Windows 8: Schädlingsbefall - PUP.Optional. DefaultTab.A und PUP.Optional.AlexaTB.A
Hallo,
mein MBAM-Suchlauf hat die oben genannten Schädlinge gefunden. Außerdem hängt sich mein Antivir-Suchlauf nach gewisser Zeit auf und läuft nicht mehr weiter. Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:52 on 07/01/2014 (Oliver)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by Oliver (administrator) on VAIO on 07-01-2014 14:54:44
Running from C:\Users\Oliver\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCWebServer.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-09-28] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-11-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-11-05] (Atheros Communications)
HKLM\...\Run: [Windows Mobile-based device management] - %WINDIR%\WindowsMobile\wmdcBase.exe
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-10-23] (Synaptics Incorporated)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [BrowserChoice] - C:\Windows\BrowserChoice\browserchoice.exe [86816 2013-08-22] (Microsoft Corporation)
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [441408 2013-09-24] (BillP Studios)
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL [ ] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
SearchScopes: HKCU - {CE893E0F-C38D-4660-9AD9-891F92E8D8D4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
SearchScopes: HKCU - {F72A0513-B57E-4578-B575-638F391CCA20} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - No File
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\ubcrty47.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\ubcrty47.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-11-05] (Qualcomm Atheros Commnucations)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-09-29] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-29] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1368624 2013-08-01] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-11-05] (Atheros)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-05] (Qualcomm Atheros)
S3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-11-05] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-10-14] (Secunia)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-23] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-19] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-07 14:54 - 2014-01-07 14:55 - 00017498 _____ C:\Users\Oliver\Downloads\FRST.txt
2014-01-07 14:54 - 2014-01-07 14:54 - 00000000 ____D C:\FRST
2014-01-07 14:53 - 2014-01-07 14:53 - 01931762 _____ (Farbar) C:\Users\Oliver\Downloads\FRST64.exe
2014-01-07 14:52 - 2014-01-07 14:52 - 00050477 _____ C:\Users\Oliver\Downloads\Defogger(1).exe
2014-01-07 14:49 - 2014-01-07 14:52 - 00000474 _____ C:\Users\Oliver\Desktop\defogger_disable.log
2014-01-07 14:49 - 2014-01-07 14:49 - 00000000 _____ C:\Users\Oliver\defogger_reenable
2014-01-07 14:47 - 2014-01-07 14:47 - 00050477 _____ C:\Users\Oliver\Downloads\Defogger.exe
2013-12-31 09:26 - 2013-12-31 09:26 - 00000000 ____D C:\Users\Oliver\AppData\Local\PDF24
2013-12-31 09:19 - 2013-12-31 09:19 - 00001099 _____ C:\Users\Oliver\Desktop\Mozilla Firefox.lnk
2013-12-31 09:18 - 2013-12-31 09:18 - 00003231 _____ C:\Users\Oliver\Desktop\Microsoft Outlook 2010.lnk
2013-12-31 09:18 - 2013-12-31 09:18 - 00003095 _____ C:\Users\Oliver\Desktop\Microsoft PowerPoint 2010.lnk
2013-12-31 09:18 - 2013-12-31 09:18 - 00003047 _____ C:\Users\Oliver\Desktop\Microsoft Excel 2010.lnk
2013-12-31 09:18 - 2013-12-31 09:18 - 00003029 _____ C:\Users\Oliver\Desktop\Microsoft Word 2010.lnk
2013-12-31 09:16 - 2013-12-31 09:16 - 00001193 _____ C:\Users\Oliver\Desktop\Sticky Notes.lnk
2013-12-31 09:05 - 2013-12-31 09:06 - 00000000 ____D C:\Program Files (x86)\PDF24
2013-12-31 09:05 - 2013-12-31 09:05 - 00001091 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2013-12-31 09:05 - 2013-12-31 09:05 - 00001071 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2013-12-31 08:49 - 2013-12-31 08:50 - 16189768 _____ (Geek Software GmbH ) C:\Users\Oliver\Downloads\pdf24-creator-6.2.0.exe
2013-12-27 09:25 - 2013-12-27 09:25 - 00000306 __RSH C:\Users\Oliver\ntuser.pol
2013-12-27 09:16 - 2013-12-27 09:17 - 18277248 _____ (pdfforge ) C:\Users\Oliver\Downloads\PDFCreator-1_7_2_setup(1).exe
2013-12-26 23:24 - 2013-12-26 23:24 - 00129392 _____ C:\Users\Oliver\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-26 23:24 - 2013-12-26 23:24 - 00000000 ____D C:\Users\Oliver\AppData\Roaming\PDF Architect
2013-12-26 23:16 - 2013-12-26 23:17 - 18277248 _____ (pdfforge ) C:\Users\Oliver\Downloads\PDFCreator-1_7_2_setup.exe
2013-12-17 15:13 - 2013-12-17 15:13 - 00000000 ____D C:\Users\Oliver\AppData\Roaming\Avira
2013-12-17 15:12 - 2013-12-17 15:12 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-12-17 15:12 - 2013-12-17 15:12 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-12-17 15:11 - 2013-12-17 15:11 - 00002082 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-12-17 15:10 - 2013-12-17 15:10 - 00000000 ____D C:\ProgramData\Avira
2013-12-17 15:10 - 2013-12-17 15:10 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-17 15:10 - 2013-12-09 11:37 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-17 15:10 - 2013-12-09 11:37 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-17 15:10 - 2013-12-09 11:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-12-17 15:10 - 2013-12-09 11:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2013-12-17 14:59 - 2013-12-17 15:06 - 129598176 _____ C:\Users\Oliver\Downloads\avira_free_antivirus_de_14.0.2.286.exe
2013-12-17 14:59 - 2013-11-19 11:30 - 00267936 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2013-12-16 20:19 - 2013-12-16 20:19 - 00448512 _____ (OldTimer Tools) C:\Users\Oliver\Desktop\TFC.exe
2013-12-16 20:14 - 2013-12-16 20:15 - 00000984 _____ C:\DelFix.txt
2013-12-15 10:49 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-15 10:49 - 2013-11-12 00:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-15 10:49 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-15 10:49 - 2013-11-12 00:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-15 10:49 - 2013-11-11 03:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-15 10:49 - 2013-11-09 12:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-15 10:49 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-15 10:49 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-15 10:49 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-15 10:49 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-15 10:49 - 2013-11-08 05:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-15 10:49 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-15 10:49 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-15 10:49 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-15 10:49 - 2013-11-08 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-15 10:49 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-15 10:49 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-15 10:49 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-15 10:49 - 2013-11-05 15:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-15 10:49 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-15 10:49 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-15 10:49 - 2013-11-05 14:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-15 10:49 - 2013-11-04 18:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-15 10:49 - 2013-11-04 18:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-15 10:49 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-15 10:49 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-15 10:49 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-15 10:49 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-15 10:49 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-12-15 10:49 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-15 10:49 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-15 10:49 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-15 10:49 - 2013-10-31 01:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-15 10:49 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-15 10:49 - 2013-10-31 01:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-15 10:49 - 2013-10-31 01:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-15 10:49 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-15 10:49 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-15 10:49 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-15 10:49 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-15 10:49 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-15 10:49 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-15 10:49 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-15 10:49 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-15 10:49 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-15 10:49 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-15 10:49 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-12-13 11:54 - 2013-12-13 11:54 - 00663476 _____ C:\WINDOWS\system32\s000000.dat
2013-12-13 07:56 - 2013-12-13 07:56 - 00000040 _____ C:\WINDOWS\system32\sstate_prev.sdt
2013-12-13 07:56 - 2013-12-13 07:56 - 00000000 _____ C:\WINDOWS\system32\sstates.sdt
2013-12-12 22:20 - 2013-12-04 01:05 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-12-12 22:20 - 2013-12-04 01:05 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-12 22:16 - 2013-12-12 22:16 - 00000000 ____D C:\WINDOWS\PCHEALTH
2013-12-12 18:02 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-12 18:02 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-12 18:02 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-12 18:02 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-12 18:02 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-12 18:02 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-12 18:02 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-12 18:02 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-12-12 18:02 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-12 18:02 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-12-12 18:02 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-12 18:02 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-12 18:02 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-12 18:02 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-12-12 18:02 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2013-12-12 18:02 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-12 18:02 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-12 18:02 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-12 18:02 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-12 18:02 - 2013-11-23 04:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-12-12 18:02 - 2013-11-23 04:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-12-12 18:02 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-12 18:02 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-12 18:02 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-12 18:02 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-12-12 18:01 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-12 18:01 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-12 18:01 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2013-12-12 18:01 - 2013-11-08 08:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-12 12:22 - 2013-12-12 12:22 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
==================== One Month Modified Files and Folders =======
2014-01-07 14:55 - 2014-01-07 14:54 - 00017498 _____ C:\Users\Oliver\Downloads\FRST.txt
2014-01-07 14:54 - 2014-01-07 14:54 - 00000000 ____D C:\FRST
2014-01-07 14:53 - 2014-01-07 14:53 - 01931762 _____ (Farbar) C:\Users\Oliver\Downloads\FRST64.exe
2014-01-07 14:52 - 2014-01-07 14:52 - 00050477 _____ C:\Users\Oliver\Downloads\Defogger(1).exe
2014-01-07 14:52 - 2014-01-07 14:49 - 00000474 _____ C:\Users\Oliver\Desktop\defogger_disable.log
2014-01-07 14:49 - 2014-01-07 14:49 - 00000000 _____ C:\Users\Oliver\defogger_reenable
2014-01-07 14:49 - 2013-11-19 11:35 - 00000000 ____D C:\Users\Oliver
2014-01-07 14:47 - 2014-01-07 14:47 - 00050477 _____ C:\Users\Oliver\Downloads\Defogger.exe
2014-01-07 14:47 - 2013-11-29 08:42 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-07 14:42 - 2013-06-25 20:08 - 00000000 ____D C:\Users\Oliver\Documents\Outlook-Dateien
2014-01-07 14:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-07 14:02 - 2013-06-20 11:06 - 00000000 ____D C:\Users\Oliver\Documents\Dokumente
2014-01-07 13:56 - 2013-06-20 11:05 - 00000000 ____D C:\Users\Oliver\Documents\Auswertungen
2014-01-07 13:21 - 2013-11-19 11:55 - 01153413 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-07 13:14 - 2013-11-19 12:12 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B450B476-3EEC-4B52-94D0-C2F6FD6170A6}
2014-01-03 08:15 - 2013-06-20 11:16 - 00000000 ____D C:\Users\Oliver\Documents\Studium
2014-01-03 07:13 - 2013-09-30 05:14 - 01785582 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-03 07:13 - 2013-09-30 04:56 - 00769092 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-03 07:13 - 2013-09-30 04:56 - 00160376 _____ C:\WINDOWS\system32\perfc007.dat
2013-12-31 13:25 - 2013-10-25 09:17 - 00503808 ___SH C:\Users\Oliver\Desktop\Thumbs.db
2013-12-31 09:56 - 2013-06-20 08:11 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3691925902-789438496-117329320-1001
2013-12-31 09:26 - 2013-12-31 09:26 - 00000000 ____D C:\Users\Oliver\AppData\Local\PDF24
2013-12-31 09:19 - 2013-12-31 09:19 - 00001099 _____ C:\Users\Oliver\Desktop\Mozilla Firefox.lnk
2013-12-31 09:18 - 2013-12-31 09:18 - 00003231 _____ C:\Users\Oliver\Desktop\Microsoft Outlook 2010.lnk
2013-12-31 09:18 - 2013-12-31 09:18 - 00003095 _____ C:\Users\Oliver\Desktop\Microsoft PowerPoint 2010.lnk
2013-12-31 09:18 - 2013-12-31 09:18 - 00003047 _____ C:\Users\Oliver\Desktop\Microsoft Excel 2010.lnk
2013-12-31 09:18 - 2013-12-31 09:18 - 00003029 _____ C:\Users\Oliver\Desktop\Microsoft Word 2010.lnk
2013-12-31 09:16 - 2013-12-31 09:16 - 00001193 _____ C:\Users\Oliver\Desktop\Sticky Notes.lnk
2013-12-31 09:06 - 2013-12-31 09:05 - 00000000 ____D C:\Program Files (x86)\PDF24
2013-12-31 09:05 - 2013-12-31 09:05 - 00001091 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2013-12-31 09:05 - 2013-12-31 09:05 - 00001071 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2013-12-31 08:50 - 2013-12-31 08:49 - 16189768 _____ (Geek Software GmbH ) C:\Users\Oliver\Downloads\pdf24-creator-6.2.0.exe
2013-12-27 16:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-12-27 09:25 - 2013-12-27 09:25 - 00000306 __RSH C:\Users\Oliver\ntuser.pol
2013-12-27 09:25 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2013-12-27 09:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2013-12-27 09:17 - 2013-12-27 09:16 - 18277248 _____ (pdfforge ) C:\Users\Oliver\Downloads\PDFCreator-1_7_2_setup(1).exe
2013-12-26 23:24 - 2013-12-26 23:24 - 00129392 _____ C:\Users\Oliver\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-26 23:24 - 2013-12-26 23:24 - 00000000 ____D C:\Users\Oliver\AppData\Roaming\PDF Architect
2013-12-26 23:17 - 2013-12-26 23:16 - 18277248 _____ (pdfforge ) C:\Users\Oliver\Downloads\PDFCreator-1_7_2_setup.exe
2013-12-24 16:26 - 2013-09-29 20:04 - 00109934 _____ C:\WINDOWS\PFRO.log
2013-12-24 16:26 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-24 16:25 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-12-18 14:52 - 2013-06-20 11:16 - 00000000 ____D C:\Users\Oliver\Documents\Orietta
2013-12-17 15:13 - 2013-12-17 15:13 - 00000000 ____D C:\Users\Oliver\AppData\Roaming\Avira
2013-12-17 15:12 - 2013-12-17 15:12 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-12-17 15:12 - 2013-12-17 15:12 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-12-17 15:11 - 2013-12-17 15:11 - 00002082 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-12-17 15:10 - 2013-12-17 15:10 - 00000000 ____D C:\ProgramData\Avira
2013-12-17 15:10 - 2013-12-17 15:10 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-17 15:06 - 2013-12-17 14:59 - 129598176 _____ C:\Users\Oliver\Downloads\avira_free_antivirus_de_14.0.2.286.exe
2013-12-16 20:19 - 2013-12-16 20:19 - 00448512 _____ (OldTimer Tools) C:\Users\Oliver\Desktop\TFC.exe
2013-12-16 20:15 - 2013-12-16 20:14 - 00000984 _____ C:\DelFix.txt
2013-12-16 19:58 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-16 10:40 - 2013-11-27 07:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-15 12:29 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-15 12:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-15 12:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-15 12:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-15 12:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-15 12:07 - 2013-08-22 15:46 - 00290919 _____ C:\WINDOWS\setupact.log
2013-12-15 10:56 - 2013-08-14 10:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-15 10:54 - 2013-06-20 15:19 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-14 21:03 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2013-12-13 11:54 - 2013-12-13 11:54 - 00663476 _____ C:\WINDOWS\system32\s000000.dat
2013-12-13 08:39 - 2013-11-27 07:14 - 00000000 ____D C:\Users\Oliver\AppData\Local\Mozilla
2013-12-13 08:26 - 2013-10-10 07:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-13 07:56 - 2013-12-13 07:56 - 00000040 _____ C:\WINDOWS\system32\sstate_prev.sdt
2013-12-13 07:56 - 2013-12-13 07:56 - 00000000 _____ C:\WINDOWS\system32\sstates.sdt
2013-12-12 22:19 - 2013-08-22 15:44 - 00509056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-12 22:16 - 2013-12-12 22:16 - 00000000 ____D C:\WINDOWS\PCHEALTH
2013-12-12 22:16 - 2013-06-25 19:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 12:22 - 2013-12-12 12:22 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2013-12-10 19:47 - 2013-11-29 08:42 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-12-09 11:37 - 2013-12-17 15:10 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-09 11:37 - 2013-12-17 15:10 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-09 11:37 - 2013-12-17 15:10 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-12-09 11:37 - 2013-12-17 15:10 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-28 11:08
==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014
Ran by Oliver at 2014-01-07 14:55:29
Running from C:\Users\Oliver\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) MUI (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar (x32 Version: 12.10.0.2949 - APN, LLC)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
DivX-Setup (x32 Version: 2.6.1.8 - DivX, LLC)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Intel AppUp(R) center (x32 Version: 3.8.0.41505.25 - Intel)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.3.1004 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
PDF24 Creator 6.2.0 (x32 Version: - PDF24.org)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (x32 Version: 6.1.8400.28121 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Secunia PSI (3.0.0.8013) (x32 Version: 3.0.0.8013 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (Version: 16.2.16.2 - Synaptics Incorporated)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
VAIO Care (Version: 8.2.0.15030 - Sony Corporation)
VAIO Control Center (x32 Version: 6.1.0.10300 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.10.0.07270 - Sony Corporation)
VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 3.0.0.08140 - Sony Corporation)
VAIO Gate Default (x32 Version: 3.1.0.10240 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.1.0.10220 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.1.0.10220 - Sony Corporation) Hidden
VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden
VAIO Improvement (x32 Version: 2.1.0.10220 - Sony Corporation)
VAIO Media Server Settings (Version: 1.0.1.10170 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.0.00.10170 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.0.00.10170 - Sony Corporation) Hidden
VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden
VAIO Update (x32 Version: 6.3.0.08010 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (x32 Version: 1.1.0.09200 - Sony Corporation)
VAIO-Handbuch (x32 Version: 3.0.0.08100 - Sony Corporation)
VAIO-Hardwarediagnose-Plugin für VAIO Care (x32 Version: 4.7.0.11070 - Sony Corporation)
VAIO-Support für Übertragungen (x32 Version: 1.9.0.11060 - Sony Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WinPatrol (Version: 28.9.2013.1 - BillP Studios)
WinRAR 5.00 (32-bit) (x32 Version: 5.00.0 - win.rar GmbH)
Xvid Video Codec (x32 Version: 1.3.2 - Xvid Team)
==================== Restore Points =========================
17-12-2013 17:43:47 Geplanter Prüfpunkt
25-12-2013 16:27:55 Geplanter Prüfpunkt
31-12-2013 08:10:01 Removed PDF Architect
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0743CB7A-FEB5-49B4-9711-6F08C70E6D8B} - \DigitalSite No Task File
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0F8799CD-3316-4081-99B5-BFE2B1566C63} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {14CBC852-9DE5-40D3-B7B9-88B2BB72D98B} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-08-01] (Sony Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23B433D7-A347-464A-BA10-31C4B3A02CFB} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {2B300CC1-D974-496D-8B91-28BE3DA3179F} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {35B4B4A6-E280-4C5C-A9FD-10249E1EF762} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3DA6F7C7-B8C2-47B5-B22A-37D940478087} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {443D566B-B316-4A6C-B395-67275E6363F6} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {4668C1E3-BE50-46EC-AAC9-B26F0D0D9794} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-10-23] (Sony Corporation)
Task: {494E381C-E72C-4D0C-8B8D-22E8E3745F63} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5FD4C572-2534-47BA-8334-D25AC6453030} - System32\Tasks\Sony Corporation\VAIO Care Rescue Tool => C:\Windows\Temp\VAIO Care Rescue Tool.vbs
Task: {63426204-48C9-49AD-B1EE-A160A46A2DA3} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-08-14] (Sony Corporation)
Task: {684E87BD-EB58-4A0E-B85D-65564BA5DC7C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {794D9EEF-5B2D-4AA6-904A-6A2DA0D3E9BF} - \EPUpdater No Task File
Task: {7EC4E931-034E-4AC1-8A88-ED410BE4504A} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {7EE90040-4295-4350-81DF-72418B5A4D8A} - System32\Tasks\Sony Corporation\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-11-08] (Sony Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8C84538D-F861-451D-9288-76F62CF536E4} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-04-03] (Sony Corporation)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {96277954-F27E-4E48-BEA8-098F3085F071} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-08-01] (Sony Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AD09F04B-448C-4E0B-99D2-A1C6F3EE94A6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {B07836CE-BD74-45A4-8C0C-32DE6C548C60} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-04-03] (Sony Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D7708387-0B83-49C1-8ADF-F1AF1354C1C5} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E16FDBF1-0378-4B5A-A91B-1F04D26D5CFB} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-10-22] (Sony Corporation)
Task: {E5665D39-E73C-4009-82BC-0A6720B97B6E} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F467A3AA-5245-4DFB-B44F-8C1291F926B0} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {FC152B79-4416-4BF6-8E44-B451B32E942F} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {FC75B844-873F-48B8-A325-55F848090FC6} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-10-03 23:42 - 2013-10-03 23:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-05 19:28 - 2012-11-05 19:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-11-05 19:23 - 2012-11-05 19:23 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-11-05 19:26 - 2012-11-05 19:26 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-11-20 13:49 - 2013-11-20 13:49 - 00183808 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-12-12 13:09 - 2013-12-12 13:09 - 00347136 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\e0e7493cf161f0e0899caa7eb5e0e259\Windows.Globalization.ni.dll
2013-12-12 13:07 - 2013-12-12 13:07 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\432868bf54b081b16eaf68729020b30a\Windows.Foundation.ni.dll
2013-12-12 13:09 - 2013-12-12 13:09 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\e8f8737bea4f0df4b88bbc4bf24fa2a8\Windows.System.ni.dll
2013-12-12 13:10 - 2013-12-12 13:10 - 01278464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\4c323000d6c8d1d462abb0968333c937\Windows.Storage.ni.dll
2013-12-12 13:11 - 2013-12-12 13:11 - 00028160 _____ () C:\Users\Oliver\AppData\Local\Packages\Microsoft.BingHealthAndFitness_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.PerfTrack\5bf99992f103eeb416af8751401af835\Microsoft.PerfTrack.ni.dll
2013-12-12 13:09 - 2013-12-12 13:09 - 01782272 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\600862031eb4d4cfdc6f4d2025a7990e\Windows.ApplicationModel.ni.dll
2013-12-17 15:10 - 2013-12-09 11:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-17 11:40 - 2012-09-29 17:21 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-10-23 11:53 - 2013-07-15 18:29 - 00620718 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2013-11-27 07:13 - 2013-12-05 20:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth VDP Device
Description: Bluetooth VDP Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_VDP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/07/2014 02:12:29 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (01/05/2014 07:52:42 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (01/05/2014 05:30:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 27453
Error: (01/05/2014 05:30:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 27453
Error: (01/05/2014 05:30:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/05/2014 05:30:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13438
Error: (01/05/2014 05:30:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13438
Error: (01/05/2014 05:30:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/05/2014 00:55:24 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (01/04/2014 08:27:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14156
System errors:
=============
Error: (01/07/2014 01:14:26 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/06/2014 08:52:02 PM) (Source: DCOM) (User: VAIO)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (01/06/2014 08:51:32 PM) (Source: DCOM) (User: VAIO)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (01/06/2014 08:06:52 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/05/2014 00:26:46 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/04/2014 00:05:22 PM) (Source: DCOM) (User: VAIO)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (01/04/2014 00:04:52 PM) (Source: DCOM) (User: VAIO)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (01/04/2014 10:19:13 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/03/2014 10:00:01 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/03/2014 06:26:04 AM) (Source: DCOM) (User: VAIO)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Microsoft Office Sessions:
=========================
Error: (01/07/2014 02:12:29 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (01/05/2014 07:52:42 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (01/05/2014 05:30:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 27453
Error: (01/05/2014 05:30:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 27453
Error: (01/05/2014 05:30:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/05/2014 05:30:35 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13438
Error: (01/05/2014 05:30:35 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13438
Error: (01/05/2014 05:30:35 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/05/2014 00:55:24 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (01/04/2014 08:27:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14156
CodeIntegrity Errors:
===================================
Date: 2013-10-25 09:57:32.239
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\Drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 69%
Total physical RAM: 3975.27 MB
Available physical RAM: 1225.38 MB
Total Pagefile: 7815.27 MB
Available Pagefile: 2438.04 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:268.26 GB) (Free:206.11 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 7D39502D)
Partition: GPT Partition Type
==================== End Of Log ============================
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-07 15:10:33
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000029 Hitachi_HTS543232A7A384 rev.ES2OA90C 298,09GB
Running: 3j8wef4i.exe; Driver: C:\Users\Oliver\AppData\Local\Temp\pxldypog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff960000c8700 15 bytes [00, EA, 0F, 02, 00, 7F, 6F, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff960000c8710 11 bytes [00, 1F, FC, FF, 80, 52, DE, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\System32\igfxpers.exe[3076] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe057a169a 4 bytes [7A, 05, FE, 7F]
.text C:\Windows\System32\igfxpers.exe[3076] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe057a16a2 4 bytes [7A, 05, FE, 7F]
.text C:\Windows\System32\igfxpers.exe[3076] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe057a181a 4 bytes [7A, 05, FE, 7F]
.text C:\Windows\System32\igfxpers.exe[3076] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe057a1832 4 bytes [7A, 05, FE, 7F]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3040] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffdead31f6a 4 bytes [D3, EA, FD, 7F]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3040] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffdead31f82 4 bytes [D3, EA, FD, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3792] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe057a169a 4 bytes [7A, 05, FE, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3792] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe057a16a2 4 bytes [7A, 05, FE, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3792] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe057a181a 4 bytes [7A, 05, FE, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3792] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe057a1832 4 bytes [7A, 05, FE, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4444] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe057a169a 4 bytes [7A, 05, FE, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4444] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe057a16a2 4 bytes [7A, 05, FE, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4444] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe057a181a 4 bytes [7A, 05, FE, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4444] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe057a1832 4 bytes [7A, 05, FE, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\svchost.exe [556:4248] 00007ffde75a2b48
Thread C:\WINDOWS\system32\svchost.exe [556:4256] 00007ffdfd37130c
Thread C:\WINDOWS\system32\svchost.exe [556:4260] 00007ffdfd37130c
Thread C:\WINDOWS\system32\svchost.exe [556:1396] 00007ffdfad35340
Thread C:\WINDOWS\system32\svchost.exe [556:5464] 00007ffe018338e0
Thread C:\WINDOWS\system32\svchost.exe [556:6796] 00007ffdf9ef11b0
Thread C:\WINDOWS\system32\svchost.exe [556:5764] 00007ffde18c1f3c
Thread C:\WINDOWS\system32\DllHost.exe [5576:5624] 00007ffdfb857bb0
Thread C:\WINDOWS\System32\vds.exe [1304:2096] 00007ffdf96857d4
Thread C:\WINDOWS\System32\vds.exe [1304:784] 00007ffdf964c994
Thread C:\WINDOWS\System32\vds.exe [1304:704] 00007ffdf964c654
Thread C:\WINDOWS\System32\vds.exe [1304:2400] 00007ffdf964c1f0
Thread C:\WINDOWS\System32\vds.exe [1304:684] 00007ffdf95ed8c0
Thread C:\WINDOWS\system32\csrss.exe [3692:1876] fffff960008264d0
---- Processes - GMER 2.1 ----
Library C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1368] 00000000000b0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\grdcore.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1368] 0000000074340000
Library c:\program files (x86)\avira\antivir desktop\cfglib.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1368] 0000000074300000
Library c:\program files (x86)\avira\antivir desktop\gpipc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1368] 00000000742c0000
Library c:\program files (x86)\avira\antivir desktop\gpgen.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1368] 0000000074280000
Library c:\program files (x86)\avira\antivir desktop\gpschd.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1368] 0000000074250000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avevtlog.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1368] 0000000074150000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\schedr.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1368] 0000000074140000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1368] 00000000740d0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 00000000008f0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\grdcore.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000074340000
Library c:\program files (x86)\avira\antivir desktop\cfglib.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000074300000
Library c:\program files (x86)\avira\antivir desktop\gpgen.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000074280000
Library c:\program files (x86)\avira\antivir desktop\gpgrd.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000073e20000
Library c:\program files (x86)\avira\antivir desktop\gpipc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 00000000742c0000
Library c:\program files (x86)\avira\antivir desktop\gpgui.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 00000000739f0000
Library c:\program files (x86)\avira\antivir desktop\gplegacy.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000073460000
Library c:\program files (x86)\avira\antivir desktop\gpgenrep.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000073450000
Library c:\program files (x86)\avira\antivir desktop\onlcfg.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000072c30000
Library c:\program files (x86)\avira\antivir desktop\avlode.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 00000000728b0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\libcurl.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000074a10000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\LIBEAY32.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000072630000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\SSLEAY32.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000071c60000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avwinll.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000071890000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aecore.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000071770000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aevdf.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000071400000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aescript.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000071280000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aescn.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 00000000722f0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aesbx.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000072040000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aerdl.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000071f90000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aepack.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000071ed0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aeoffice.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 00000000722b0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aeheur.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000070c60000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aehelp.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000072260000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aegen.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000071e60000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aeexp.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000071df0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aeemu.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000010000000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aebb.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000000db0000
Library c:\program files (x86)\avira\antivir desktop\apcfile.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000071da0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\libaprutil-1.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000071d60000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\libapr-1.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000071740000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\libapriconv-1.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000074c40000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avipc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000072940000
Library c:\program files (x86)\avira\antivir desktop\gpavgio.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 00000000714a0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avgio.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000071dd0000
Library c:\program files (x86)\avira\antivir desktop\avesvc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000071470000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avevtlog.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000074150000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\guardmsg.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000073e50000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 00000000740d0000
Library c:\program files (x86)\avira\antivir desktop\avreg.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000070bd0000
Library c:\program files (x86)\avira\antivir desktop\avesvcr.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000073e40000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\msgclient.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000070b90000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avpref.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1680] 0000000071d50000
Library C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (*** suspicious ***) @ C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [1736] 0000000000c20000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe [2716] 0000000140000000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [3132] 0000000001280000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\msgclient.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [3132] 0000000070b90000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avipc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [3132] 0000000072940000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\ccupdw.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [3132] 00000000706f0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [3132] 0000000070630000
Library c:\program files (x86)\avira\antivir desktop\cfglib.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [3132] 0000000074300000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avevtlog.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [3132] 0000000074150000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [3132] 00000000738a0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [3132] 00000000740d0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\AVSCANRC.DLL (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [3132] 000000005cf80000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 0000000000930000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 0000000070630000
Library c:\program files (x86)\avira\antivir desktop\cfglib.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 0000000074300000
Library c:\program files (x86)\avira\antivir desktop\ccguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 0000000071320000
Library c:\program files (x86)\avira\antivir desktop\ccgrdrc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 0000000071420000
Library c:\program files (x86)\avira\antivir desktop\ccgrdw.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 00000000702c0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\grdcore.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 0000000074340000
Library c:\program files (x86)\avira\antivir desktop\gpipc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 00000000742c0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avipc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 0000000072940000
Library c:\program files (x86)\avira\antivir desktop\ccwgrd.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 0000000070190000
Library c:\program files (x86)\avira\antivir desktop\ccwgrdrc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 0000000071300000
Library c:\program files (x86)\avira\antivir desktop\ccwgrdw.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 0000000070160000
Library c:\program files (x86)\avira\antivir desktop\ccfwmgt.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 0000000070120000
Library c:\program files (x86)\avira\antivir desktop\ccfwmgtrc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 0000000070560000
Library c:\program files (x86)\avira\antivir desktop\ccgen.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 0000000070040000
Library c:\program files (x86)\avira\antivir desktop\ccgenrc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 000000006f570000
Library c:\program files (x86)\avira\antivir desktop\ccupdate.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 000000006f530000
Library c:\program files (x86)\avira\antivir desktop\ccupdrc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 000000006f520000
Library c:\program files (x86)\avira\antivir desktop\cclic.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 000000006f500000
Library c:\program files (x86)\avira\antivir desktop\cclicrc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 000000006f4f0000
Library c:\program files (x86)\avira\antivir desktop\ccmsg.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 000000006eec0000
Library c:\program files (x86)\avira\antivir desktop\ccmsgrc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 000000006eeb0000
Library c:\program files (x86)\avira\antivir desktop\ccmainrc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 0000000070310000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\ccupdw.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1500] 00000000706f0000
Library C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (*** suspicious ***) @ C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2976] 0000000001370000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.01.07.03
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Oliver :: VAIO [Administrator]
07.01.2014 15:14:52
MBAM-log-2014-01-07 (15-24-46).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227348
Laufzeit: 9 Minute(n), 31 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 2
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Keine Aktion durchgeführt.
HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
Ich würde mich sehr freuen, wenn ihr mit bitte weiterhelfen könntet.
Viele Grüße
Cayman |
AdwCleaner auf deinen Desktop.
SecurityCheck und:
