| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Avast URL:Mal Alarm beim Laden von WebsitesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.07.2015, 10:09
| #1 |
| |  Windows 7: Avast URL:Mal Alarm beim Laden von Websites Hallo, Seit gestern Abend bekomme ich jedes mal beim Laden jeglicher Websites einen Avast Alarm. Es spielt dabei keine Rolle auf welcher Seite im Internet ich mich befinde. Sobald irgendeine Internetseite geladen wird, ertönt der Avast Alarm. Leider konnte ich kein Logfile der Fehlermeldung finden, was vermutlich auf mangelnde Kenntnisse meinerseits zurück geht. Die Meldung sieht wie folgt aus: "Infektion blockiert. Objekt: hxxps://securityutility.net/public/AddOn2/p/atakohapu17121346/gc.js Infektion: URL:Mal Prozess: D:\Program Files (x86)\Mozilla\Mozilla Firefox\firefox.exe" Ich wäre wirklich sehr dankbar, wenn mir jemand helfen könnte. Hier die defogger_disable Logfile: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:59 on 16/07/2015 (Felix)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Felix (administrator) on FELIX-PC on 16-07-2015 01:02:23
Running from C:\Users\Felix\Desktop
Loaded Profiles: Felix (Available Profiles: Felix)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avast Software s.r.o.) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Carl Zeiss) C:\Program Files\Carl Zeiss\MTB 2011 - 2.1.0.8\MTB Server Console\MTBService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software) D:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Spotify Ltd) C:\Users\Felix\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) D:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [EaseUS EPM tray] => D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\EpmNews.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Run: [Spotify Web Helper] => C:\Users\Felix\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030648 2015-07-13] (Spotify Ltd)
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Run: [Dropbox Update] => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Run: [Google Update] => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-18] (Google Inc.)
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\MountPoints2: {316f455f-df36-11e2-baaa-b4749ff98f96} - H:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\MountPoints2: {5a648b53-ceb1-11e2-a76c-b4749ff98f96} - H:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\MountPoints2: {8c7fbb17-fe54-11e0-95fe-806e6f6e6963} - E:\SecSWMgrGuide.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-06-28]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-05-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-27] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-27] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-27] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22BC01CC-A483-4BCD-8B21-E468E5275910}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ACA8EA50-5F74-40EB-9766-7D9CFA94FB3F}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default
FF Homepage: hxxp://abo.spiegel.de/de/c/abo-service/spiegel-abo-agb
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function FindProxyForURL(url, host) {if ((url.indexOf(\"proxmate=us\") != -1)) { return 'PROXY us01.sq.proxmate.me:8000; PROXY us08.sq.proxmate.me:8000; PROXY us09.sq.proxmate.me:8000; PROXY us03.sq.proxmate.me:8000; PROXY us06.sq.proxmate.me:8000; PROXY us14.sq.proxmate.me:8000; PROXY us10.sq.proxmate.me:8000; PROXY us05.sq.proxmate.me:8000; PROXY us02.sq.proxmate.me:8000; PROXY us12.sq.proxmate.me:8000; PROXY us11.sq.proxmate.me:8000; PROXY us13.sq.proxmate.me:8000; PROXY us07.sq.proxmate.me:8000' } else { return 'DIRECT'; }}"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-09-27] (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-12-27] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll [2012-07-05] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\PDF-XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-09-27] (Tracker Software Products Ltd.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-12-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Felix\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: @talk.google.com/O1DPlugin -> C:\Users\Felix\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Felix\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Felix\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\searchplugins\downloadhelper-adult-videos.xml [2014-05-27]
FF Extension: FoxyProxy Standard - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\foxyproxy@eric.h.jung [2015-05-30]
FF Extension: AdBeaver - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\adbeaver@adbeaver.org.xpi [2015-06-02]
FF Extension: Ghostery - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\firefox@ghostery.com.xpi [2014-11-16]
FF Extension: ProxMate - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-11-16]
FF Extension: LeechBlock - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-11-16]
FF Extension: Video DownloadHelper - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Adblock Plus - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-09]
FF Extension: DownThemAll! - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-11-16]
FF Extension: Adblock Edge - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - D:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-27] (Avast Software s.r.o.)
R3 AvastVBoxSvc; D:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-04-27] (Avast Software)
S3 CZCanSrv; C:\Program Files (x86)\Common Files\Carl Zeiss\CZCanSrv.exe [258048 2012-09-26] (Carl Zeiss MicroImaging GmbH) [File not signed]
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [77904 2011-05-26] (Diskeeper Corporation)
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30969208 2010-03-25] (Microsoft Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MTBService_2.1.0.8; C:\Program Files\Carl Zeiss\MTB 2011 - 2.1.0.8\MTB Server Console\MTBService.exe [20480 2013-02-15] (Carl Zeiss) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-09-01] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 Realtek87B; C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
S2 RtlService; C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020120 2015-04-21] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-27] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-27] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-27] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-27] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-27] ()
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [76368 2011-05-26] (Diskeeper Corporation)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
R2 VBoxAswDrv; D:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-27] (Avast Software)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 SBIOSIO; \??\C:\Users\Felix\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-16 01:02 - 2015-07-16 01:03 - 00020116 _____ C:\Users\Felix\Desktop\FRST.txt
2015-07-16 01:02 - 2015-07-16 01:02 - 00000000 ___SH C:\DkHyperbootSync
2015-07-16 01:02 - 2015-07-16 01:02 - 00000000 ____D C:\FRST
2015-07-16 01:01 - 2015-07-16 01:01 - 02133504 _____ (Farbar) C:\Users\Felix\Desktop\FRST64.exe
2015-07-16 00:59 - 2015-07-16 00:59 - 00000472 _____ C:\Users\Felix\Desktop\defogger_disable.log
2015-07-16 00:59 - 2015-07-16 00:59 - 00000000 _____ C:\Users\Felix\defogger_reenable
2015-07-16 00:58 - 2015-07-16 00:58 - 00050477 _____ C:\Users\Felix\Desktop\Defogger.exe
2015-07-16 00:19 - 2015-07-16 00:20 - 29296256 _____ (EaseUS ) C:\Windows\SysWOW64\epm.exe
2015-07-15 07:45 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 07:45 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 07:45 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 07:45 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 07:45 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 07:45 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 07:45 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 07:45 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 07:45 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 07:45 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 07:45 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 07:45 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 07:45 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 07:45 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 07:45 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 07:45 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 07:45 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 07:45 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 07:45 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 07:45 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 07:45 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 07:45 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 07:45 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 07:45 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 07:45 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 07:45 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 07:45 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 07:45 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 07:45 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 07:45 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 07:45 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 07:45 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 07:45 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 07:45 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 07:45 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 07:45 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 07:45 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 07:45 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 07:45 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 07:45 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 07:45 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 07:45 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 07:45 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 07:45 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 07:45 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 07:45 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 07:45 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 07:45 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 07:45 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 07:45 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 07:45 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 07:45 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 07:45 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 07:45 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 07:45 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 07:45 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 07:45 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 07:45 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 07:45 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 07:45 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 07:45 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 07:45 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 07:45 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 07:45 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 07:45 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 07:45 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 07:45 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 07:44 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 07:44 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 07:44 - 2015-07-03 20:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-15 07:44 - 2015-07-03 20:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 07:44 - 2015-07-03 20:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-15 07:44 - 2015-07-03 20:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-15 07:44 - 2015-07-03 19:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-15 07:44 - 2015-07-03 19:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 07:44 - 2015-07-03 19:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-15 07:44 - 2015-07-03 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-15 07:44 - 2015-07-03 18:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 07:44 - 2015-07-03 18:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 07:44 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 07:44 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 07:44 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 07:44 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 07:44 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 07:44 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 07:44 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 07:44 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 07:44 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 07:44 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 07:44 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 07:44 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 07:44 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 07:44 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 07:44 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 07:44 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 07:44 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 07:44 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 07:44 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 07:44 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 07:44 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 07:44 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 07:44 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 07:44 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 07:44 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 07:44 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 07:44 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 07:44 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 07:44 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 07:44 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 07:44 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 07:44 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-15 07:44 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-15 07:44 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-15 07:44 - 2015-06-11 19:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 07:44 - 2015-06-11 19:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 07:44 - 2015-06-11 19:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 07:44 - 2015-06-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-14 09:35 - 2015-07-14 09:35 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-04 15:08 - 2015-07-15 20:24 - 00001120 _____ C:\Windows\setupact.log
2015-07-04 15:08 - 2015-07-04 15:08 - 00000000 _____ C:\Windows\setuperr.log
2015-06-18 09:29 - 2015-07-16 00:34 - 00001224 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA.job
2015-06-18 09:29 - 2015-07-14 09:34 - 00001172 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core.job
2015-06-18 09:29 - 2015-06-18 09:29 - 00004194 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA
2015-06-18 09:29 - 2015-06-18 09:29 - 00003798 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core
2015-06-18 09:29 - 2015-06-18 09:29 - 00000000 ____D C:\Users\Felix\AppData\Local\Dropbox
2015-06-18 09:29 - 2015-06-18 09:29 - 00000000 ____D C:\ProgramData\Dropbox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-16 00:59 - 2011-10-24 19:15 - 00000000 ____D C:\Users\Felix
2015-07-16 00:25 - 2014-02-25 21:35 - 00000000 ____D C:\Users\Felix\AppData\Local\Spotify
2015-07-15 23:03 - 2014-10-29 22:04 - 00000000 ____D C:\Users\Felix\AppData\Local\Adobe
2015-07-15 23:03 - 2012-07-13 00:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 23:03 - 2011-10-24 20:34 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 22:55 - 2014-02-25 21:34 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Spotify
2015-07-15 21:22 - 2014-05-18 14:50 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core.job
2015-07-15 21:17 - 2014-05-18 14:50 - 00004090 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA
2015-07-15 21:17 - 2014-05-18 14:50 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core
2015-07-15 21:17 - 2014-05-18 14:50 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA.job
2015-07-15 20:34 - 2009-07-14 06:45 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-15 20:34 - 2009-07-14 06:45 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-15 20:33 - 2011-10-24 17:30 - 01322891 _____ C:\Windows\WindowsUpdate.log
2015-07-15 20:31 - 2013-04-21 02:23 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0721377F-5ED3-4460-B868-74C39FF481FC}
2015-07-15 20:27 - 2011-12-29 12:40 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Dropbox
2015-07-15 20:25 - 2014-03-25 14:33 - 00000000 ____D C:\Temp
2015-07-15 20:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-15 20:22 - 2009-07-14 06:45 - 00421536 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-15 09:25 - 2013-07-12 15:49 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 00:20 - 2009-07-14 19:58 - 00699666 _____ C:\Windows\system32\perfh007.dat
2015-07-15 00:20 - 2009-07-14 19:58 - 00149774 _____ C:\Windows\system32\perfc007.dat
2015-07-15 00:20 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-14 17:37 - 2015-02-12 11:18 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 17:36 - 2015-02-13 12:17 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-14 14:06 - 2012-07-08 18:21 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-13 10:01 - 2014-08-18 01:34 - 00000000 ____D C:\Users\Felix\AppData\Roaming\vlc
2015-07-11 18:18 - 2015-01-07 23:20 - 00000000 ____D C:\Users\Felix\Desktop\Medizinbewerbung_SS15
2015-07-07 11:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-04 17:38 - 2014-05-11 00:30 - 00653824 ___SH C:\Users\Felix\Thumbs.db
2015-07-03 08:43 - 2011-12-27 21:56 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-27 22:13 - 2011-12-29 16:08 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-23 13:30 - 2011-10-24 20:35 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2015-01-24 15:46 - 2015-01-24 15:46 - 0000907 _____ () C:\Users\Felix\AppData\Local\recently-used.xbel
2012-10-11 09:34 - 2012-10-11 09:34 - 0007606 _____ () C:\Users\Felix\AppData\Local\Resmon.ResmonCfg
2012-07-21 16:55 - 2012-07-21 16:55 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Some files in TEMP:
====================
C:\Users\Felix\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd77tja.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-13 23:14
==================== End of log ============================
FRST Addition Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Felix at 2015-07-16 01:03:49
Running from C:\Users\Felix\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2371084783-2400266815-74821208-500 - Administrator - Disabled)
Felix (S-1-5-21-2371084783-2400266815-74821208-1000 - Administrator - Enabled) => C:\Users\Felix
Gast (S-1-5-21-2371084783-2400266815-74821208-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2371084783-2400266815-74821208-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACD/Labs Software in D:\Program Files (x86)\ACDFREE11\ (HKLM-x32\...\ACDLabs in D__Program_Files_(x86)_ACDFREE11_) (Version: v11.00, FREE - ACD/Labs)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{7A1A59F3-66FE-96DC-C300-B8F4A6103D3A}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassin's Creed Revelations 1.03 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.03 - Ubisoft)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
calibre 64bit (HKLM\...\{F914E24C-BFF9-4D72-9775-60126B4BC51E}) (Version: 2.15.0 - Kovid Goyal)
Carl Zeiss AxioVision SE64 Rel. 4.9.1 (HKLM\...\{F927FC22-CD4E-477D-80BA-D63F5F75ED64}) (Version: 4.9.1.1 - Carl Zeiss Microscopy GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05160 - Cisco Systems, Inc.) Hidden
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.3.1 - Samsung Electronics CO., LTD.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.32 - Samsung Electronics CO., LTD.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-X64 10.7.16.1_WHQL (HKLM\...\Elantech) (Version: 10.7.16.1 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{77EDCFE0-4431-40B1-93AD-BF1F4C55D131}) (Version: 1.0.46 - Diskeeper Corporation)
eXtra Buttons (HKLM-x32\...\eXtra Buttons) (Version: - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GUILD WARS (HKLM-x32\...\Guild Wars) (Version: - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{8F4884F1-488D-4738-8F71-65A378BB484C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Hilfe (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3086 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
JMP 10 (HKLM-x32\...\{188BB63B-35C8-47EE-AEBF-5EA826CAA74D}) (Version: 10.0 - SAS Institute Inc.)
JMP Profiler Core (HKLM-x32\...\{38A15D11-05F8-4ECE-AC47-A85DC6FFA197}) (Version: 1.10.0 - SAS Institute Inc.)
JMP Profiler GUI (HKLM-x32\...\{EC0782E1-D80F-44A3-A181-C1170B279993}) (Version: 1.10.0 - SAS Institute Inc.)
LightCycler® 480 (HKLM-x32\...\{8F07FAB0-5BBA-43EF-979E-6E7C9E4F811E}) (Version: - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{FD052FB9-FE90-4438-B355-15EDC89D8FB1}) (Version: 2.0.673.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 39.0 (x86 de) (HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Origin 2015 (HKLM-x32\...\{919C759D-DA8F-4B02-A9F1-75CE8B31CBDB}) (Version: 9.20.00 - OriginLab Corporation)
Origin8 (x32 Version: 8.00.000 - OriginLab) Hidden
OriginPro 8 (HKLM-x32\...\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}) (Version: 8.00.000 - OriginLab Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.1 - Frank Heindörfer, Philip Chinery)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.199.0 - Tracker Software Products Ltd.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
PyMOL (32 bit) (HKLM-x32\...\{82B39CBA-144C-4D34-8C5D-31D2CAEC2AFB}) (Version: 1.3.0.0 - Schrodinger LLC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{0DF70CB6-553A-4C57-8E6D-87635EECFB78}) (Version: 1.00.0145 - )
S Agent (Version: 1.1.52 - Samsung Electronics CO., LTD.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.6.0.2 - Samsung Electronics CO., LTD.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.6.0 - Samsung Electronics Co., Ltd.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spotify (HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Spotify) (Version: 1.0.8.59.gee82e7e6 - Spotify AB)
SW Update (HKLM-x32\...\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}) (Version: 2.2.9 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
Texmaker (HKLM-x32\...\Texmaker) (Version: - )
TeXstudio 2.3 (HKLM-x32\...\TeXstudio_is1) (Version: 2.3.0 - Benito van der Zander)
The Witcher 2 (HKLM-x32\...\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}) (Version: 1.00.0000 - CD Projekt Red)
Uplay (HKLM-x32\...\Uplay) (Version: 4.7 - Ubisoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.2 - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8800 - Broadcom Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
==================== Restore Points =========================
15-07-2015 02:01:40 Geplanter Prüfpunkt
15-07-2015 09:19:34 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00846688-578A-4C0A-AE99-5D14C940938B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {10887BC6-E781-49A7-98FF-BEF0C755CE7C} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-10-30] (SEC)
Task: {1D6F3F69-2F89-43B0-972C-0B5E5D67E643} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {23F485AA-18C1-4137-87DF-B800839A9C5F} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {2A779B3E-18FD-4712-9889-3EB6F4AC879B} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {31AA077E-022D-4EA3-A3E0-6328BD527343} - System32\Tasks\{25D957C8-AEC6-4A74-B086-B787F8728C65} => pcalua.exe -a H:\kdewin-installer-gui-latest.exe -d "D:\Program Files (x86)\Mozilla\Mozilla Firefox"
Task: {51345CBF-0185-4BC0-87B6-48446F1497DE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {5B2B5D45-0733-4D72-ACC8-E499810B7414} - System32\Tasks\{50E44413-1BDA-4A7E-99B0-97E460C1A93E} => pcalua.exe -a "C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\UserCom.exe" -d "C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility"
Task: {5E6A2316-07D2-4066-9884-32E7A9AB3CA2} - System32\Tasks\{AF6A88AB-805C-4305-AB9C-15ED74714B97} => pcalua.exe -a "D:\Program Files (x86)\KDE\bin\kdewin-installer-gui-latest.exe" -d "D:\Program Files (x86)\KDE\bin\"
Task: {60D48E58-0DC0-4F16-9DD0-141ED81D2ECE} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2013-01-22] (Samsung Electronics CO., LTD.)
Task: {6F81CDC2-9D78-4923-94A9-86E0CC67AFC8} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-30] (Samsung Electronics Co., Ltd.)
Task: {86069D2A-9CE4-4797-A515-EE2772CD9BE2} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {91864A53-05B1-4BB5-9297-7B93F866F610} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {963B5E4D-AF87-440E-B673-4ECED6456731} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {9869F326-BE45-4631-BA04-B46ABBE3924B} - System32\Tasks\{D8A60C21-00B0-41DD-91A5-5DBA885EDCFF} => pcalua.exe -a "D:\Program Files (x86)\Bethesda Softworks\Fallout 3\Uninstall.exe" -d "D:\Program Files (x86)\Bethesda Softworks\Fallout 3"
Task: {9AB7678A-72A6-4AD4-AF5E-E2D2F0FE1ACF} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-02-04] (Samsung Electronics CO., LTD.)
Task: {9D5A6623-6113-4405-A407-F155F42ADC28} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {A2188297-3350-4570-8EDB-FD393F33A572} - System32\Tasks\{CF1FE001-BA5E-4C95-8667-EC08B265AE08} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {A7D96676-7348-4E4D-8AE2-AA4922A1F19B} - System32\Tasks\{265170B0-997D-4167-81CD-89BA20CDB519} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
Task: {B43299F5-9E25-4F82-8EC7-394BFC0388E8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {C3323DC6-197A-425E-8893-9335360A550B} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {C6688C57-4A6A-42B8-884C-49CA7221B58C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {C6CCA375-5DC4-4671-A193-887F6CA2DC55} - System32\Tasks\avast! Emergency Update => D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {D42538A9-F0B7-48E8-8A57-0C81DF88B869} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {DCF033BD-0AAC-454C-A7CA-E48E5554B689} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {E45E71DB-9CE3-40CA-BFAE-A83C078BF6BE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)
Task: {E8ED7480-14B9-4953-83C1-AD438BB81175} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)
Task: {F9A4183F-8EB0-46C7-93B6-D69A56D62EE3} - System32\Tasks\{81D76A8C-6E9E-4624-8CE3-32E7D474BB08} => pcalua.exe -a D:\ACDFREE11\setup\SETUP.EXE -d D:\ACDFREE11\setup
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core.job => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA.job => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core.job => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA.job => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2012-08-05 15:49 - 2003-04-18 19:06 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2012-08-05 15:49 - 2010-04-10 09:03 - 00077824 _____ () C:\Windows\KMService.exe
2014-03-24 02:59 - 2014-09-01 20:03 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-13 20:06 - 2012-02-13 15:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-01-27 16:28 - 2011-01-27 16:28 - 00706048 _____ () C:\Windows\system32\SnMinDrv.dll
2011-04-05 08:18 - 2011-04-05 08:18 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2012-03-30 16:43 - 2012-03-30 16:43 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-04-18 06:38 - 2012-04-18 06:38 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-12 22:53 - 2014-03-12 22:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-04-27 01:18 - 2015-04-27 01:18 - 00104400 _____ () D:\Program Files\AVAST Software\Avast\log.dll
2015-04-27 01:18 - 2015-04-27 01:18 - 00081728 _____ () D:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-15 20:23 - 2015-07-15 20:23 - 02956800 _____ () D:\Program Files\AVAST Software\Avast\defs\15071501\algo.dll
2013-10-31 17:05 - 2013-10-31 17:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2012-07-13 20:06 - 2011-02-17 01:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2012-07-13 20:06 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2015-07-15 20:27 - 2015-07-15 20:27 - 00043008 _____ () c:\users\felix\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd77tja.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\Felix\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\Felix\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\Felix\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\Felix\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Felix\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\Felix\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Felix\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-04-27 01:18 - 2015-04-27 01:18 - 40540672 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-12 14:33 - 2011-09-08 20:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\Software\Classes\.exe: => <===== ATTENTION!
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exor4 for XDMS_R.lnk => C:\Windows\pss\Exor4 for XDMS_R.lnk.CommonStartup
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Felix\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: Spotify => "C:\Users\Felix\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Felix\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "D:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C34A8DF3-9217-4A64-9068-A52F6FBE2453}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1CB44EF5-A38B-48BF-AF64-7F3BA9F5F2AD}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{713DBB41-1DCA-415D-AEDC-48C0618F03CB}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{35F5AE32-807B-4FF8-9851-7E46F84BBB72}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{D80614D7-4A0E-4D32-830A-87635D43D536}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{F3DC6820-2DC4-4340-9E3F-E44F20DB386A}] => (Allow) C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{45D2F162-AA26-438C-988A-D9D852C859F0}] => (Allow) C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{EF7BABA5-8FBF-4783-97AC-4D90F2AF8925}C:\users\felix\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\felix\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{B5CF0349-73EE-4B18-B37E-7C187799B061}C:\users\felix\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\felix\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{A3FDEBCC-A47E-4E0E-AD5D-4A9434A8A486}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{CC2D6F8C-DA92-47F0-89DA-45B17FB0D86D}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{FC0E53AB-1787-4D64-B46E-C1E742BC3E5B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{EAB17ABB-98CB-4144-A1CF-A3E49C121816}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [TCP Query User{48B5C764-6421-4DF2-82DC-A801C1D265B0}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Allow) D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{C97CA6E8-F37E-4537-8502-1728F362429B}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Allow) D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{6E8D02E3-A545-4C3E-9C73-ACD62B5A6DCC}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Block) D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{14EC7B72-647E-4010-93BB-3662B8BD22F8}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Block) D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [{3D949E5E-65FB-4833-B444-86142D966029}] => (Allow) LPort=1542
FirewallRules: [{3C2CD8C3-6E03-42FD-992D-B30BD41446CF}] => (Allow) LPort=1542
FirewallRules: [{7B938F6B-0643-43C2-9EBC-29E360B82280}] => (Allow) LPort=53
FirewallRules: [TCP Query User{D914CD34-0741-45FC-8CD3-03A8F00B6825}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{CB356E18-2979-432E-851F-A84855E784E5}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{E69D975D-0FB6-4834-9801-7F3993E00DA8}D:\program files (x86)\guild wars 2\gw2.exe] => (Block) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{F1CDC5C4-AC41-4DAE-A263-00E55F9F51CA}D:\program files (x86)\guild wars 2\gw2.exe] => (Block) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{94CBF18A-5725-4E3A-A043-C59322623F36}] => (Allow) C:\Program Files (x86)\Samsung\Easy File Share\EasyFileShare.EXE
FirewallRules: [{0CCA5055-B765-4FC0-B25F-DAAC4116EE6D}] => (Allow) C:\Program Files (x86)\Samsung\Easy File Share\EasyFileShare.EXE
FirewallRules: [TCP Query User{B323AF3A-9862-42CA-8147-53B36F97D4D8}C:\program files (x86)\samsung\easy file share\connectionmanager32.exe] => (Allow) C:\program files (x86)\samsung\easy file share\connectionmanager32.exe
FirewallRules: [UDP Query User{92C926F6-3192-440E-BA8E-F52669C01D66}C:\program files (x86)\samsung\easy file share\connectionmanager32.exe] => (Allow) C:\program files (x86)\samsung\easy file share\connectionmanager32.exe
FirewallRules: [{711BC575-3A05-4CE8-9A43-DE45E04FC344}] => (Block) C:\program files (x86)\samsung\easy file share\connectionmanager32.exe
FirewallRules: [{5F6D9819-8BEE-4F28-81E4-1DD78B271292}] => (Block) C:\program files (x86)\samsung\easy file share\connectionmanager32.exe
FirewallRules: [TCP Query User{54E97C33-328B-4075-9F02-AF989F86E26E}H:\games\cad\cod 4 lan\iw3mp.exe] => (Block) H:\games\cad\cod 4 lan\iw3mp.exe
FirewallRules: [UDP Query User{D447AC97-ACBA-4AD3-84E7-D953406B633C}H:\games\cad\cod 4 lan\iw3mp.exe] => (Block) H:\games\cad\cod 4 lan\iw3mp.exe
FirewallRules: [TCP Query User{ADC51B79-ACE8-4828-A435-C19047C1D653}D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe] => (Allow) D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe
FirewallRules: [UDP Query User{ED4452F8-A16F-48BD-8AD2-D4868AF25C7A}D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe] => (Allow) D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe
FirewallRules: [{BB201351-2E51-4C2D-8B1C-6A8EE3ED4EBB}] => (Block) D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe
FirewallRules: [{935CD4CD-DC40-431F-8D87-3E57682C8E44}] => (Block) D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe
FirewallRules: [TCP Query User{427164A0-B971-4D8B-8678-4D60551BC1F0}D:\program files\cod 4 lan\iw3mp.exe] => (Allow) D:\program files\cod 4 lan\iw3mp.exe
FirewallRules: [UDP Query User{1703707A-B822-402E-A1E7-9F3FDDAAAD77}D:\program files\cod 4 lan\iw3mp.exe] => (Allow) D:\program files\cod 4 lan\iw3mp.exe
FirewallRules: [TCP Query User{4F0FCFBB-E474-4636-BD68-0FA296E4623E}C:\users\felix\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\felix\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FF85A6AC-5C50-4B9B-90ED-6498ABFEDB4A}C:\users\felix\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\felix\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{76E49650-6C5B-4585-A6B0-B3A1922C0864}C:\users\felix\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\felix\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4B0951A8-451D-45FF-BB1D-D7D8433DEC7D}C:\users\felix\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\felix\appdata\roaming\spotify\spotify.exe
FirewallRules: [{58B8D1C4-57E3-4C0D-B879-02BD4D5EC564}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe
FirewallRules: [{7AFF7F8C-0B24-4ED4-95D1-633FF03DF261}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe
FirewallRules: [{D4092CD3-4DD9-4862-A9D0-0B68631328AE}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe
FirewallRules: [{73CE7FC4-C842-4206-A000-66C46251608E}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe
FirewallRules: [{8066EDAC-FA64-45E2-853A-F0F13496C260}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe
FirewallRules: [{1FEAF269-0E7F-4AC9-B544-08D48F78F6FE}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe
FirewallRules: [{3469FB40-1E1A-4142-9907-041095DE9BD4}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{AFB96924-C01A-489D-A21D-451C3CA3CFB4}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{477EB8CD-AA11-40EA-9262-18172431BD79}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{AD2D59CD-4FE2-4350-A0F1-E01034F27993}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{0A436D5D-9B09-4B5E-9D93-4D383401E26D}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{4CB32201-C09B-4BC7-957D-C64AEB321589}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{ECCFCB0B-8E4F-4F45-90E2-2112281D9E2A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0E23AD27-8C26-4C3F-B442-8F2164F60BA2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9AB974E9-AAA9-4697-9A45-0BC5A3EFFB4C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F0154C5B-9A5F-4F1D-8701-68F36519C994}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{41770466-E5D9-4E32-8FE9-D3B340AFA220}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe
FirewallRules: [{36192D84-22CA-4BFD-B448-5AA5968C9D1E}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe
FirewallRules: [{245F9149-58DF-4532-8673-1597376A25D7}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{CD8BFC70-A341-41D0-A7D2-D0BC131C0778}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{EDB5D85D-B5AE-47E0-9C6D-18526FE4652B}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe
FirewallRules: [{6E9FB0D4-98D0-4B8F-A827-0AA740C8AF23}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe
FirewallRules: [{EB06049D-2C8C-4DAC-B996-1F1969A15D02}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe
FirewallRules: [{91DF83A0-682B-475F-870A-9733D5ED19EB}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe
FirewallRules: [{D83E509C-E8F8-4FA1-B70B-64F4F5559362}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{421CEE2A-FE12-4E50-A608-049C0264BB94}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{4875E736-65AB-4BFF-8692-587DDBAB1EA2}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{BCF7B8F7-D8A1-418B-B3FD-BF0B14094BB6}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{58ECE18C-443C-486F-AA7C-47B6751316F1}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe
FirewallRules: [{45EEFF88-25BC-4FE0-97ED-3A669872CB95}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe
FirewallRules: [TCP Query User{DDCE6671-CD5E-458E-AE7A-1B0FD9A81D6F}D:\program files\imagej\fiji-win64-20140602\fiji.app\imagej-win64.exe] => (Allow) D:\program files\imagej\fiji-win64-20140602\fiji.app\imagej-win64.exe
FirewallRules: [UDP Query User{2E8E411B-409B-4CC2-964C-4B0A01E42EAA}D:\program files\imagej\fiji-win64-20140602\fiji.app\imagej-win64.exe] => (Allow) D:\program files\imagej\fiji-win64-20140602\fiji.app\imagej-win64.exe
FirewallRules: [{7D62D8CD-9BEF-48B0-B2CE-4C44F00930FC}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{7F6F2309-C285-4C03-9081-21463E2CA970}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [TCP Query User{8E6FD174-DDD4-44E7-AFA4-DDD3143E862B}D:\program files (x86)\roche\exor4\bin\exor4.exe] => (Allow) D:\program files (x86)\roche\exor4\bin\exor4.exe
FirewallRules: [UDP Query User{112AD554-6776-4BB5-B438-5585A84BBB8B}D:\program files (x86)\roche\exor4\bin\exor4.exe] => (Allow) D:\program files (x86)\roche\exor4\bin\exor4.exe
FirewallRules: [{1C5649DE-E0D5-461A-9F7B-186E0D414133}] => (Block) D:\program files (x86)\roche\exor4\bin\exor4.exe
FirewallRules: [{2AF9D080-C712-4BAC-AEF9-D62D9864C236}] => (Block) D:\program files (x86)\roche\exor4\bin\exor4.exe
FirewallRules: [TCP Query User{6B554A3B-86F7-4372-AC62-A9B16D73A9A3}D:\program files (x86)\mozilla\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8C787D7F-704B-49DF-A37E-2C13BC80FA89}D:\program files (x86)\mozilla\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3D642B63-70A2-4379-9248-A505A02F1DB6}D:\program files (x86)\mozilla\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{455D7987-ACAA-40CA-93AB-FD578111E3FE}D:\program files (x86)\mozilla\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla\mozilla firefox\firefox.exe
FirewallRules: [{7F33520E-63E8-4E51-8800-A87C54076591}] => (Allow) D:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4F5E6C43-F542-4AA8-9192-9F42B1AD60BD}] => (Allow) D:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Description: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/15/2015 08:25:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x948
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3
Error: (07/15/2015 08:25:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x964
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3
Error: (07/15/2015 08:23:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x954
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3
Error: (07/15/2015 08:23:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x938
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3
Error: (07/14/2015 10:28:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x958
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3
Error: (07/14/2015 10:28:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x974
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3
Error: (07/14/2015 09:31:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x988
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3
Error: (07/14/2015 09:31:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x95c
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3
Error: (07/13/2015 01:44:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SWMAgent.exe, Version: 2.2.1.13, Zeitstempel: 0x5535d759
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00039e03
ID des fehlerhaften Prozesses: 0x9d8
Startzeit der fehlerhaften Anwendung: 0xSWMAgent.exe0
Pfad der fehlerhaften Anwendung: SWMAgent.exe1
Pfad des fehlerhaften Moduls: SWMAgent.exe2
Berichtskennung: SWMAgent.exe3
Error: (07/11/2015 01:50:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x95c
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3
System errors:
=============
Error: (07/16/2015 12:31:08 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (07/16/2015 12:25:33 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (07/15/2015 08:26:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (07/15/2015 08:25:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Realtek87B" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/15/2015 08:25:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "RtlService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/15/2015 08:23:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Realtek87B" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/15/2015 08:23:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "RtlService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/15/2015 09:19:19 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (07/14/2015 10:29:39 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (07/14/2015 10:28:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "RtlService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office:
=========================
Error: (07/15/2015 08:25:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df394801d0bf2b963a2ffdC:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dlld91237f5-2b1e-11e5-92bd-e81132cb8454
Error: (07/15/2015 08:25:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df396401d0bf2b963ef2bdC:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dlld90fd695-2b1e-11e5-92bd-e81132cb8454
Error: (07/15/2015 08:23:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df395401d0bf2b49db39b9C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dll8cc673c3-2b1e-11e5-b652-e81132cb8454
Error: (07/15/2015 08:23:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df393801d0bf2b49d8d858C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dll8cc64cb3-2b1e-11e5-b652-e81132cb8454
Error: (07/14/2015 10:28:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df395801d0be73a98cb016C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dlleebef434-2a66-11e5-b5b0-e81132cb8454
Error: (07/14/2015 10:28:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df397401d0be73a99172d7C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dlleebf1b44-2a66-11e5-b5b0-e81132cb8454
Error: (07/14/2015 09:31:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df398801d0be07164f0d95C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dll5924b42d-29fa-11e5-a469-9337258cbccf
Error: (07/14/2015 09:31:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df395c01d0be07161aaf4fC:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dll5924db3d-29fa-11e5-a469-9337258cbccf
Error: (07/13/2015 01:44:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SWMAgent.exe2.2.1.135535d759ntdll.dll6.1.7601.187985507b3e0c000000500039e039d801d0bbcfb70fa482C:\ProgramData\Samsung\SW Update Service\SWMAgent.exeC:\Windows\SysWOW64\ntdll.dll8a84543c-2954-11e5-a1ed-e81132cb8454
Error: (07/11/2015 01:50:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df395c01d0bbcfb6c83b3aC:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dllfa0202ad-27c2-11e5-a1ed-e81132cb8454
CodeIntegrity Errors:
===================================
Date: 2012-08-24 00:12:12.032
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-08-24 00:12:11.798
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-13 19:51:22.396
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-13 19:51:22.021
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 40%
Total physical RAM: 6057.55 MB
Available physical RAM: 3602.61 MB
Total Virtual: 12113.29 MB
Available Virtual: 9341.11 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:87 GB) (Free:34.2 GB) NTFS
Drive d: () (Fixed) (Total:587.9 GB) (Free:296.69 GB) NTFS
Drive f: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 071697A3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=87 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=587.9 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.6 GB) - (Type=27)
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=73)
==================== End of log ============================
Zuletzt das GMER logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-16 01:22:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JF4O 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\Felix\AppData\Local\Temp\ugloypod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077031401 2 bytes JMP 764eb21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077031419 2 bytes JMP 764eb346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077031431 2 bytes JMP 76568f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007703144a 2 bytes CALL 764c489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770314dd 2 bytes JMP 76568822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770314f5 2 bytes JMP 765689f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007703150d 2 bytes JMP 76568718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077031525 2 bytes JMP 76568ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007703153d 2 bytes JMP 764dfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077031555 2 bytes JMP 764e68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007703156d 2 bytes JMP 76568fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077031585 2 bytes JMP 76568b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007703159d 2 bytes JMP 765686dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770315b5 2 bytes JMP 764dfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770315cd 2 bytes JMP 764eb2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770316b2 2 bytes JMP 76568ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770316bd 2 bytes JMP 76568671 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2296] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000745f17fa 2 bytes CALL 764c11a9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2296] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000745f1860 2 bytes CALL 764c11a9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2296] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000745f1942 2 bytes JMP 76057089 C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2296] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000745f194d 2 bytes JMP 7605cba6 C:\Windows\syswow64\WS2_32.dll
.text D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000764c8781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077031401 2 bytes JMP 764eb21b C:\Windows\syswow64\kernel32.dll
.text D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077031419 2 bytes JMP 764eb346 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077031431 2 bytes JMP 76568f29 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007703144a 2 bytes CALL 764c489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770314dd 2 bytes JMP 76568822 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770314f5 2 bytes JMP 765689f8 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007703150d 2 bytes JMP 76568718 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077031525 2 bytes JMP 76568ae2 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007703153d 2 bytes JMP 764dfca8 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077031555 2 bytes JMP 764e68ef C:\Windows\syswow64\kernel32.dll
.text D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007703156d 2 bytes JMP 76568fe3 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077031585 2 bytes JMP 76568b42 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007703159d 2 bytes JMP 765686dc C:\Windows\syswow64\kernel32.dll
.text D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770315b5 2 bytes JMP 764dfd41 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770315cd 2 bytes JMP 764eb2dc C:\Windows\syswow64\kernel32.dll
.text D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770316b2 2 bytes JMP 76568ea4 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770316bd 2 bytes JMP 76568671 C:\Windows\syswow64\kernel32.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749ff98f96
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749ff98f96@00223702b59f 0xDA 0xC0 0x25 0x63 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749ff98f96@0017ea81650f 0x21 0x5B 0xEC 0x03 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749ff98f96 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749ff98f96@00223702b59f 0xDA 0xC0 0x25 0x63 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749ff98f96@0017ea81650f 0x21 0x5B 0xEC 0x03 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Geändert von Felicibus (16.07.2015 um 10:15 Uhr) |
| Themen zu Windows 7: Avast URL:Mal Alarm beim Laden von Websites |
| adware, antivirus, branding, browser, cpu, fehlermeldung, firefox, firefox 39.0, flash player, google, homepage, install.exe, installation, internet, logfile, mozilla, officejet, realtek, registry, rundll, scan, server, services.exe, software, svchost.exe, system, tracker, udp, usb, windows |
Baum-Darstellung