Win 7_zeigt Win32/Small.CA Virus Meldung
Hallo!
Erst einmal Danke, dass Du/Ihr so ein Forum bereitstellt!
Mein Problem:
Ich hatte myphoneexplorer nicht von der offiziellen page geladen, sondern von der ersten, die googel anzeigte. (dachte das wäre die offizielle...)
Danach gabs Add-Ware Probleme. Ich versuchte dies mit AdwCleaner zu richten. Scheinbar liegt noch mehr im argen.
Windows zeigt nun Win32/Small.CA Virus an, der jedoch von Sophos nicht erkannt wird.
Ich würde dich/euch bitten, mal einen Blick auf die Logfiles zu werfen und mir zu helfen!
Vielen Dank schon einmal im Voraus für eure Zeit und Mühe!
Logfiles nach Anleitung:
defogger_disable: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:42 on 10/11/2013 (anon)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2013
Ran by anon at 2013-11-10 16:48:10
Running from C:\Users\anon\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Sophos Anti-Virus (Enabled - Up to date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Up to date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8)
A310 DeviceStage 1.0.0.1 (x32 Version: 1.0.0.1)
Acer Bio Protection (x32 Version: 6.2.56)
Adobe AIR (x32 Version: 3.9.0.1030)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Media Player (x32 Version: 1.8)
Adobe Photoshop CS5 (x32 Version: 12.0)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
ArtRage 2 Starter Edition (x32 Version: 2.6.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 0.0.0.9999)
AVerMedia A310 (MiniCard, DVB-T) 1.1.64.30 (x32 Version: 1.1.64.30)
Bamboo Dock (x32 Version: 3.9)
Bamboo Dock (x32 Version: 4.1.0)
Bamboo Tablets Tutorial (x32 Version: 3.0.20)
BufferChm (x32 Version: 140.0.212.000)
CMake 2.8, a cross-platform, open-source build system (x32 Version: 2.8.10.2)
CodeBlocks (HKCU Version: 10.05)
Copy (x32 Version: 140.0.212.000)
CrypTool 1.4.31 (x32 Version: 1.4.31)
CrypTool 2.0 (Nightly Build 5315.1) (Version: 2.0.5315.1)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 140.0.212.000)
DJ_AIO_06_F4500_SW_MIN (x32 Version: 140.0.690.000)
Dropbox (HKCU Version: 2.0.22)
F4500 (x32 Version: 140.0.690.000)
Fingerprint Solution (x32 Version: 6.1.56.0)
Free Studio version 2013 (x32 Version: 6.0.0.128)
GeoGebra 4.2 (x32 Version: 4.2.60.0)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
GPBaseService2 (x32 Version: 140.0.211.000)
GPL Ghostscript (Version: 9.07)
GPL Ghostscript (x32 Version: 9.05)
GSview 5.0 (Version: 5.0)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.002.002.002)
HPPhotoGadget (x32 Version: 140.0.524.000)
HPProductAssistant (x32 Version: 140.0.212.000)
HPSSupply (x32 Version: 140.0.211.000)
ITECIR (x32 Version: 1.00.0000)
JabRef 2.9.2 (x32 Version: 2.9.2)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
JMicron JMB38X Flash Media Controller (x32 Version: 1.00.12.07)
MarketResearch (x32 Version: 140.0.212.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010 Express - DEU (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (Version: 10.0.30319)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MiKTeX 2.9 (Version: 2.9)
Mozilla Firefox 25.0 (x86 en-US) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyPhoneExplorer (x32 Version: 1.8.5)
Network64 (Version: 140.0.215.000)
Network64 (Version: 140.0.221.000)
Notepad++ (x32 Version: 6.3)
NVIDIA Drivers (Version: 1.5)
Open Source Computer Vision Library (x32 Version: 2.2.0)
Path Editor (x32 Version: 1.0.0)
PDF Settings CS5 (x32 Version: 10.0)
PDF24 Creator 5.7.0 (x32)
Python 2.7 numpy-1.7.1 (x32)
Python 2.7 scipy-0.12.0 (x32)
Python 2.7.3 (x32 Version: 2.7.3150)
Qt 5.0.2 (HKCU Version: 5.0.2)
R for Windows 2.15.2 (Version: 2.15.2)
Rainmeter (x32 Version: 2.4 r1678)
RemoteComms External Disk Access (x32 Version: 1.25.0003)
RocketDock 1.3.5 (x32)
Samsung SSD Magician (x32 Version: 3.2)
Scan (x32 Version: 140.0.80.000)
Shop for HP Supplies (Version: 14.0)
SiSoftware Sandra Lite 2013.SP1 (Version: 19.23.2013.1)
Skype™ 6.3 (x32 Version: 6.3.105)
SmartWebPrinting (x32 Version: 140.0.186.000)
SolutionCenter (x32 Version: 140.0.213.000)
Sophos Anti-Virus (x32 Version: 10.3.1)
Sophos AutoUpdate (x32 Version: 2.9.0.344)
Status (x32 Version: 140.0.212.000)
Synaptics Pointing Device Driver (Version: 14.0.0.3)
Texmaker (x32)
Toolbox (x32 Version: 140.0.428.000)
TrayApp (x32 Version: 140.0.212.000)
TUGZip 3.5 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
VLC media player 2.0.5 (Version: 2.0.5)
Wacom (Version: 5.3.2-1)
WebReg (x32 Version: 140.0.212.017)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.2)
WebTablet FB Plugin 64 bit (Version: 2.1.0.2)
WebTablet IE Plugin (x32 Version: 1.1.0.12)
WebTablet Netscape Plugin (x32 Version: 1.1.0.10)
WIDCOMM Bluetooth Software (Version: 6.2.0.9700)
==================== Restore Points =========================
21-10-2013 09:39:41 Windows Update
24-10-2013 16:29:41 Installed Java 7 Update 45
25-10-2013 14:46:34 Windows Update
30-10-2013 10:58:08 Windows Update
05-11-2013 10:43:51 Windows Update
08-11-2013 14:01:27 Windows Update
10-11-2013 14:26:04 Installed Network64
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05192D29-CB30-4F7C-8189-D44CE3979EDB} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {43A11472-67F6-414E-99AD-CE8131D78AE8} - \BonanzaDealsLiveUpdateTaskMachineCore No Task File
Task: {527B226F-88FC-4B8D-A49B-505FC848222C} - \BonanzaDealsLiveUpdateTaskMachineUA No Task File
Task: {60385086-0C7C-41A6-A47C-A0B80C0E1F03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-05] (Google Inc.)
Task: {610BEF1D-D70A-4C6C-8CFC-30C1DAA1C9F4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9C388E64-A212-4E90-8AE5-6E1296D58BCB} - System32\Tasks\AdobeAAMUpdater-1.0-anon-PC-anon => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {C2F6DAB9-0DD3-4676-966C-E9C8161FC98F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-05] (Google Inc.)
Task: {C7DD4ABE-A8B2-4542-A724-70F95A900B73} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {D892B97F-BEC4-4C11-AA20-BF3F6AC46AD0} - \BonanzaDealsUpdate No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-06-01 15:54 - 2012-12-11 12:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-11-04 15:25 - 2012-11-04 15:25 - 00736968 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2012-11-04 15:23 - 2012-11-04 15:23 - 00020480 _____ () C:\Program Files\Rainmeter\Plugins\WifiStatus.dll
2012-11-04 15:23 - 2012-11-04 15:23 - 00013824 _____ () C:\Program Files\Rainmeter\Plugins\SysInfo.dll
2012-11-04 15:23 - 2012-11-04 15:23 - 00056832 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.dll
2012-11-04 15:23 - 2012-11-04 15:23 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.dll
2012-11-04 15:23 - 2012-11-04 15:23 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\RecycleManager.dll
2012-11-04 15:22 - 2012-11-04 15:22 - 00026624 _____ () C:\Program Files\Rainmeter\Plugins\InputText.dll
2012-11-04 15:23 - 2012-11-04 15:23 - 00010240 _____ () C:\Program Files\Rainmeter\Plugins\WindowMessagePlugin.dll
2012-11-04 15:23 - 2012-11-04 15:23 - 00025088 _____ () C:\Program Files\Rainmeter\Plugins\QuotePlugin.dll
2013-05-03 21:43 - 2007-09-02 12:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\anon\AppData\Roaming\Dropbox\bin\libcef.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-12-21 01:15 - 2010-12-21 01:15 - 01041248 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2013-10-12 00:06 - 2013-11-06 03:30 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== Faulty Device Manager Devices =============
Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/10/2013 03:30:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/10/2013 02:59:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/10/2013 00:32:22 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (11/09/2013 07:35:21 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (11/09/2013 01:15:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/08/2013 04:06:42 PM) (Source: Outlook) (User: )
Description: Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x80070422.
Error: (11/07/2013 03:26:24 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (11/07/2013 03:26:22 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (11/07/2013 03:25:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 00:48:37 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (11/10/2013 03:29:49 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (11/10/2013 03:28:26 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (11/10/2013 02:58:55 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (11/10/2013 02:57:31 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (11/09/2013 01:15:20 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (11/09/2013 01:13:44 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (11/07/2013 04:55:24 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IPBusEnum erreicht.
Error: (11/07/2013 03:25:14 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (11/07/2013 03:23:59 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 07.11.2013 um 03:22:56 unerwartet heruntergefahren.
Error: (11/07/2013 03:23:52 AM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Microsoft Office Sessions:
=========================
Error: (11/10/2013 03:30:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/10/2013 02:59:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/10/2013 00:32:22 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-2.15.2\Tcl\bin64\tk85.dllc:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll9
Error: (11/09/2013 07:35:21 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-2.15.2\Tcl\bin64\tk85.dllc:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll9
Error: (11/09/2013 01:15:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/08/2013 04:06:42 PM) (Source: Outlook)(User: )
Description: 0x80070422
Error: (11/07/2013 03:26:24 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\$Recycle.Bin\S-1-5-21-2314438766-1460144464-3739315737-1001\$R6LS5QT.exe
Error: (11/07/2013 03:26:22 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\$Recycle.Bin\S-1-5-21-2314438766-1460144464-3739315737-1001\$RLDKJPT.exe
Error: (11/07/2013 03:25:50 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2013 00:48:37 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-2.15.2\Tcl\bin64\tk85.dllc:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll9
CodeIntegrity Errors:
===================================
Date: 2013-10-10 17:25:19.664
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-10 17:25:19.664
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-10 17:25:19.664
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-10 17:25:19.649
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 29%
Total physical RAM: 6140.96 MB
Available physical RAM: 4339.79 MB
Total Pagefile: 6139.14 MB
Available Pagefile: 4412.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:27.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 5714949D)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2013
Ran by anon (administrator) on ANON-PC on 10-11-2013 16:46:40
Running from C:\Users\anon\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\anon\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
() C:\Program Files\Rainmeter\Rainmeter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-14] (Synaptics Incorporated)
HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe [929272 2013-02-13] (Sophos Limited)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [217672 2013-10-21] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [275352 2013-10-21] (Sophos Limited)
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
Startup: C:\Users\anon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\anon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\anon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
Startup: C:\Users\anon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll No File
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\anon\AppData\Roaming\Mozilla\Firefox\Profiles\9lcr9gg8.default
FF user.js: detected! => C:\Users\anon\AppData\Roaming\Mozilla\Firefox\Profiles\9lcr9gg8.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\anon\AppData\Roaming\Mozilla\Firefox\Profiles\9lcr9gg8.default\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DoNotTrackMe - C:\Users\anon\AppData\Roaming\Mozilla\Firefox\Profiles\9lcr9gg8.default\Extensions\donottrackplus@abine.com
FF Extension: DownloadHelper - C:\Users\anon\AppData\Roaming\Mozilla\Firefox\Profiles\9lcr9gg8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: client - C:\Users\anon\AppData\Roaming\Mozilla\Firefox\Profiles\9lcr9gg8.default\Extensions\client@anonymox.net.xpi
FF Extension: privateTab - C:\Users\anon\AppData\Roaming\Mozilla\Firefox\Profiles\9lcr9gg8.default\Extensions\privateTab@infocatcher.xpi
FF Extension: noscript - C:\Users\anon\AppData\Roaming\Mozilla\Firefox\Profiles\9lcr9gg8.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\anon\AppData\Roaming\Mozilla\Firefox\Profiles\9lcr9gg8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: bprivacyprefs - C:\Users\anon\AppData\Roaming\Mozilla\Firefox\Profiles\9lcr9gg8.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: dta - C:\Users\anon\AppData\Roaming\Mozilla\Firefox\Profiles\9lcr9gg8.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
R2 HPSLPSVC; C:\Users\anon\AppData\Local\Temp\7zS6191\hpslpsvc64.dll [1039360 2012-11-14] (Hewlett-Packard Co.)
R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3452928 2009-09-05] (Egis Technology Inc.)
S4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe [68760 2008-12-27] (SiSoftware)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2013-10-21] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [206328 2013-10-21] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-13] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-01-06] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2013-10-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012152 2013-10-21] (Sophos Limited)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S3 OXSDIDRV_x64; C:\Windows\System32\DRIVERS\OXSDIDRV_x64.sys [51760 2009-09-28] ()
S3 OXUDIDRV; C:\Windows\system32\Drivers\OXUDIDRV_X64.sys [31280 2010-05-25] ()
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-01-06] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-01-06] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-01-05] (Sophos Plc)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-10 16:46 - 2013-11-10 16:46 - 00000000 ____D C:\FRST
2013-11-10 16:42 - 2013-11-10 16:42 - 00000470 _____ C:\Users\anon\Desktop\defogger_disable.log
2013-11-10 16:42 - 2013-11-10 16:42 - 00000000 _____ C:\Users\anon\defogger_reenable
2013-11-10 16:34 - 2013-11-10 16:41 - 243681088 _____ C:\Users\anon\Downloads\kav14.0.0.4651abDE_5154.exe
2013-11-10 15:43 - 2013-11-10 15:43 - 06952512 _____ (TeamViewer GmbH) C:\Users\anon\Downloads\TeamViewer_Setup.exe
2013-11-09 14:24 - 2013-11-09 14:24 - 00004055 _____ C:\Users\anon\Desktop\.RData
2013-11-09 13:59 - 2013-11-09 17:15 - 00001496 _____ C:\Users\anon\Desktop\test.R
2013-11-07 01:55 - 2013-11-07 01:55 - 00002061 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-11-07 01:54 - 2013-11-07 01:55 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2013-11-07 01:48 - 2013-11-07 02:56 - 00000000 ____D C:\Users\anon\AppData\Roaming\MyPhoneExplorer
2013-11-07 01:47 - 2013-11-07 01:52 - 00000000 ____D C:\Users\anon\AppData\Local\Mobogenie
2013-11-07 01:47 - 2013-11-07 01:47 - 00000000 ____D C:\Users\anon\AppData\Local\cache
2013-11-07 01:47 - 2013-11-07 01:47 - 00000000 ____D C:\Users\anon\.android
2013-11-07 01:47 - 2013-11-07 01:47 - 00000000 _____ C:\Users\anon\daemonprocess.txt
2013-11-07 01:45 - 2013-11-07 01:51 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer
2013-11-07 01:45 - 2013-11-07 01:46 - 00000000 _____ C:\END
2013-11-05 11:33 - 2013-11-07 01:50 - 00000000 ____D C:\AdwCleaner
2013-11-02 18:05 - 2013-11-10 16:45 - 01957156 _____ (Farbar) C:\Users\anon\Desktop\FRST64.exe
2013-11-02 18:03 - 2013-11-10 16:42 - 00000000 ____D C:\Users\anon\Desktop\AnoN
2013-11-02 17:39 - 2013-11-02 17:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-27 17:28 - 2013-10-27 17:28 - 00000000 ____D C:\Users\anon\AppData\Roaming\com.adobe.amp
2013-10-26 23:05 - 2013-10-26 23:05 - 00000000 ____D C:\Users\anon\AppData\Local\PDF24
2013-10-26 23:03 - 2013-10-26 23:04 - 00000000 ____D C:\Program Files (x86)\PDF24
2013-10-26 10:36 - 2013-11-10 03:15 - 00000000 ____D C:\Users\anon\Desktop\kg
2013-10-25 16:22 - 2013-10-25 16:22 - 00000000 ____D C:\Users\anon\AppData\Roaming\WTablet
2013-10-25 16:18 - 2013-10-25 16:18 - 00000000 ____D C:\Users\anon\AppData\Roaming\wacomid-desktop-launcher
2013-10-24 20:12 - 2013-11-02 18:05 - 00000000 ___RD C:\Users\anon\Desktop\ks rp
2013-10-24 17:34 - 2013-10-24 17:34 - 00000000 ____D C:\ProgramData\Oracle
2013-10-24 17:30 - 2013-10-24 17:30 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-24 17:30 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-24 17:30 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-24 17:30 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-24 17:30 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-22 17:24 - 2013-10-22 18:41 - 00000000 ____D C:\Users\anon\Desktop\dida m
2013-10-21 19:37 - 2013-10-21 19:36 - 00037880 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2013-10-12 02:54 - 2013-10-12 02:54 - 00050477 _____ C:\Users\anon\Desktop\Defogger.exe
2013-10-12 01:24 - 2013-11-10 15:29 - 00000000 ____D C:\Users\anon\Documents\Outlook-Dateien
2013-10-12 00:06 - 2013-11-06 03:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-11 23:11 - 2013-10-11 23:11 - 00000000 ____D C:\Users\anon\AppData\Roaming\Mozilla
2013-10-11 23:10 - 2013-11-06 22:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-11 19:02 - 2013-10-11 19:02 - 00000000 ___SD C:\Users\anon\Documents\Passwords Database
==================== One Month Modified Files and Folders =======
2013-11-10 16:46 - 2013-11-10 16:46 - 00000000 ____D C:\FRST
2013-11-10 16:45 - 2013-11-02 18:05 - 01957156 _____ (Farbar) C:\Users\anon\Desktop\FRST64.exe
2013-11-10 16:42 - 2013-11-10 16:42 - 00000470 _____ C:\Users\anon\Desktop\defogger_disable.log
2013-11-10 16:42 - 2013-11-10 16:42 - 00000000 _____ C:\Users\anon\defogger_reenable
2013-11-10 16:42 - 2013-11-02 18:03 - 00000000 ____D C:\Users\anon\Desktop\AnoN
2013-11-10 16:42 - 2013-01-05 23:21 - 00000000 ____D C:\Users\anon
2013-11-10 16:41 - 2013-11-10 16:34 - 243681088 _____ C:\Users\anon\Downloads\kav14.0.0.4651abDE_5154.exe
2013-11-10 16:37 - 2013-01-05 23:44 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-10 15:58 - 2013-04-12 23:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-10 15:43 - 2013-11-10 15:43 - 06952512 _____ (TeamViewer GmbH) C:\Users\anon\Downloads\TeamViewer_Setup.exe
2013-11-10 15:35 - 2009-07-14 05:45 - 00026496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-10 15:35 - 2009-07-14 05:45 - 00026496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-10 15:34 - 2013-01-11 13:42 - 00002160 _____ C:\ProgramData\hpzinstall.log
2013-11-10 15:34 - 2013-01-06 08:12 - 00696876 _____ C:\Windows\system32\perfh007.dat
2013-11-10 15:34 - 2013-01-06 08:12 - 00148140 _____ C:\Windows\system32\perfc007.dat
2013-11-10 15:34 - 2009-07-14 06:13 - 01612512 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-10 15:33 - 2013-01-11 13:42 - 00205354 _____ C:\Windows\hpoins46.dat
2013-11-10 15:31 - 2013-01-05 23:20 - 01665359 _____ C:\Windows\WindowsUpdate.log
2013-11-10 15:29 - 2013-10-12 01:24 - 00000000 ____D C:\Users\anon\Documents\Outlook-Dateien
2013-11-10 15:29 - 2013-01-07 17:05 - 00000000 ___RD C:\Users\anon\Dropbox
2013-11-10 15:29 - 2013-01-07 17:02 - 00000000 ____D C:\Users\anon\AppData\Roaming\Dropbox
2013-11-10 15:29 - 2013-01-05 23:44 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-10 15:28 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-10 15:28 - 2009-07-14 05:51 - 00052838 _____ C:\Windows\setupact.log
2013-11-10 15:26 - 2013-01-11 13:49 - 00000000 ____D C:\Users\anon\AppData\Roaming\HpUpdate
2013-11-10 03:15 - 2013-10-26 10:36 - 00000000 ____D C:\Users\anon\Desktop\kunstgeschichte
2013-11-09 17:15 - 2013-11-09 13:59 - 00001496 _____ C:\Users\anon\Desktop\test.R
2013-11-09 14:24 - 2013-11-09 14:24 - 00004055 _____ C:\Users\anon\Desktop\.RData
2013-11-09 13:13 - 2010-11-21 04:47 - 00083528 _____ C:\Windows\PFRO.log
2013-11-08 16:12 - 2013-01-12 04:51 - 00000000 ____D C:\Windows\pss
2013-11-08 16:12 - 2013-01-05 23:21 - 00000000 ___RD C:\Users\anon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-07 02:56 - 2013-11-07 01:48 - 00000000 ____D C:\Users\anon\AppData\Roaming\MyPhoneExplorer
2013-11-07 01:55 - 2013-11-07 01:55 - 00002061 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-11-07 01:55 - 2013-11-07 01:54 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2013-11-07 01:52 - 2013-11-07 01:47 - 00000000 ____D C:\Users\anon\AppData\Local\Mobogenie
2013-11-07 01:51 - 2013-11-07 01:45 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer
2013-11-07 01:50 - 2013-11-05 11:33 - 00000000 ____D C:\AdwCleaner
2013-11-07 01:47 - 2013-11-07 01:47 - 00000000 ____D C:\Users\anon\AppData\Local\cache
2013-11-07 01:47 - 2013-11-07 01:47 - 00000000 ____D C:\Users\anon\.android
2013-11-07 01:47 - 2013-11-07 01:47 - 00000000 _____ C:\Users\anon\daemonprocess.txt
2013-11-07 01:46 - 2013-11-07 01:45 - 00000000 _____ C:\END
2013-11-06 22:50 - 2013-10-11 23:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-06 03:30 - 2013-10-12 00:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 14:30 - 2013-01-07 15:04 - 00000132 _____ C:\Users\anon\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-11-05 11:34 - 2013-06-24 14:09 - 00000000 ____D C:\Users\anon\AppData\Roaming\Common
2013-11-02 18:05 - 2013-10-24 20:12 - 00000000 ___RD C:\Users\anon\Desktop\ks rp
2013-11-02 17:39 - 2013-11-02 17:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-28 05:31 - 2013-01-11 23:47 - 00000000 ____D C:\Users\anon\AppData\Roaming\vlc
2013-10-27 17:28 - 2013-10-27 17:28 - 00000000 ____D C:\Users\anon\AppData\Roaming\com.adobe.amp
2013-10-27 14:07 - 2013-07-18 08:32 - 00000000 _____ C:\Windows\system32\vireng.log
2013-10-27 01:54 - 2013-03-04 01:19 - 00000000 ____D C:\Users\anon\AppData\Roaming\dvdcss
2013-10-26 23:05 - 2013-10-26 23:05 - 00000000 ____D C:\Users\anon\AppData\Local\PDF24
2013-10-26 23:04 - 2013-10-26 23:03 - 00000000 ____D C:\Program Files (x86)\PDF24
2013-10-26 12:22 - 2013-07-11 01:56 - 00000000 ____D C:\Users\anon\dwhelper
2013-10-26 08:42 - 2013-10-10 15:10 - 00000000 ____D C:\Users\anon\Desktop\EWS_EXAM_PSY
2013-10-25 16:22 - 2013-10-25 16:22 - 00000000 ____D C:\Users\anon\AppData\Roaming\WTablet
2013-10-25 16:22 - 2013-06-01 15:54 - 00000000 ____D C:\Program Files\Tablet
2013-10-25 16:18 - 2013-10-25 16:18 - 00000000 ____D C:\Users\anon\AppData\Roaming\wacomid-desktop-launcher
2013-10-24 17:34 - 2013-10-24 17:34 - 00000000 ____D C:\ProgramData\Oracle
2013-10-24 17:30 - 2013-10-24 17:30 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-24 17:30 - 2013-07-03 19:54 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-23 00:48 - 2013-05-11 20:59 - 00000000 ____D C:\Users\anon\AppData\Roaming\Skype
2013-10-22 18:41 - 2013-10-22 17:24 - 00000000 ____D C:\Users\anon\Desktop\dida m
2013-10-21 19:38 - 2013-01-05 23:50 - 00000000 ____D C:\ProgramData\Sophos
2013-10-21 19:36 - 2013-10-21 19:37 - 00037880 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2013-10-13 13:52 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-12 02:54 - 2013-10-12 02:54 - 00050477 _____ C:\Users\anon\Desktop\Defogger.exe
2013-10-11 23:11 - 2013-10-11 23:11 - 00000000 ____D C:\Users\anon\AppData\Roaming\Mozilla
2013-10-11 23:07 - 2013-01-05 23:44 - 00000000 ____D C:\Users\anon\AppData\Local\Google
2013-10-11 23:06 - 2013-01-05 23:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-11 23:05 - 2013-01-07 00:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-11 22:32 - 2013-01-05 23:44 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-11 22:32 - 2013-01-05 23:44 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-11 19:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 19:02 - 2013-10-11 19:02 - 00000000 ___SD C:\Users\anon\Documents\Passwords Database
2013-10-11 16:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-10 01:19
==================== End Of Log ============================
gmer: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-10 17:07:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_Series rev.DXT06B0Q 111,79GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\anon\AppData\Local\Temp\kxldrpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ad1465 2 bytes [AD, 75]
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ad14bb 2 bytes [AD, 75]
.text ... * 2
.text C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe[1188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ad1465 2 bytes [AD, 75]
.text C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe[1188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ad14bb 2 bytes [AD, 75]
.text ... * 2
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\SysWOW64\ntdll.dll!KiUserExceptionDispatcher 0000000077c40124 5 bytes JMP 00000001753786f0
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c6c4dd 5 bytes JMP 0000000175374ec0
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\SysWOW64\ntdll.dll!RtlExitUserThread 0000000077c8801c 5 bytes JMP 00000001753750c0
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076e31072 5 bytes JMP 0000000175375120
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!GetProcAddress 0000000076e31222 5 bytes JMP 00000001753750a0
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!WriteFile 0000000076e31282 5 bytes JMP 0000000175374f20
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!FreeLibrary 0000000076e33468 5 bytes JMP 0000000175375310
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!VirtualProtect 0000000076e342ff 5 bytes JMP 0000000175374f80
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!ResumeThread 0000000076e3438f 5 bytes JMP 0000000175374fc0
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076e348b3 5 bytes JMP 0000000175375020
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000076e348cb 5 bytes JMP 0000000175374fe0
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076e348fd 5 bytes JMP 0000000175375000
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076e34977 5 bytes JMP 0000000175375040
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!CreateFileA 0000000076e35366 5 bytes JMP 0000000175375140
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!GlobalAlloc 0000000076e3582e 5 bytes JMP 0000000175375060
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000076e379b0 5 bytes JMP 00000001753750e0
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalA 0000000076e4a457 5 bytes JMP 0000000175375100
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory 0000000076e4d978 5 bytes JMP 0000000175374ee0
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!GetThreadContext 0000000076e5796c 5 bytes JMP 0000000175375080
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076eb2c51 5 bytes JMP 0000000175374f40
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx 0000000076eb45ef 5 bytes JMP 0000000175374f60
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!WriteFileEx 0000000076eb461f 5 bytes JMP 0000000175374f00
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\kernel32.dll!SetThreadContext 0000000076eb53c3 5 bytes JMP 0000000175374fa0
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ad1465 2 bytes [AD, 75]
.text C:\Windows\SysWOW64\svchost.exe[1868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ad14bb 2 bytes [AD, 75]
.text ... * 2
.text C:\Program Files (x86)\Acer Bio Protection\BASVC.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ad1465 2 bytes [AD, 75]
.text C:\Program Files (x86)\Acer Bio Protection\BASVC.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ad14bb 2 bytes [AD, 75]
.text ... * 2
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ad1465 2 bytes [AD, 75]
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ad14bb 2 bytes [AD, 75]
.text ... * 2
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ad1465 2 bytes [AD, 75]
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ad14bb 2 bytes [AD, 75]
.text ... * 2
.text C:\Program Files\Tablet\Pen\WacomHost.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ad1465 2 bytes [AD, 75]
.text C:\Program Files\Tablet\Pen\WacomHost.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ad14bb 2 bytes [AD, 75]
.text ... * 2
.text C:\Windows\Explorer.EXE[2172] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778423d0 5 bytes JMP 000000016fff00d8
.text C:\Windows\Explorer.EXE[2172] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778bf6c0 8 bytes JMP 000000016fff0110
.text C:\Windows\Explorer.EXE[2172] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0c7490 11 bytes JMP 000007fffde800d8
.text C:\Program Files (x86)\RocketDock\RocketDock.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ad1465 2 bytes [AD, 75]
.text C:\Program Files (x86)\RocketDock\RocketDock.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ad14bb 2 bytes [AD, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ad1465 2 bytes [AD, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ad14bb 2 bytes [AD, 75]
.text ... * 2
.text C:\Users\anon\AppData\Roaming\Dropbox\bin\Dropbox.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ad1465 2 bytes [AD, 75]
.text C:\Users\anon\AppData\Roaming\Dropbox\bin\Dropbox.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ad14bb 2 bytes [AD, 75]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\SysWOW64\ntdll.dll!KiUserExceptionDispatcher 0000000077c40124 5 bytes JMP 00000001753786f0
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c6c4dd 5 bytes JMP 0000000175374ec0
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\SysWOW64\ntdll.dll!RtlExitUserThread 0000000077c8801c 5 bytes JMP 00000001753750c0
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076e31072 5 bytes JMP 0000000175375120
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!GetProcAddress 0000000076e31222 5 bytes JMP 00000001753750a0
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!WriteFile 0000000076e31282 5 bytes JMP 0000000175374f20
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!FreeLibrary 0000000076e33468 5 bytes JMP 000000017537a0e0
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!CreateFileW 0000000076e33efc 5 bytes JMP 0000000175379fa0
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!VirtualProtect 0000000076e342ff 5 bytes JMP 0000000175374f80
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!ResumeThread 0000000076e3438f 5 bytes JMP 0000000175374fc0
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076e348b3 5 bytes JMP 0000000175375020
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000076e348cb 5 bytes JMP 0000000175374fe0
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076e348fd 5 bytes JMP 000000017537a1c0
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076e34977 5 bytes JMP 0000000175375040
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!CreateFileA 0000000076e35366 5 bytes JMP 0000000175375140
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!GlobalAlloc 0000000076e3582e 5 bytes JMP 0000000175375060
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000076e379b0 5 bytes JMP 00000001753750e0
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076e38769 5 bytes JMP 0000000170267dbc
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!CreateActCtxW 0000000076e391e7 5 bytes JMP 00000001753798c0
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalA 0000000076e4a457 5 bytes JMP 0000000175375100
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory 0000000076e4d978 5 bytes JMP 0000000175374ee0
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!ReplaceFile 0000000076e50dac 5 bytes JMP 0000000175379980
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!GetThreadContext 0000000076e5796c 5 bytes JMP 0000000175375080
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076eb2c51 5 bytes JMP 0000000175374f40
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx 0000000076eb45ef 5 bytes JMP 0000000175374f60
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!WriteFileEx 0000000076eb461f 5 bytes JMP 0000000175374f00
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\kernel32.dll!SetThreadContext 0000000076eb53c3 5 bytes JMP 0000000175374fa0
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756f8a29 5 bytes JMP 0000000175379f30
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075cd6143 5 bytes JMP 000000017078c706
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\ole32.dll!StgOpenStorageEx 0000000075d46d42 5 bytes JMP 000000017535dde0
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ad1465 2 bytes [AD, 75]
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ad14bb 2 bytes [AD, 75]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075e93e59 5 bytes JMP 0000000170293556
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075e93eae 5 bytes JMP 00000001702b9255
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075e94731 5 bytes JMP 00000001702adb5c
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075e95dee 5 bytes JMP 00000001702c2989
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000770a8c8d 5 bytes JMP 0000000175374e60
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000770a90cf 5 bytes JMP 0000000175374e40
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\WININET.dll!InternetOpenA 00000000770db8c8 5 bytes JMP 0000000175374ea0
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\WININET.dll!InternetOpenUrlA 000000007713d2cf 5 bytes JMP 0000000175374e80
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\SHELL32.dll!SHExtractIconsW 00000000761c5243 5 bytes JMP 0000000175373d80
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075c93918 5 bytes JMP 0000000175374da0
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\WS2_32.dll!WSAStartup 0000000075c93ab2 7 bytes JMP 0000000175374e00
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\WS2_32.dll!bind 0000000075c94582 5 bytes JMP 0000000175374dc0
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\WS2_32.dll!accept 0000000075c968b6 5 bytes JMP 0000000175374de0
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\WS2_32.dll!recv 0000000075c96b0e 5 bytes JMP 0000000175374d20
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\WS2_32.dll!connect 0000000075c96bdd 5 bytes JMP 0000000175374d80
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\WS2_32.dll!send 0000000075c96f01 5 bytes JMP 0000000175374d00
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\WS2_32.dll!getpeername 0000000075c97147 5 bytes JMP 0000000175374d60
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\WS2_32.dll!listen 0000000075c9b001 5 bytes JMP 0000000175374d40
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\syswow64\WS2_32.dll!WSASocketA 0000000075c9c82a 5 bytes JMP 0000000175374e20
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[3712] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll!GdipCreateBitmapFromFile 0000000073525eb5 5 bytes JMP 0000000075378480
.text C:\Users\anon\Desktop\gmer_2.1.19163.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ad1465 2 bytes [AD, 75]
.text C:\Users\anon\Desktop\gmer_2.1.19163.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ad14bb 2 bytes [AD, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269d30ef1
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269d30ef1 (not active ControlSet)
---- EOF - GMER 2.1 ----
p.s.:
Dass Sophos verwendet wird, liegt daran, dass es Universitär für alle kostenlos zur Verfügung steht. |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
