| |
| |||||||
Log-Analyse und Auswertung: Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichtsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.01.2015, 19:00
| #1 |
| |  Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichts Liebes Trojaner-Board-Team, Spybot hielt sich lange an einer datei auf und dann habe ich mal zugeschaut und alles was mir seltsam rausgeschrieben und zum teil gegoogelt: win32.agent.dll, win32.tdss, win32.rootkit.gen, cnnt.searchbar, virtumonde (dll und sci), win32.gbdialer, fraud.sysguard, mypoints, cydoor, eblaster, win32.eyeon.ie, search. centrix, pornbho.ru, win32.smallbke,.. und das sind nur meine zufallsbeobachtungen!!  zunächst eine verständnisfrage: sind die sachen (zb win32.eyeon), die spybot scannt bereits auf meinem laptop oder überprüft er meinen laptop OB diese sachen drauf sind? - egal wie oft ich spybot drüber laufen lasse, er findet immer die selben 3-4 probleme: SPYBOT S&D Code:
ATTFilter [i] 15-01-27 17:58:17
[i] 15-01-27 17:58:17 Product MS Direct3D
[+] 15-01-27 17:58:17 Moving into quarantine HKEY_USERS\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
[+] 15-01-27 17:58:17 Successfully cleaned HKEY_USERS\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
[i] 15-01-27 17:58:17
[i] 15-01-27 17:58:17 Product MS DirectDraw
[+] 15-01-27 17:58:17 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[+] 15-01-27 17:58:17 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[i] 15-01-27 17:58:17
[i] 15-01-27 17:58:17 Product MS Wordpad
[+] 15-01-27 17:58:17 Moving into quarantine HKEY_USERS\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
[+] 15-01-27 17:58:18 Successfully cleaned HKEY_USERS\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
[i] 15-01-27 17:58:18
[i] 15-01-27 17:58:18 Product Windows
[+] 15-01-27 17:58:18 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+] 15-01-27 17:58:18 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+] 15-01-27 17:58:18 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+] 15-01-27 17:58:18 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[i] 15-01-27 17:58:18
[i] 15-01-27 17:58:18 Product Cookie
[+] 15-01-27 17:58:18 Moving into quarantine Internet Explorer (Benutzer) (ML)Cookies
[+] 15-01-27 17:58:18 Successfully cleaned Internet Explorer (Benutzer) (ML)Cookies
[i] 15-01-27 17:58:18
[i] 15-01-27 17:58:18 Product Cache
[+] 15-01-27 17:58:18 Moving into quarantine Internet Explorer (Benutzer) (ML)Cache
[+] 15-01-27 17:58:19 Successfully cleaned Internet Explorer (Benutzer) (ML)Cache
[i] 15-01-27 17:58:19
[i] 15-01-27 17:58:19 Product Verlauf
[+] 15-01-27 17:58:19 Moving into quarantine Internet Explorer (Benutzer) (ML)History
[+] 15-01-27 17:58:19 Successfully cleaned Internet Explorer (Benutzer) (ML)History
[i] 15-01-27 17:58:19
[i] 15-01-27 17:58:19 Summary
[i] 15-01-27 17:58:19 Errors while cleaning 0
[i] 15-01-27 17:58:19 Files moved into quarantine 8
[i] 15-01-27 17:58:19 Files successfully cleaned 8
Code:
ATTFilter Search results from Spybot - Search & Destroy
27.01.2015 17:47:44
Scan took 01:19:59.
8 items found.
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Cookie: [SBI $49804B54] Browser: Cookie (3) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (95) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (12) (Browser: History, nothing done)
--- Spybot - Search & Destroy version: 2.3.39.131 DLL (build: 20140425) ---
2014-04-25 blindman.exe (2.3.39.151)
2014-04-25 explorer.exe (2.3.39.181)
2014-04-25 SDBootCD.exe (2.3.39.109)
2014-04-25 SDCleaner.exe (2.3.39.110)
2014-04-25 SDDelFile.exe (2.3.39.94)
2013-06-18 SDDisableProxy.exe
2014-04-25 SDFiles.exe (2.3.39.135)
2013-03-20 SDFileScanHelper.exe (2.1.16.1)
2014-04-25 SDFSSvc.exe (2.3.39.217)
2014-04-25 SDHelp.exe (2.3.39.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-04-25 SDImmunize.exe (2.3.39.130)
2014-12-17 SDInformV2i-20141217.exe (1.0.0.0)
2014-04-25 SDLogReport.exe (2.3.39.107)
2014-04-25 SDOnAccess.exe (2.3.39.11)
2014-04-25 SDPESetup.exe (2.3.39.3)
2014-04-25 SDPEStart.exe (2.3.39.86)
2014-04-25 SDPhoneScan.exe (2.3.39.28)
2014-04-25 SDPRE.exe (2.3.39.22)
2014-04-25 SDPrepPos.exe (2.3.39.15)
2014-04-25 SDQuarantine.exe (2.3.39.103)
2014-04-25 SDRootAlyzer.exe (2.3.39.116)
2014-04-25 SDSBIEdit.exe (2.3.39.39)
2014-04-25 SDScan.exe (2.3.39.181)
2014-04-25 SDScript.exe (2.3.39.54)
2014-04-25 SDSettings.exe (2.3.39.139)
2014-04-25 SDShell.exe (2.3.39.2)
2014-04-25 SDShred.exe (2.3.39.108)
2014-04-25 SDSysRepair.exe (2.3.39.102)
2014-04-25 SDTools.exe (2.3.39.157)
2014-04-25 SDTray.exe (2.3.39.129)
2014-04-25 SDUpdate.exe (2.3.39.94)
2014-04-25 SDUpdSvc.exe (2.3.39.77)
2014-04-25 SDWelcome.exe (2.3.39.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-07-28 spybotsd2-translation-es.exe (2.4.40.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2014-05-29 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-04-25 SDAdvancedCheckLibrary.dll (2.3.39.98)
2014-04-25 SDAV.dll
2014-04-25 SDECon32.dll (2.3.39.114)
2014-04-25 SDECon64.dll (2.3.39.113)
2014-04-25 SDEvents.dll (2.3.39.2)
2014-04-25 SDFileScanLibrary.dll (2.3.39.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-04-25 SDImmunizeLibrary.dll (2.3.39.2)
2014-04-25 SDLicense.dll (2.3.39.0)
2014-04-25 SDLists.dll (2.3.39.4)
2014-04-25 SDResources.dll (2.3.39.7)
2014-04-25 SDScanLibrary.dll (2.3.39.131)
2014-04-25 SDTasks.dll (2.3.39.15)
2013-12-19 SDWinLogon.dll (2.3.37.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-04-25 Tools.dll (2.3.39.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2015-01-21 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-11-14 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2014-11-14 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2015-01-06 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2015-01-21 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-11-14 Includes\Spyware-000.sbi (*)
2014-12-10 Includes\Spyware-001.sbi (*)
2015-01-14 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-07-09 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2015-01-21 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
- obwohl ich eingestellt habe, dass die tabs der letzten firefoxsitzung angezeigt werden sollen tauchen sie seit gestern nicht mehr auf. - in der menüleiste im firefox (also rechts neben dem suchfenster) steht seit heute ein graues kästchen mit einem schwaren K ("virtual keyboard") - schwer zu beurteilen ob der laptop besonders beim seitenaufbau langsamer geworden ist, ich teile mir mit meinen nachbarn das wlan und da ist die verbindung meist langsam. hier die gewünschten logfiles: defogger (das ist nicht vollständig, oder?) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:45 on 27/01/2015 (ML)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST64 Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by ML (administrator) on ML-PC on 27-01-2015 17:44:30
Running from C:\Users\ML\Downloads
Loaded Profiles: ML (Available profiles: ML)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894640 2012-03-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7520768 2012-04-26] (Dell Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2004147135-30526615-2880431150-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2004147135-30526615-2880431150-1000\...\MountPoints2: {384f35d5-699e-11e2-b73a-ecc8e1959e2f} - F:\LaunchU3.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll (Kaspersky Lab ZAO)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2004147135-30526615-2880431150-1000] => localhost:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default
FF DefaultSearchEngine: Ecosia
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default\user.js
FF SearchPlugin: C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default\searchplugins\ecosia.xml
FF Extension: {040730a2-de14-41eb-81bc-b624bacdc69b} - C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default\Extensions\{040730a2-de14-41eb-81bc-b624bacdc69b}.xpi [2014-12-07]
FF Extension: Adblock Plus - C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-14]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-02-09]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-26]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-26]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-26]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2013-01-29] (Conexant Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [47504 2014-05-12] (Synaptics Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6292992 2012-04-26] (Dell Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-14] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [138280 2012-03-05] (Broadcom Corporation.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-26] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2015-01-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-26] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-27 17:44 - 2015-01-27 17:46 - 00017408 _____ () C:\Users\ML\Downloads\FRST.txt
2015-01-27 17:44 - 2015-01-27 17:44 - 00000000 ____D () C:\FRST
2015-01-27 15:24 - 2015-01-27 17:30 - 00000000 ____D () C:\Users\ML\Documents\Daten Probat
2015-01-27 14:29 - 2015-01-27 14:29 - 00000064 _____ () C:\Users\ML\Documents\ProBat43.laccdb
2015-01-27 13:02 - 2015-01-27 13:02 - 00000056 _____ () C:\Windows\setupact.log
2015-01-27 13:02 - 2015-01-27 13:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-27 13:01 - 2015-01-27 13:04 - 00492416 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-27 13:01 - 2015-01-27 13:01 - 00001608 _____ () C:\Windows\PFRO.log
2015-01-26 21:14 - 2015-01-26 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-01-26 21:14 - 2015-01-26 21:13 - 00002053 _____ () C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-01-26 21:12 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-01-26 21:11 - 2015-01-27 17:37 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-26 21:11 - 2015-01-26 21:11 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-26 21:11 - 2015-01-26 21:11 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-26 21:10 - 2014-08-12 18:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-01-26 21:09 - 2015-01-26 21:10 - 02129920 _____ (Farbar) C:\Users\ML\Downloads\FRST64.exe
2015-01-26 20:49 - 2015-01-26 20:49 - 00000000 __SHD () C:\Users\ML\AppData\Local\EmieBrowserModeList
2015-01-26 20:37 - 2015-01-26 20:53 - 202843712 _____ (Kaspersky Lab) C:\Users\ML\Downloads\kts15.0.1.415en.exe
2015-01-26 20:09 - 2015-01-26 20:09 - 00145064 _____ () C:\Users\ML\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-26 20:03 - 2015-01-27 17:45 - 00000466 _____ () C:\Users\ML\Downloads\defogger_disable.log
2015-01-26 20:03 - 2015-01-26 20:03 - 00050477 _____ () C:\Users\ML\Downloads\Defogger.exe
2015-01-26 20:03 - 2015-01-26 20:03 - 00000000 _____ () C:\Users\ML\defogger_reenable
2015-01-26 17:43 - 2015-01-26 17:43 - 00000000 ____D () C:\Users\ML\AppData\Roaming\Safer Networking
2015-01-26 17:29 - 2015-01-26 17:30 - 37987520 _____ (Microsoft Corporation) C:\Users\ML\Downloads\Windows-KB890830-x64-V5.20.exe
2015-01-26 16:36 - 2015-01-26 16:37 - 00000796 _____ () C:\Users\ML\Documents\cc_cleaner änderung registry.reg
2015-01-26 14:23 - 2015-01-26 14:24 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-26 14:23 - 2015-01-26 14:23 - 00002766 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-26 14:23 - 2015-01-26 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-26 14:15 - 2015-01-26 14:19 - 05325808 _____ (Piriform Ltd) C:\Users\ML\Downloads\ccsetup502pro.exe
2015-01-26 14:04 - 2015-01-26 16:38 - 00000000 ____D () C:\AdwCleaner
2015-01-26 14:03 - 2015-01-26 14:03 - 02186752 _____ () C:\Users\ML\Downloads\adwcleaner_4.108.exe
2015-01-26 00:01 - 2015-01-27 15:45 - 225009664 _____ () C:\Users\ML\Documents\ProBat43.accdb
2015-01-25 23:48 - 2015-01-25 23:50 - 07406326 _____ () C:\Users\ML\Documents\ProBat43-Beispieldatensatz.zip
2015-01-25 23:48 - 2015-01-25 23:49 - 03355646 _____ () C:\Users\ML\Documents\ProBat43_und_Begleitdokumente.zip
2015-01-25 00:47 - 2015-01-25 00:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Brighton
2015-01-25 00:38 - 2015-01-25 00:47 - 00000000 ____D () C:\Program Files\QGIS Brighton
2015-01-21 18:06 - 2015-01-21 18:06 - 00010495 _____ () C:\Users\ML\Downloads\MaLa_elster_21.01.2015.pfx
2015-01-20 22:47 - 2014-07-30 21:23 - 00450709 _____ () C:\Windows\system32\Drivers\etc\hosts.20150120-224724.backup
2015-01-20 16:47 - 2015-01-27 13:48 - 00000000 ____D () C:\Users\ML\Documents\BatExplorer
2015-01-20 16:41 - 2015-01-20 16:48 - 00000000 ____D () C:\Users\ML\AppData\Local\GMap.NET
2015-01-20 16:41 - 2015-01-20 16:41 - 00000000 ____D () C:\Users\ML\AppData\Local\Elekon_AG
2015-01-20 16:40 - 2015-01-20 16:49 - 00001006 _____ () C:\Users\Public\Desktop\BatExplorer.lnk
2015-01-20 16:40 - 2015-01-20 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BatExplorer
2015-01-20 16:40 - 2015-01-20 16:40 - 00000000 ____D () C:\Users\Public\Documents\BatExplorer
2015-01-20 16:40 - 2015-01-20 16:40 - 00000000 ____D () C:\Program Files\Elekon AG
2015-01-18 12:13 - 2015-01-24 18:22 - 00000000 ____D () C:\ArGis Daten
2015-01-17 21:39 - 2015-01-17 21:39 - 00007597 _____ () C:\Users\ML\AppData\Local\Resmon.ResmonCfg
2015-01-17 12:30 - 2015-01-17 12:30 - 00006324 _____ () C:\Users\ML\UStVA2014_09_September_.elfo
2015-01-17 12:29 - 2015-01-17 12:29 - 00006324 _____ () C:\Users\ML\UStVA2014_08_August_.elfo
2015-01-17 12:27 - 2015-01-17 12:27 - 00006324 _____ () C:\Users\ML\UStVA2014_07_Juli_.elfo
2015-01-17 12:24 - 2015-01-25 15:52 - 00024612 _____ () C:\Users\ML\UStVA2014_06_Juni_.elfo
2015-01-15 16:15 - 2015-01-21 18:11 - 00022260 _____ () C:\Users\ML\UStVA2014_05_Mai_.elfo
2015-01-14 17:07 - 2015-01-14 17:07 - 00006068 _____ () C:\Users\ML\UStVA2014_12_Dezember_.elfo
2015-01-14 16:56 - 2015-01-14 16:56 - 00006180 _____ () C:\Users\ML\UStVA2014_11_November_r.elfo
2015-01-14 13:59 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 13:59 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 13:59 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 13:59 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 13:59 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 13:59 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 13:59 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 13:59 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 13:59 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 13:59 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 13:59 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 13:59 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 13:59 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 20:37 - 2015-01-14 14:33 - 00000000 ____D () C:\Users\ML\AppData\Local\.elfohilfe
2015-01-13 20:36 - 2015-01-13 20:36 - 00000000 ____D () C:\Users\ML\AppData\Roaming\elsterformular
2015-01-13 20:34 - 2015-01-13 20:34 - 00001464 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2015-01-13 20:34 - 2015-01-13 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-01-13 20:34 - 2015-01-13 20:34 - 00000000 ____D () C:\ProgramData\elsterformular
2015-01-13 20:33 - 2015-01-13 20:34 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-13 20:31 - 2015-01-13 20:31 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2015-01-13 19:17 - 2015-01-13 20:00 - 215975048 _____ (Landesfinanzdirektion Thüringen) C:\Users\ML\Downloads\ElsterFormular-16.0.20150113k.exe
2015-01-01 22:00 - 2014-07-30 21:23 - 00450709 _____ () C:\Windows\system32\Drivers\etc\hosts.20150101-220031.backup
2015-01-01 21:59 - 2014-07-30 21:23 - 00450709 _____ () C:\Windows\system32\Drivers\etc\hosts.20150101-215937.backup
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-27 17:36 - 2014-07-05 20:19 - 00000000 ____D () C:\Users\ML\AppData\Roaming\vlc
2015-01-27 17:35 - 2013-06-17 18:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-27 14:22 - 2013-01-28 23:44 - 00000000 ____D () C:\Users\ML
2015-01-27 13:12 - 2009-07-14 05:45 - 00026304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 13:12 - 2009-07-14 05:45 - 00026304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 13:05 - 2014-07-30 21:39 - 00000000 ____D () C:\ProgramData\Validity
2015-01-27 13:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 12:57 - 2013-01-28 22:00 - 01695736 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 22:47 - 2013-01-29 00:14 - 00000000 ____D () C:\Users\ML\AppData\Local\Microsoft Help
2015-01-26 21:35 - 2014-08-20 18:04 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-26 21:35 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-01-26 21:34 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-26 19:27 - 2009-07-14 18:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-01-26 19:27 - 2009-07-14 18:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-01-26 19:27 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-26 16:44 - 2013-08-14 16:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-26 16:28 - 2013-01-28 21:50 - 00000000 ____D () C:\Windows\Panther
2015-01-25 00:35 - 2013-06-17 18:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 00:35 - 2013-02-02 21:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 00:35 - 2013-02-02 21:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-20 22:20 - 2013-02-16 13:07 - 00000000 ____D () C:\Users\ML\AppData\Local\ESRI
2015-01-20 10:20 - 2014-01-02 15:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-15 14:24 - 2013-01-28 23:44 - 00001377 _____ () C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-12 13:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-08 09:55 - 2013-12-18 16:39 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 23:22 - 2013-06-15 22:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-31 13:12 - 2013-02-23 16:24 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-30 20:32 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-28 20:56 - 2014-05-29 11:12 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
==================== Files in the root of some directories =======
2015-01-17 21:39 - 2015-01-17 21:39 - 0007597 _____ () C:\Users\ML\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\ML\AppData\Local\Temp\avgnt.exe
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\nsprs.dll
C:\Windows\SysWOW64\serauth1.dll
C:\Windows\SysWOW64\serauth2.dll
C:\Windows\SysWOW64\ssprs.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 14:12
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by ML at 2015-01-27 17:46:56
Running from C:\Users\ML\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Kaspersky Total Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Total Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Total Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.01) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Any DWG DXF Converter 2010 (HKLM-x32\...\Any DWG DXF Converter_is1) (Version: - AnyDWG Software, Inc.)
BatExplorer Version 1.10.4.0 (HKLM\...\{F9D54139-4C52-4E35-A95B-621D129BB44F}_is1) (Version: 1.10.4.0 - Elekon AG)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
Conexant HD Audio (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 1.0.30.0 - Conexant)
Dell Touchpad (HKLM\...\Elantech) (Version: 10.3.2.2 - ELAN Microelectronic Corp.)
Der große Kosmos Vogelatlas 5.0 (HKLM-x32\...\InstallShield_{E199B811-85B4-4A59-81E2-39DBF0A8DBE9}) (Version: 1.00.0000 - Kosmos)
Der große Kosmos Vogelatlas 5.0 (x32 Version: 1.00.0000 - Kosmos) Hidden
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper II) (Version: - )
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.20.55.52 - Dell Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.20150113 - Landesfinanzdirektion Thüringen)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Kosmos Wald- und Forstlexikon (HKLM-x32\...\InstallShield_{A3B635AA-4BBD-4F25-8DCE-6C74F9A9AD19}) (Version: 1.00.0000 - Kosmos)
Kosmos Wald- und Forstlexikon (x32 Version: 1.00.0000 - Kosmos) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
QGIS Brighton 2.6.1 Brighton (HKLM\...\QGIS Brighton) (Version: - QGIS Development Team)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.14.010 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.39019 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SPSS 14.0 for Windows Evaluation Version (HKLM-x32\...\{2763FD5A-57E9-442B-AFDF-6DCCC23883B0}) (Version: 14.0.0 - SPSS Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2500 - Broadcom Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
26-01-2015 01:08:48 Windows Update
26-01-2015 16:31:04 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-07-30 21:23 - 00450709 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {47A47B17-293D-4285-BC90-60DEFDD499FE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {507D391C-7D9D-45EC-AF7E-29EE845D4C9C} - System32\Tasks\{553ED9C7-C4D5-42B7-AD58-8EEB15AFF844} => pcalua.exe -a D:\Maike\treiber\iMEI_Intel_W7_A00_Setup-TDR8M_ZPE.exe -d D:\Maike\treiber
Task: {577805AA-8297-43B9-AB2E-83A8BAC63B89} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {5E1C94DA-CE5C-4267-A71F-D3F183C7CA78} - System32\Tasks\{2F61C482-6E1F-4420-B3BB-65743205E0D8} => pcalua.exe -a D:\Maike\treiber\Chipset_Intel_W7_A00_Setup-2D89J_ZPE.exe -d D:\Maike\treiber
Task: {65C666EC-3656-4D27-8419-1746CE8D9BD0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8FA72952-CB0F-4AF5-AE90-7680EF490EB0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {B2CF60AD-C035-4A73-B986-50861EF70787} - System32\Tasks\{F21D3013-C183-4D4C-9AE5-8E743C23C881} => pcalua.exe -a D:\Maike\treiber\DW1703_W7_A01_Setup-5W54C_ZPE.exe -d D:\Maike\treiber
Task: {D37DBC98-EDD5-497C-9B9F-9E2121390C77} - System32\Tasks\{EB6D32C3-1DA8-497E-9A81-9EB735D89A7D} => pcalua.exe -a D:\Maike\Forstlexikon\Setup\AIMSetup.exe -d D:\Maike\Forstlexikon\Setup
Task: {DEB681C3-1A8C-492C-8524-CE06D25BE34A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {E9A90CB6-2A8C-4F5A-B49C-2E92CED6FADE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-06-02 09:51 - 2013-04-15 10:50 - 00198144 _____ () C:\Windows\System32\HP1006LM.DLL
2014-06-02 09:51 - 2013-04-15 10:50 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-29 12:12 - 2012-04-05 14:55 - 00164992 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll
2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-06 14:18 - 2015-01-06 14:18 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\kpcengine.2.3.dll
2014-05-29 11:12 - 2014-04-25 13:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-29 11:12 - 2014-04-25 13:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-29 11:12 - 2014-04-25 13:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-29 11:12 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-05-29 11:12 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-01-29 12:16 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-01-02 15:59 - 2015-01-20 10:20 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-08-30 17:12 - 2015-01-26 21:34 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-08-30 17:12 - 2015-01-26 21:34 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-08-30 17:12 - 2015-01-26 21:34 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2014-05-29 11:12 - 2014-04-25 13:11 - 02972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll
2013-02-09 22:50 - 2013-02-09 22:50 - 03719680 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\Citavi Picker\CitaviPicker.api
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^ML^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-2004147135-30526615-2880431150-500 - Administrator - Disabled)
Gast (S-1-5-21-2004147135-30526615-2880431150-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2004147135-30526615-2880431150-1002 - Limited - Enabled)
ML (S-1-5-21-2004147135-30526615-2880431150-1000 - Administrator - Enabled) => C:\Users\ML
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Broadcom Virtual Wireless Adapter
Description: Broadcom Virtual Wireless Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BcmVWL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/27/2015 01:02:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (01/27/2015 01:02:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (01/27/2015 01:02:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (01/27/2015 03:22:57 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <4, 0xc0041800, Fehler beim Hinzufügen des Projekts: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
Error: (01/27/2015 03:22:57 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/27/2015 03:22:57 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/27/2015 03:22:57 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
Error: (01/27/2015 03:22:57 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (5332) Windows: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.
Error: (01/27/2015 03:22:57 AM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (5332) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (01/27/2015 02:05:45 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <4, 0xc0041800, Fehler beim Hinzufügen des Projekts: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
System errors:
=============
Error: (01/27/2015 01:03:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/27/2015 01:03:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (01/27/2015 03:22:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 28 Mal passiert.
Error: (01/27/2015 03:22:57 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473536.
Error: (01/27/2015 02:05:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 27 Mal passiert.
Error: (01/27/2015 02:05:47 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473536.
Error: (01/27/2015 01:40:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 26 Mal passiert.
Error: (01/27/2015 01:40:35 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473536.
Error: (01/27/2015 01:37:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 25 Mal passiert.
Error: (01/27/2015 01:37:54 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473536.
Microsoft Office Sessions:
=========================
Error: (01/27/2015 01:02:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name43900
Error: (01/27/2015 01:02:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name25900
Error: (01/27/2015 01:02:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name17900
Error: (01/27/2015 03:22:57 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 40xc0041800Fehler beim Hinzufügen des Projekts: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
Error: (01/27/2015 03:22:57 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (01/27/2015 03:22:57 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
4700
Error: (01/27/2015 03:22:57 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
Error: (01/27/2015 03:22:57 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows5332Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log-1811 (0xfffff8ed)
Error: (01/27/2015 03:22:57 AM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows5332Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (01/27/2015 02:05:45 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 40xc0041800Fehler beim Hinzufügen des Projekts: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
CodeIntegrity Errors:
===================================
Date: 2014-04-28 19:51:09.812
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-06 14:43:37.106
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-06 12:59:40.029
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-06 12:52:35.689
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-06 12:19:46.780
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-05 23:39:00.972
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-05 18:20:45.804
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-05 17:12:20.259
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-27 21:01:31.941
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-16 13:03:27.295
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 76%
Total physical RAM: 3969.36 MB
Available physical RAM: 941.52 MB
Total Pagefile: 7936.9 MB
Available Pagefile: 3920.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:99.51 GB) (Free:30.14 GB) NTFS
Drive d: () (Fixed) (Total:198.18 GB) (Free:27.09 GB) NTFS
Drive g: (Toshiba silber) (Fixed) (Total:465.76 GB) (Free:412.39 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F3928170)
Partition 1: (Not Active) - (Size=298 MB) - (Type=DE)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=99.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=198.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 3D290DB3)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-27 18:23:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\ML\AppData\Local\Temp\pxldypoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff80002ff3000 19 bytes [A7, F4, 00, 00, 00, 00, 4C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 469 fffff80002ff3015 26 bytes [87, EC, 00, 00, 00, 4C, 89, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000734313cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007343146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000734316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000734319db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000734319fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073431a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000734313cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007343146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000734316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000734319db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000734319fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073431a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000734313cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007343146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000734316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000734319db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000734319fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073431a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5912] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000734313cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5912] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007343146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5912] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000734316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5912] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000734319db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5912] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000734319fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5912] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073431a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077571398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007757143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077571594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007757191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077571bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077571d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077571edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077571fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000775727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000775727d2 8 bytes {JMP 0x10}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007757282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077572898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077572d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077572d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007757323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000775733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077573a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077573ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077573b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077574190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077574241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000775742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000775743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077574434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000775745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000775746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077574a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077574b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077574c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077574d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077574ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077574ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000775750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000775752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000775753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000775755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000775764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007757668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007757687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000775768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000775768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007757692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077577166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077577dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077577e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000775c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000775c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000775c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000734313cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007343146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000734316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000734319db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000734319fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073431a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [956:5312] 000007fef2de2154
Thread C:\Windows\system32\svchost.exe [1156:1736] 000007fef7d0bd70
Thread C:\Windows\system32\svchost.exe [1156:2172] 000007fef5c85170
Thread C:\Windows\system32\svchost.exe [1156:2340] 000007fef7e95124
Thread C:\Windows\system32\WLANExt.exe [1256:1380] 000007fef9dc2f9c
Thread C:\Windows\System32\spoolsv.exe [1420:1996] 000007fef77710c8
Thread C:\Windows\System32\spoolsv.exe [1420:1560] 000007fef6b86144
Thread C:\Windows\System32\spoolsv.exe [1420:2052] 000007fef6b35fd0
Thread C:\Windows\System32\spoolsv.exe [1420:2056] 000007fef7603438
Thread C:\Windows\System32\spoolsv.exe [1420:2060] 000007fef6b363ec
Thread C:\Windows\System32\spoolsv.exe [1420:2068] 000007fef7ca5e5c
Thread C:\Windows\System32\WUDFHost.exe [5008:5240] 0000000074e73810
Thread C:\Windows\System32\WUDFHost.exe [5008:5252] 0000000074e73810
Thread C:\Windows\System32\WUDFHost.exe [5008:5256] 0000000074e73810
Thread C:\Windows\System32\WUDFHost.exe [5008:5308] 0000000074e73810
Thread C:\Windows\System32\WUDFHost.exe [5008:5336] 0000000074e73810
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9924326
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9924326 (not active ControlSet)
---- EOF - GMER 2.1 ----
ich habe fast schon das gefühl je mehr programme ich mir zur hilfe runterladen desto mehr mist bekomme ich. ich lese bei jedem download eigentlich alles durch, entferne häkchen um keine sonstigen programme dazuinstalliert zu bekommen - aber irgendwie .. ich bedanke mich jetzt schonmal 1287356423186475231961247517mal für eure hilfe. falls ich das system neu aufsetzen muss.. - bringt es mir bitte schonend bei  danke und liebe grüße |
| Themen zu Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichts |
| antivir, avira, browser, ccsetup, converter, cpu, defender, desktop, fehler, flash player, helper.exe, homepage, installation, kaspersky, kaspersky total security, mozilla, prozess, refresh, registry, registry key, rundll, scan, services.exe, software, svchost.exe, system, usb, virtumonde, windows, wlan |
Baum-Darstellung