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01
Ran by admin (administrator) on CELSIUS on 23-12-2014 16:21:12
Running from J:\
Loaded Profile: admin (Available profiles: admin & rita)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Fred's Software) C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
(SDL) C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\Deskupdate\DeskUpdateNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12661352 2011-08-01] (Realtek Semiconductor)
HKLM\...\Run: [ATIModeChange] => Ati2mdxx.exe
HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [102968 2013-02-26] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero BackItUp 4\NBKeyScan.exe [2254120 2008-12-05] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk
ShortcutTarget: Printkey2000.lnk -> C:\Program Files (x86)\PrintKey2000\Printkey2000.exe (Fred's Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SDL MultiTerm 2009 Widget.lnk
ShortcutTarget: SDL MultiTerm 2009 Widget.lnk -> C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe (SDL)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-173040323-2897980119-3820871240-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
HKU\S-1-5-21-173040323-2897980119-3820871240-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
HKU\S-1-5-21-173040323-2897980119-3820871240-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ig/redirectdomain?brand=FTSF&bmod=FTSF
HKU\S-1-5-21-173040323-2897980119-3820871240-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSF&bmod=FTSF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-173040323-2897980119-3820871240-1000 -> DefaultScope {9D611CC1-BF87-4975-A792-9B888D8F2E85} URL =
SearchScopes: HKU\S-1-5-21-173040323-2897980119-3820871240-1000 -> {4765B790-C12B-4C26-90E7-DF72B6A53221} URL =
SearchScopes: HKU\S-1-5-21-173040323-2897980119-3820871240-1000 -> {9D611CC1-BF87-4975-A792-9B888D8F2E85} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {B4CB8358-ABDB-47EE-BC2D-437B5DEBABCB} hxxp://192.168.1.7/AxViewer/AxMediaControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.22
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\b4cpzx6k.default
FF Homepage: hxxp://www.startfenster.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2011-12-20] (Macrovision Europe Ltd.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-23 16:18 - 2014-12-23 16:18 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-12-23 15:05 - 2014-12-23 16:21 - 00000000 ____D () C:\FRST
2014-12-23 14:36 - 2014-12-23 14:35 - 00000402 _____ () C:\Users\admin\Desktop\repair.bat
2014-12-23 14:01 - 2014-12-23 14:01 - 00002000 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-12-23 14:01 - 2014-12-23 14:01 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Avira
2014-12-23 14:01 - 2014-12-23 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-23 14:01 - 2014-12-23 14:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-23 14:01 - 2014-11-24 10:30 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys
2014-12-23 14:01 - 2014-11-24 10:30 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-12-23 14:01 - 2014-11-24 10:30 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-12-23 14:01 - 2014-11-24 10:30 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys
2014-12-23 14:01 - 2014-11-24 10:30 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-12-23 14:01 - 2014-11-24 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-12-23 13:47 - 2014-12-23 13:47 - 00000000 ____D () C:\Intel19.5
2014-12-23 12:50 - 2014-12-23 12:50 - 00000000 ____D () C:\Program Files\Intel
2014-12-23 12:50 - 2014-09-23 15:07 - 00001904 ____N () C:\Windows\system32\SetupBD.din
2014-12-23 12:49 - 2014-09-23 15:15 - 00403256 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2014-12-11 20:02 - 2014-12-11 20:02 - 00021904 _____ () C:\Users\rita\.recently-used.xbel
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-23 16:18 - 2011-03-08 21:17 - 00000000 ____D () C:\Users\admin
2014-12-23 16:03 - 2013-06-01 18:10 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-23 16:01 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-23 16:01 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-23 15:57 - 2011-03-09 03:52 - 01372965 _____ () C:\Windows\WindowsUpdate.log
2014-12-23 15:56 - 2010-04-26 14:06 - 00728516 _____ () C:\Windows\system32\perfh007.dat
2014-12-23 15:56 - 2010-04-26 14:06 - 00158608 _____ () C:\Windows\system32\perfc007.dat
2014-12-23 15:56 - 2009-07-14 06:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-23 15:52 - 2013-06-01 18:10 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-23 15:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-23 15:51 - 2009-07-14 05:51 - 00220968 _____ () C:\Windows\setupact.log
2014-12-23 15:29 - 2011-03-09 18:01 - 00692392 _____ () C:\Windows\PFRO.log
2014-12-23 14:26 - 2012-08-14 12:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-23 14:01 - 2011-03-13 14:03 - 00000000 ____D () C:\ProgramData\Avira
2014-12-23 13:35 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-15 19:00 - 2013-12-14 20:53 - 00000978 _____ () C:\Windows\Tasks\Paragon Archive name diff_141213195248161.job
2014-12-15 17:54 - 2012-07-17 16:46 - 00000704 _____ () C:\Windows\Tasks\20120717_173700_Laufwerk Daten + mail & Co inkrementell.job
2014-12-14 09:58 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-11 20:02 - 2011-10-18 18:30 - 00000000 ____D () C:\Users\rita\AppData\Roaming\gtk-2.0
2014-12-11 20:02 - 2011-10-18 18:28 - 00000000 ____D () C:\Users\rita\.gimp-2.6
2014-12-11 20:02 - 2011-03-13 14:21 - 00000000 ____D () C:\Users\rita
2014-12-08 23:17 - 2011-03-08 21:19 - 00000000 ____D () C:\Windows\System32\Tasks\Fujitsu
2014-12-01 18:00 - 2013-12-14 20:02 - 00000954 _____ () C:\Windows\Tasks\Paragon Archive name arc_141213185517937.job
Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\6h7iqqvn.dll
C:\Users\admin\AppData\Local\Temp\avgnt.exe
C:\Users\admin\AppData\Local\Temp\drxviogi.dll
C:\Users\admin\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-15 16:46
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2014 01
Ran by admin at 2014-12-23 16:21:27
Running from J:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABUS IP-Installer (HKLM-x32\...\{DAA8FDCE-EB1A-4332-818C-43C6E738CEB4}) (Version: 7.0.2202 - ABUS Security-Center GmbH & Co. KG)
ABUS VMS Express (x64) (HKLM\...\{0B2917EB-936C-46B7-AD30-C1934658095A}) (Version: 7.0.2202 - ABUS Security-Center GmbH & Co. KG)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe FrameMaker v7.1 (HKLM-x32\...\Adobe FrameMaker 7.1) (Version: 7.1 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
ATI AVIVO64 Codecs (Version: 11.6.0.50907 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D091F65F-BBB7-D8BB-7E7E-024BDA4058C5}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
Avira Professional Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.14.0118 - Fujitsu Technology Solutions)
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
eBay (HKLM-x32\...\{9983CD31-473F-4808-8317-5346119F0187}) (Version: 1.0.1 - eBay Inc.)
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Gamma Scout Toolbox (HKLM-x32\...\{4F48CD95-B2B4-4532-B6E9-5055277B95BA}) (Version: 1.0.0 - GammaScout)
GetFoldersize 2.5.10 (HKLM-x32\...\GetFoldersize_is1) (Version: 2.5.10 - Michael Thummerer Software Design)
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - )
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections 19.5.300.2 (HKLM\...\PROSetDX) (Version: 19.5.300.2 - Intel)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Korean Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5670-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.1.0 - Lightworks)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Menu Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 16.0.2 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 16.0.2 (x86 de)) (Version: 16.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{fa628712-09e0-451c-a751-fe8e91b07cdd}) (Version: - Nero AG)
Nero BackItUp 4 Essentials (HKLM-x32\...\{0c44f617-a587-4822-83c0-29391f0899af}) (Version: - Nero AG)
Paragon Backup & Recovery™ 2013 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Personal Backup 5.4 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
PrintKey2000 (HKLM-x32\...\PrintKey2000) (Version: - )
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: - Jan Fiala)
QuarkXPress (HKLM-x32\...\{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}) (Version: 8.10.0000 - Quark Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RAIDar 4.3.4 (HKLM-x32\...\1381-5408-0515-7060) (Version: 4.3.4 - Netgear Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
SDL MultiTerm 2009 Convert (HKLM-x32\...\{7D860239-2378-4A9B-8F4E-6E06F2029B5E}) (Version: 8.6.339 - SDL)
SDL MultiTerm 2009 Core SP4 (HKLM-x32\...\{5B2C86E5-EF04-47A7-BCF7-9DDA6456A43F}) (Version: 8.6.355 - SDL)
SDL MultiTerm 2009 Desktop (HKLM-x32\...\{A1CC3003-50E3-4EBA-965A-377250B576BF}) (Version: 8.6.355 - SDL)
SDL MultiTerm 2009 Extract (HKLM-x32\...\{CEC855A6-82CC-4EDA-9A2C-AF5CB8BB931A}) (Version: 8.6.339 - SDL)
SDL MultiTerm 2009 Widget (HKLM-x32\...\{2FCA4642-B4C8-444D-B43D-CE24C555C61B}) (Version: 8.6.339 - SDL)
SDL MultiTerm 2009 Word Integration (HKLM-x32\...\{9E82F52F-D918-4EF0-A1EE-956A6360E44D}) (Version: 8.6.339 - SDL)
SDL MultiTerm Side By Side Tools (HKLM-x32\...\{3F337F82-AA02-42CF-9B90-3AECAD87388B}) (Version: 8.6.339 - SDL)
SDL Passolo 2009 Essential SR3 (HKLM-x32\...\SDL Passolo 2009 Essential SR3) (Version: SDL Passolo 2009 Essential SR3 - SDL Passolo GmbH)
SDL Trados Studio 2009 SP3 (HKLM-x32\...\{399F2130-59E1-11DF-9F46-8091DFD72085}) (Version: 1.3.2307.0 - SDL)
SEH InterCon-NetTool 1.8.43 (HKLM-x32\...\InterCon-NetTool) (Version: 1.8.43 - SEH Computertechnik GmbH)
Serif PhotoPlus X2 (HKLM-x32\...\{9DCFC564-606E-424F-8A1C-56DD14908AF6}) (Version: 12.0.2.011 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.11 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.08 - Wolters Kluwer Deutschland GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SystemDiagnostics (HKLM-x32\...\{80B0B731-5FAE-475D-8844-20F46373780D}) (Version: 3.02.0010 - Fujitsu Technology Solutions)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireshark 1.8.0 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.8.0 - The Wireshark developer community, hxxp://www.wireshark.org)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-173040323-2897980119-3820871240-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-173040323-2897980119-3820871240-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-173040323-2897980119-3820871240-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-173040323-2897980119-3820871240-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {19AF83E4-A482-45F6-91BB-4AABA36B83A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {227C66AD-4250-4823-8466-ECC7D22331AA} - System32\Tasks\Paragon Archive name diff_141213195248161 => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe [2013-03-15] (Paragon Software Group)
Task: {31707073-25B6-4FF4-94F9-0038E146C164} - System32\Tasks\Fujitsu\DeskUpdate => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-02-26] (Fujitsu Technology Solutions)
Task: {3FBF02EF-53EC-467A-9264-6B112C413A15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01] (Google Inc.)
Task: {42B724DF-FCFB-4C4B-BBCB-D5B4C1A5BC08} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01] (Google Inc.)
Task: {B591FD95-DCAC-446E-85F7-C6300778FE95} - System32\Tasks\Fujitsu\DeskUpdateRetry => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-02-26] (Fujitsu Technology Solutions)
Task: {B6FC70DB-AE8A-4144-96C3-9DDF75FB150D} - System32\Tasks\Paragon Archive name arc_141213185517937 => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe [2013-03-15] (Paragon Software Group)
Task: {C794EA5A-19CB-47A1-9A80-4B23C2BEE07D} - System32\Tasks\20120717_173700_Laufwerk Daten + mail & Co inkrementell => C:\Program Files (x86)\Nero\Nero BackItUp 4\BackItUp.exe [2008-12-05] (Nero AG)
Task: {E4C88E8D-DE00-481D-AD4A-760726D07E15} - System32\Tasks\20120717_173700_Laufwerk Daten + mail & Co Vollstaendig => C:\Program Files (x86)\Nero\Nero BackItUp 4\BackItUp.exe [2008-12-05] (Nero AG)
Task: {FB46ADD1-4289-4E42-996D-E93EFA5732D3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\20120717_173700_Laufwerk Daten + mail & Co inkrementell.job => C:\Program Files (x86)\Nero\Nero BackItUp 4\BackItUp.exe
Task: C:\Windows\Tasks\20120717_173700_Laufwerk Daten + mail & Co Vollstaendig.job => C:\Program Files (x86)\Nero\Nero BackItUp 4\BackItUp.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Paragon Archive name arc_141213185517937.job => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe
Task: C:\Windows\Tasks\Paragon Archive name diff_141213195248161.job => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe
==================== Loaded Modules (whitelisted) =============
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2011-03-21 21:16 - 2011-03-21 21:16 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-11-26 12:25 - 2010-11-26 12:25 - 01423360 _____ () C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\Sdl.Core.Licensing.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
admin (S-1-5-21-173040323-2897980119-3820871240-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-173040323-2897980119-3820871240-500 - Administrator - Disabled)
Gast (S-1-5-21-173040323-2897980119-3820871240-501 - Limited - Disabled)
rita (S-1-5-21-173040323-2897980119-3820871240-1001 - Limited - Enabled) => C:\Users\rita
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/23/2014 04:01:53 PM) (Source: Avira Antivirus) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Das Update von CELSIUS (127.0.0.1) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten..
Es wurden keine neuen Dateien geladen.
Error: (12/23/2014 03:56:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (12/23/2014 03:56:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/23/2014 03:56:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/23/2014 03:52:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Generator wird initialisiert
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {e8b11fbe-4a32-4136-8f3f-7675f49a0ca0}
Error: (12/23/2014 03:46:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (12/23/2014 03:46:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/23/2014 03:46:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/23/2014 03:39:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Generator wird initialisiert
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {03ad7ce9-47b2-4318-b086-caab98e01e02}
Error: (12/23/2014 03:33:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Generator wird initialisiert
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {7d1c83c0-8f7e-43d2-bf43-2ffe636fae6f}
System errors:
=============
Error: (12/23/2014 04:18:44 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741288.
Error: (12/23/2014 04:18:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (12/23/2014 04:17:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741288.
Error: (12/23/2014 04:17:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (12/23/2014 04:15:12 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (12/23/2014 04:06:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DHCP-Client" wurde mit folgendem Fehler beendet:
%%5
Error: (12/23/2014 04:06:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (12/23/2014 04:06:41 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 1004) (User: NT-AUTORITÄT)
Description: Fehler beim Beenden des Dhcpv4-Clientdiensts. Fehlercode 5. Der ShutDown-Kennzeichenwert lautet 0.
Error: (12/23/2014 04:06:41 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 17270) (User: NT-AUTORITÄT)
Description: Fehler bei der DHCPv4-Initialisierung. Fehlercode: 5.
Error: (12/23/2014 04:06:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DHCP-Client" wurde mit folgendem Fehler beendet:
%%5
Microsoft Office Sessions:
=========================
Error: (12/23/2014 04:01:53 PM) (Source: Avira Antivirus) (EventID: 4129) (User: NT-AUTORITÄT)
Description: CELSIUS (127.0.0.1)Während des Herunterladens ist ein Fehler aufgetreten.
Error: (12/23/2014 03:56:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (12/23/2014 03:56:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/23/2014 03:56:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/23/2014 03:52:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Zugriff verweigert
Vorgang:
Generator wird initialisiert
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {e8b11fbe-4a32-4136-8f3f-7675f49a0ca0}
Error: (12/23/2014 03:46:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (12/23/2014 03:46:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/23/2014 03:46:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/23/2014 03:39:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Zugriff verweigert
Vorgang:
Generator wird initialisiert
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {03ad7ce9-47b2-4318-b086-caab98e01e02}
Error: (12/23/2014 03:33:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Zugriff verweigert
Vorgang:
Generator wird initialisiert
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {7d1c83c0-8f7e-43d2-bf43-2ffe636fae6f}
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz
Percentage of memory in use: 15%
Total physical RAM: 12223.61 MB
Available physical RAM: 10355.5 MB
Total Pagefile: 24445.4 MB
Available Pagefile: 22293.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:64.65 GB) (Free:10.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (Daten) (Fixed) (Total:399.1 GB) (Free:337.54 GB) NTFS
Drive j: (USB-STICK) (Removable) (Total:7.34 GB) (Free:7.17 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8E760A6D)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=OF Extended)
========================================================
Disk: 5 (Size: 7.4 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Gmer: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-23 16:51:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.05.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\admin\AppData\Local\Temp\pxldqpoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!free 00000000757e9894 5 bytes JMP 000000010a93c1a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!malloc 00000000757e9cee 5 bytes JMP 000000010a93bed0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!??3@YAXPAX@Z 00000000757eb0b9 5 bytes JMP 000000010a93c1a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!??2@YAPAXI@Z 00000000757eb0c9 5 bytes JMP 000000010a93c140
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!realloc 00000000757eb10d 5 bytes JMP 000000010a93bf50
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!calloc 00000000757ec456 5 bytes JMP 000000010a93bf10
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_msize 00000000757ef43b 5 bytes JMP 000000010a93bf70
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_aligned_free 0000000075805942 5 bytes JMP 000000010a93c1a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_aligned_malloc 000000007581028d 5 bytes JMP 000000010a93c080
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_malloc 00000000758102a9 5 bytes JMP 000000010a93c0a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 000000007583bfd1 5 bytes JMP 000000010a93c1d0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_realloc 000000007583bfe1 5 bytes JMP 000000010a93c0e0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_aligned_realloc 000000007583c16b 5 bytes JMP 000000010a93c0c0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_expand 000000007583c18a 5 bytes JMP 000000010a93c060
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_heapadd 000000007583dd03 5 bytes JMP 000000010a93c220
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_heapchk 000000007583dd17 5 bytes JMP 000000010a93c230
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_heapset + 1 000000007583de16 4 bytes {JMP 0xffffffff950fe43b}
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_heapmin 000000007583de1f 5 bytes JMP 000000010a93c320
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_heapused 000000007583df05 5 bytes JMP 000000010a93c2f0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_heapwalk 000000007583df18 5 bytes JMP 000000010a93c260
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 0000000072d51073 5 bytes JMP 000000010a93c1d0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!free 0000000072d54b6c 5 bytes JMP 000000010a93c1a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!malloc 0000000072d54d09 5 bytes JMP 000000010a93bed0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!calloc 0000000072d54f58 5 bytes JMP 000000010a93bf10
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!realloc 0000000072d54f97 5 bytes JMP 000000010a93bf50
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_msize 0000000072d56c6b 5 bytes JMP 000000010a93bf70
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!??2@YAPAXI@Z 0000000072d80e13 5 bytes JMP 000000010a93c140
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!??3@YAXPAX@Z + 1 0000000072d80e7e 4 bytes {JMP 0xffffffff97bbb323}
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_offset_malloc 0000000072d80e8c 5 bytes JMP 000000010a93c0a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_free 0000000072d80f77 5 bytes JMP 000000010a93c1a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_malloc 0000000072d80f8c 5 bytes JMP 000000010a93c080
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_offset_realloc 0000000072d80f9f 5 bytes JMP 000000010a93c0e0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_realloc 0000000072d81196 5 bytes JMP 000000010a93c0c0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_expand 0000000072d811c8 5 bytes JMP 000000010a93c060
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapadd 0000000072d81364 5 bytes JMP 000000010a93c220
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapchk 0000000072d81373 5 bytes JMP 000000010a93c230
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapset + 1 0000000072d8143b 9 bytes {JMP 0xffffffff97bbae16}
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapused 0000000072d814ee 5 bytes JMP 000000010a93c2f0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapwalk 0000000072d814fc 5 bytes JMP 000000010a93c260
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 0000000073301b31 5 bytes JMP 000000010a93c1d0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!free 0000000073343b4e 5 bytes JMP 000000010a93c1a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!calloc 0000000073343c40 5 bytes JMP 000000010a93bf10
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!malloc 0000000073343d3f 5 bytes JMP 000000010a93bed0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!??2@YAPAXI@Z 0000000073343e99 5 bytes JMP 000000010a93c140
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!??3@YAXPAX@Z 0000000073343f03 5 bytes JMP 000000010a93c1a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_offset_malloc 0000000073343f33 5 bytes JMP 000000010a93c0a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_free 0000000073344040 5 bytes JMP 000000010a93c1a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_malloc 000000007334405f 5 bytes JMP 000000010a93c080
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_offset_realloc 000000007334407b 5 bytes JMP 000000010a93c0e0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_realloc 0000000073344288 5 bytes JMP 000000010a93c0c0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_expand 000000007334434d 5 bytes JMP 000000010a93c060
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapadd 0000000073345e88 5 bytes JMP 000000010a93c220
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapchk 0000000073345e9c 5 bytes JMP 000000010a93c230
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapset + 1 0000000073345f69 4 bytes {JMP 0xffffffff975f62e8}
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapmin 0000000073345f72 5 bytes JMP 000000010a93c320
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapused 0000000073346026 5 bytes JMP 000000010a93c2f0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapwalk 0000000073346039 5 bytes JMP 000000010a93c260
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_msize 000000007334619b 5 bytes JMP 000000010a93bf70
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!realloc 0000000073346415 5 bytes JMP 000000010a93bf50
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
---- EOF - GMER 2.1 ----
|
| Themen zu Windows Firewall startet nicht - Fehlercode 0x8007042c |
| 0x8007042, 0x8007042c, adware, antivir, antivirus, avira, browser, computer, cpu, desktop, email, firewall inaktiv, flash player, helper, homepage, microsoft support, mozilla, netgear, netzwerk eingeschränkt, proxy, prozess, realtek, registry, scan, security, software, starten, svchost.exe, system, windows, windows fehler |
Baum-Darstellung