| cropduster | 10.06.2014 00:12 |
Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
Hallo,
habe seit einigen Tagen ein Problem mit dem Avira Free Antivirus. Habe festgestellt, dass keine Updates heruntergeladen werden, wollte es manuell starten, daraufhin erschien ein Fenster mit der Meldung "Dieses Programm wurde durch eine Gruppenrichtlinie blockiert". Dasselbe geschah beim MBAM Aufruf.
Habe im abgesicherten Modus MBAM Scan durchgeführt und einige Schädlinge entfernt. Nach dem Neustart habe ich aber nach wie vor kein Zugriff auf Avira oder MBAM. Es scheint etwas hartnäckigeres Problem zu sein, deswegen bitte ich um Unterstützung.
Die Log-Dateien von MBAM, Defogger, FRST und Gmer sind anbei.
MBAM: Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.06.01.07
Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
Admin :: Bruce [Administrator]
01.06.2014 19:40:03
mbam-log-2014-06-01 (19-40-03).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 842300
Laufzeit: 2 Stunde(n), 4 Minute(n), 48 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\voisert (Trojan.Proxy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|jmckonc (Trojan.Ransom.Gend) -> Daten: regsvr32.exe "C:\ProgramData\jmckonc.dat" -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|IgzigYolsi (Trojan.Ransom.Gend) -> Daten: regsvr32.exe "C:\ProgramData\IgzigYolsi.dat" -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 3
C:\ProgramData\jmckonc.dat (Trojan.Ransom.Gend) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IgzigYolsi.dat (Trojan.Ransom.Gend) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Admin\AppData\Local\voisert.dll (Trojan.Proxy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
FRST.txt: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-06-2014 01
Ran by Admin (administrator) on BRUCE on 09-06-2014 17:35:11
Running from I:\Anti-Malware
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
() C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
(Nero AG) C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Gigabyte Technology CO., LTD.) C:\Program Files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
() C:\Program Files\phonostar-Player\phonostarTimer.exe
(LG Electronics) C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
() C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe
() C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\cloneTestDDCCI.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Gigabyte Technology CO., LTD.) C:\Program Files\GIGABYTE\smart6\timelock\AlarmClock.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Avira Operations GmbH & Co. KG) C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
(Avira Operations GmbH & Co. KG) C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Run: [phonostarTimer] => C:\Program Files\phonostar-Player\phonostarTimer.exe [42496 2013-04-25] ()
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Run: [vProt] => C:\Program Files\vShare\vprot.exe
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Run: [phonostar-PlayerTimer] => C:\Program Files\phonostar-Player\phonostarTimer.exe [42496 2013-04-25] ()
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Admin\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\MountPoints2: {3418f6e4-0a29-11e2-bd11-00040ec4d221} - T:\setup.exe
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dual Package.lnk
ShortcutTarget: Dual Package.lnk -> C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe (LG Electronics)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4A6E99F659AFCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Admin\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}-trash [2012-07-10]
FF Extension: WOT - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: BetterPrivacy - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2012-01-22]
FF Extension: bidbag Remote - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\development@bidbag.de.xpi [2012-11-11]
FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-07-10]
FF Extension: DownThemAll! - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-12-22]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-03-02]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-17]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-03-02]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-17]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 DES2 Service; C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NeroMediaHomeService.4; C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Smart TimeLock; C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
==================== Drivers (Whitelisted) ====================
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2010-10-22] (AVM GmbH)
R3 gdrv; C:\Windows\gdrv.sys [17488 2014-06-09] (Windows (R) 2000 DDK provider)
S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2010-12-17] ()
S3 LGDDCDevice; C:\Windows\system32\LGI2CDriver.sys [16384 2010-08-04] (LG Soft India) [File not signed]
S3 LGII2CDevice; C:\Windows\system32\LGPII2CDriver.sys [19968 2011-02-11] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-05] (Avira GmbH)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2070-01-01 01:00 - 2012-04-27 20:14 - 00000000 ____D () C:\Users\Admin\Downloads\BOTANICULA
2014-06-09 13:11 - 2014-06-09 17:35 - 00000000 ____D () C:\FRST
2014-05-31 23:02 - 2014-05-31 23:02 - 00159688 _____ () C:\Windows\Minidump\053114-32573-01.dmp
2014-05-26 10:31 - 2014-05-26 10:31 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-26 00:34 - 2014-05-26 00:49 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-26 00:34 - 2014-05-26 00:49 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-26 00:23 - 2014-05-26 00:23 - 00000838 _____ () C:\Users\Admin\Desktop\Uninstall_Flash.txt
2014-05-26 00:21 - 2014-05-26 00:21 - 00848048 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\uninstall_flash_player.exe
2014-05-18 04:06 - 2014-05-18 04:06 - 01136048 _____ () C:\Windows\Minidump\051814-26020-01.dmp
2014-05-17 23:33 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-05-17 23:33 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-05-17 23:33 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-05-17 23:33 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-05-17 23:33 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-05-17 23:33 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-05-17 23:33 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-05-17 23:33 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-05-17 23:33 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-05-17 23:33 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-05-17 23:33 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-05-17 23:33 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-05-17 23:33 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-05-17 23:33 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-05-17 23:33 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-05-17 23:32 - 2014-05-17 23:33 - 00000000 ____D () C:\Windows\system32\directx
2014-05-17 23:32 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-05-17 23:32 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-05-17 23:32 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-05-17 23:32 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-05-17 23:32 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-05-17 23:32 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-05-17 23:32 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-05-17 23:32 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-05-17 23:32 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-05-17 23:32 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-05-17 23:32 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-05-17 23:32 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-05-17 23:32 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-05-17 23:32 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-05-17 23:32 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-05-17 23:32 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-05-10 00:18 - 2014-05-10 00:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-06-09 17:35 - 2014-06-09 13:11 - 00000000 ____D () C:\FRST
2014-06-09 17:35 - 2010-12-13 23:01 - 00000000 ____D () C:\Users\Admin\AppData\Local\Temp
2014-06-09 17:15 - 2011-01-09 00:07 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-09 17:13 - 2010-12-14 23:43 - 00000000 ____D () C:\Program Files\Adobe
2014-06-09 16:15 - 2010-12-13 22:52 - 01405415 _____ () C:\Windows\WindowsUpdate.log
2014-06-09 13:14 - 2011-01-09 00:07 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-09 12:51 - 2009-07-14 06:34 - 00024848 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-09 12:51 - 2009-07-14 06:34 - 00024848 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-09 12:44 - 2010-12-14 23:40 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2014-06-09 11:36 - 2010-12-13 22:53 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-09 11:32 - 2013-04-18 21:55 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\Temp
2014-06-09 11:32 - 2010-12-14 00:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-09 11:31 - 2010-12-14 01:14 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2014-06-09 11:31 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-09 11:31 - 2009-07-14 06:39 - 00086801 _____ () C:\Windows\setupact.log
2014-06-05 00:02 - 2011-11-05 15:08 - 00000000 ____D () C:\Users\Admin\Documents\Eigene Scans
2014-06-01 23:18 - 2011-01-09 13:53 - 01319860 _____ () C:\Windows\PFRO.log
2014-05-31 23:09 - 2013-04-18 21:55 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4
2014-05-31 23:02 - 2014-05-31 23:02 - 00159688 _____ () C:\Windows\Minidump\053114-32573-01.dmp
2014-05-31 23:02 - 2011-05-20 11:48 - 00000000 ____D () C:\Windows\Minidump
2014-05-30 17:05 - 2011-01-08 22:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-05-26 10:31 - 2014-05-26 10:31 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-26 10:31 - 2011-01-08 22:39 - 00000000 ___RD () C:\Program Files\Skype
2014-05-26 10:31 - 2011-01-08 22:39 - 00000000 ____D () C:\ProgramData\Skype
2014-05-26 00:49 - 2014-05-26 00:34 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-26 00:49 - 2014-05-26 00:34 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-26 00:49 - 2010-12-14 23:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-05-26 00:23 - 2014-05-26 00:23 - 00000838 _____ () C:\Users\Admin\Desktop\Uninstall_Flash.txt
2014-05-26 00:21 - 2014-05-26 00:21 - 00848048 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\uninstall_flash_player.exe
2014-05-18 04:06 - 2014-05-18 04:06 - 01136048 _____ () C:\Windows\Minidump\051814-26020-01.dmp
2014-05-18 04:06 - 2012-07-10 23:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-18 03:59 - 2010-12-14 00:13 - 00003731 _____ () C:\Windows\avmfwlanci.log
2014-05-18 03:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-17 23:33 - 2014-05-17 23:32 - 00000000 ____D () C:\Windows\system32\directx
2014-05-16 20:15 - 2013-10-05 20:11 - 00000000 ____D () C:\Users\Admin\Downloads\Rechnungen o2
2014-05-10 00:19 - 2014-05-10 00:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
ZeroAccess:
C:\Users\Admin\AppData\Local\{e8bbda05-74da-a9a6-e575-5a1a8f5d5987}
C:\Users\Admin\AppData\Local\{e8bbda05-74da-a9a6-e575-5a1a8f5d5987}\@
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Admin\AppData\Local\Temp\Checkupdate.exe
C:\Users\Admin\AppData\Local\Temp\foxDDC1.exe
C:\Users\Admin\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Admin\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Admin\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Admin\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2010-12-13 22:38
==================== End Of Log ============================
Addition.txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-06-2014 01
Ran by Admin at 2014-06-09 17:35:29
Running from I:\Anti-Malware
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
==================== Installed Programs ======================
@BIOS (HKLM\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.08 - GIGABYTE)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Audacity 1.3.14 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
AutoGreen B09.1014.2 (HKLM\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B09.1014.2 (Version: 1.00.0000 - GIGABYTE) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version: - AVM Berlin)
Botanicula (HKLM\...\Botanicula_is1) (Version: - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C5300 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
CBReader (HKLM\...\CBReader ) (Version: - ChessBase GmbH)
ChessBase 12 (HKLM\...\{FCBFC686-53B0-4CB0-A820-E9D20C95FABE}) (Version: 12.1.0.0 - ChessBase)
Cisco Unified Presenter Add-in 6x5 (HKCU\...\Cisco Unified Presenter Add-in 6x5) (Version: - )
CloudReading (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
DES 2.0 (HKLM\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Directory Lister Pro v1.62 (HKLM\...\Directory Lister Pro_is1) (Version: 1.62 - KRKSoft)
Dual Package (HKLM\...\{37365259-9D37-4FBE-9204-08B4034623B6}) (Version: 2.9 - LG Soft India Pvt Ltd)
Easy Tune 6 B10.0521.1 (HKLM\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0521.1 (Version: 1.00.0000 - GIGABYTE) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{6FA29B87-FED3-45A1-8A95-2FDEE0F6DD18}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
ICQ7.4 (HKLM\...\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}) (Version: 7.4 - ICQ)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
IsoBuster 2.8.5 (HKLM\...\IsoBuster_is1) (Version: 2.8.5 - Smart Projects)
LockHunter 3.0, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero MediaHome 4 (Version: 4.5.20.45 - Nero AG) Hidden
Nero MediaHome 4 Essentials (HKLM\...\{04d0813a-6e8b-40a5-a2c7-d929ccd2b5e1}) (Version: - Nero AG)
Nero MediaHome 4 Help (Version: 4.5.5.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
NVIDIA 3D Vision Treiber 260.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 260.99 - NVIDIA Corporation)
NVIDIA Grafiktreiber 260.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 260.99 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.1.9.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.9.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.0.14.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6099 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 260.99 (Version: 260.99 - NVIDIA Corporation) Hidden
ON_OFF Charge B10.0427.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Ontrack EasyRecovery Home (HKLM\...\{B8686BCF-5181-477F-9CBE-786391011B9C}_is1) (Version: 11.0.2.0 - Kroll Ontrack Inc.)
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF Architect (HKLM\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
phonostar-Player Version 3.03.1 (HKLM\...\phonostar3RadioPlayer_is1) (Version: - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Pocket Informant Pro 2007 (HKLM\...\Pocket Informant) (Version: Pro 2007 - Web IS, Inc.)
PS_AIO_04_C5300_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.00042 - Realtek Semiconductor Corp.)
Remote Master (HKLM\...\Remote Master) (Version: - )
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScummVM 1.4.1 (HKLM\...\ScummVM_is1) (Version: - The ScummVM Team)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smart 6 B10.0422.1 (HKLM\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
t@x 2013 (HKCU\...\{6737F045-A91A-4177-9C8C-59460FC1C84D}) (Version: 20.00.8137 - Buhl Data Service GmbH)
t@x 2014 (HKCU\...\{2547CF96-DBB7-4EDD-9327-0EFDD0D1FA8A}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.50 - Ghisler Software GmbH)
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.8.0 - Tweaking.com)
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0 - Microsoft Corporation) Hidden
VLC media player 1.1.5 (HKLM\...\VLC media player) (Version: 1.1.5 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinCDEmu (HKLM\...\WinCDEmu) (Version: 3.6 - Bazis)
WISO Mein Geld 2012 Professional (HKLM\...\WISO Mein Geld 2012 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2012 Professional (Version: 14.0.1.18 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2011 (HKLM\...\{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}) (Version: 18.06.7056 - Buhl Data Service GmbH)
==================== Restore Points =========================
06-06-2014 20:03:29 Automatic creation
08-06-2014 14:43:06 Automatic creation
09-06-2014 10:02:05 Automatic creation
==================== Hosts content: ==========================
2009-07-14 04:04 - 2012-09-04 23:41 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {2FDB101E-045E-4920-A563-87DF08C0D382} - System32\Tasks\AdobeAAMUpdater-1.0-Bruce-Admin => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {38F837AD-0813-4003-B978-4754B291A6C7} - System32\Tasks\{A77DCEAA-D94D-4E61-A213-F36BBBFACACC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/ru/abandoninstall?page=tsProgressBar
Task: {55687A7D-1D91-421E-9BCA-2DA6F9D82C8A} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {5E4CDD35-1667-442C-811D-00D6768A9FB2} - System32\Tasks\Express Files Updater => C:\Program Files\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: {67288036-726A-4EB2-AA43-FC51DC02B194} - System32\Tasks\{33AA7B1C-74E9-45CF-B2D3-1B23F4ABB1E0} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/ru/abandoninstall?page=tsProgressBar
Task: {72061602-B23D-4837-94FD-3B320E38F4C8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-09] (Google Inc.)
Task: {CFDC9FF3-86CF-4516-A70B-CF460ACCD4B0} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
Task: {E507B357-E7E9-4B99-88A1-78D19747C3FE} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
Task: {F5B12AFD-B600-48E8-B52D-9C7F79B90C97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-09] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-08-05 01:32 - 2013-08-05 01:21 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2010-12-14 01:13 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
2010-12-14 01:13 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files\GIGABYTE\EnergySaver2\ycc.dll
2011-03-13 14:26 - 2013-04-25 17:23 - 00042496 _____ () C:\Program Files\phonostar-Player\phonostarTimer.exe
2012-12-03 23:37 - 2011-05-31 05:31 - 00061952 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\MouseHook.dll
2012-12-03 23:37 - 2011-04-02 00:07 - 00003584 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\GerRes.dll
2014-04-20 14:19 - 2014-03-25 14:25 - 00590640 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
2014-04-20 14:16 - 2014-03-25 14:26 - 09741104 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wgui14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 00035120 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsdcom48.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 00309040 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rscorewinapi48.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 00321840 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsguiwinapi48.dll
2014-04-20 14:16 - 2014-03-25 14:26 - 03799344 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wcore14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 00136496 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsodbc48.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 02691888 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wfvie14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01993008 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wsteu14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01915184 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wreli14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 04330800 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wauff14.dll
2014-04-20 14:16 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-core.dll
2014-04-20 14:16 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-shared.dll
2014-04-20 14:16 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-contribs-lib.dll
2014-04-20 14:16 - 2014-03-26 10:59 - 01548592 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wmain14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 05127984 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae114.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01690416 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae214.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01806128 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae314.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01626928 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae414.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01115440 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\whau114.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01326384 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\whau214.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01245488 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wwerb14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 07324464 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wkont14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01283376 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wimp14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01330480 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wfabu14.dll
2011-01-17 17:19 - 2011-02-15 20:52 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2012-12-03 23:37 - 2011-04-20 18:10 - 00024576 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe
2012-12-03 23:37 - 2011-04-16 20:02 - 00049152 _____ () C:\Windows\system32\LGErrorHandler.dll
2012-12-03 23:37 - 2011-04-20 18:10 - 00024576 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\cloneTestDDCCI.exe
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupreg: Nero MediaHome 4 => "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
MSCONFIG\startupreg: Remote Master => C:\Program Files\Remote Master\Remote Master.exe
MSCONFIG\startupreg: TabbtnEx => C:\Users\Admin\AppData\Local\Microsoft\Windows\3565\TabbtnEx.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: voisert => rundll32 "C:\Users\Admin\AppData\Local\voisert.dll",voisert
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/09/2014 00:02:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {aa207a4a-4aa1-468e-bb8c-cbd503d8d459}
Error: (06/08/2014 04:43:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {9d70894c-c076-40ea-8393-6e98f6227a6c}
Error: (06/06/2014 10:03:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {2dddb5b3-e19d-4034-9860-97a1defbb8aa}
Error: (05/30/2014 09:01:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385, Zeitstempel: 0x4a5bc69e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdadb
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000c283b
ID des fehlerhaften Prozesses: 0xad0
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (05/30/2014 09:00:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385, Zeitstempel: 0x4a5bc69e
Name des fehlerhaften Moduls: Flash32_13_0_0_214.ocx, Version: 13.0.0.214, Zeitstempel: 0x5359c422
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0020ca1d
ID des fehlerhaften Prozesses: 0x65c
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (05/29/2014 06:01:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Skype.exe, Version 6.16.0.105 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1344
Startzeit: 01cf78bcd454e312
Endzeit: 50
Anwendungspfad: C:\Program Files\Skype\Phone\Skype.exe
Berichts-ID:
Error: (05/27/2014 04:42:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385, Zeitstempel: 0x4a5bc69e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00509636
ID des fehlerhaften Prozesses: 0x308
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (05/26/2014 10:31:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (05/26/2014 10:30:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (05/26/2014 01:27:22 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {312900fa-f2f3-435a-b4ec-6eb721d257fd}
System errors:
=============
Error: (06/08/2014 04:15:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (06/08/2014 04:15:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (06/08/2014 04:15:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (06/08/2014 04:15:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (06/08/2014 04:15:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (06/01/2014 11:18:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (06/01/2014 11:18:44 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (06/01/2014 11:18:44 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (06/01/2014 11:18:42 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (06/01/2014 11:18:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Microsoft Office Sessions:
=========================
Error: (06/09/2014 00:02:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {aa207a4a-4aa1-468e-bb8c-cbd503d8d459}
Error: (06/08/2014 04:43:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {9d70894c-c076-40ea-8393-6e98f6227a6c}
Error: (06/06/2014 10:03:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {2dddb5b3-e19d-4034-9860-97a1defbb8aa}
Error: (05/30/2014 09:01:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69entdll.dll6.1.7600.163854a5bdadbc0000374000c283bad001cf7c3984db6d9bC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dllc487cfea-e82c-11e3-b25a-00040ec4d221
Error: (05/30/2014 09:00:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69eFlash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1d65c01cf7b7c97362540C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\Flash32_13_0_0_214.ocxb7c052be-e82c-11e3-b25a-00040ec4d221
Error: (05/29/2014 06:01:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe6.16.0.105134401cf78bcd454e31250C:\Program Files\Skype\Phone\Skype.exe
Error: (05/27/2014 04:42:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69eunknown0.0.0.000000000c00000050050963630801cf79317dec67a4C:\Program Files\Internet Explorer\iexplore.exeunknown2c580d93-e5ad-11e3-b25a-00040ec4d221
Error: (05/26/2014 10:31:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (05/26/2014 10:30:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (05/26/2014 01:27:22 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {312900fa-f2f3-435a-b4ec-6eb721d257fd}
==================== Memory info ===========================
Percentage of memory in use: 28%
Total physical RAM: 3575.43 MB
Available physical RAM: 2570.76 MB
Total Pagefile: 7149.14 MB
Available Pagefile: 5979.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.43 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:48.73 GB) (Free:15.11 GB) NTFS
Drive d: (Daten) (Fixed) (Total:882.68 GB) (Free:624.75 GB) NTFS
Drive e: (System) (Fixed) (Total:14.65 GB) (Free:2.59 GB) NTFS
Drive f: (Software) (Fixed) (Total:14.65 GB) (Free:6.92 GB) NTFS
Drive g: (Data) (Fixed) (Total:45.23 GB) (Free:6.18 GB) NTFS
Drive i: (Lexar) (Removable) (Total:7.45 GB) (Free:2.31 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 75 GB) (Disk ID: ED6E8B61)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=45 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7618FDE6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=883 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
defogger_disable.txt: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:17 on 09/06/2014 (Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Gmer.txt: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-09 20:32:14
Windows 6.1.7600 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T1L0-d SAMSUNG_HD103SJ rev.1AJ10001 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uxldqpog.sys
---- System - GMER 2.1 ----
SSDT 922A89AE ZwCreateSection
SSDT 922A89B8 ZwRequestWaitReplyPort
SSDT 922A89B3 ZwSetContextThread
SSDT 922A89BD ZwSetSecurityObject
SSDT 922A89C2 ZwSystemDebugControl
SSDT 922A894F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83293579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832B7F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 340 832BF840 4 Bytes [AE, 89, 2A, 92] {SCASB ; MOV [EDX], EBP; XCHG EDX, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 69C 832BFB9C 4 Bytes [B8, 89, 2A, 92]
.text ntkrnlpa.exe!RtlSidHashLookup + 6E0 832BFBE0 4 Bytes [B3, 89, 2A, 92]
.text ntkrnlpa.exe!RtlSidHashLookup + 75C 832BFC5C 4 Bytes [BD, 89, 2A, 92]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B0 832BFCB0 4 Bytes [C2, 89, 2A, 92] {RET 0x2a89; XCHG EDX, EAX}
.text ...
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7425250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74252494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74235624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742356E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74248573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74244D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [742450CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [742451A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [742466D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [742482CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74248819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7424907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7424E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74244C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@J:\Games\new\davin\Âåëèêèå Ñåêðåòû. Äà Âèí\xf7è\unins000.exe 1
---- EOF - GMER 2.1 ----
Vielen Dank schon mal!
Beste Grüße
Alex |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
WARNUNG an die MITLESER: 
