| slayerized92 | 13.09.2014 15:29 |
Hi,
hab gedacht dass wenn nicht alles in einen Post geht ich es anhängen soll. Sorry für das Mißverständnis.
Hier die logs 1. Teil Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Philip at 2014-09-12 21:08:25
Running from C:\Users\Philip\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AnyProtect (HKLM\...\AnyProtect) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{DD649DA2-BBD9-4247-85DD-E04F7C1E8552}) (Version: 1.48.0 - Kovid Goyal)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.29 - Dropbox, Inc.)
EPSON BX620FWD Series Printer Uninstall (HKLM\...\EPSON BX620FWD Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.29.02 - JMicron Technology Corp.)
Launch Manager (HKLM\...\LManager) (Version: 3.0.07 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.1.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.1.0 (x86 de)) (Version: 31.1.0 - Mozilla)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Skype™ 6.7 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Sweet Page (HKLM\...\sweet-page uninstaller) (Version: - sweet-page) <==== ATTENTION
Transcribe! 7.05 (HKLM\...\Transcribe!_is1) (Version: 7.05 - Seventh String Software)
UseNeXT by Tangysoft (HKLM\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4226238308-3715390832-3613772639-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4226238308-3715390832-3613772639-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4226238308-3715390832-3613772639-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4226238308-3715390832-3613772639-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4226238308-3715390832-3613772639-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4226238308-3715390832-3613772639-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4226238308-3715390832-3613772639-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4226238308-3715390832-3613772639-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4226238308-3715390832-3613772639-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
20-08-2014 09:35:33 Windows Update
21-08-2014 21:03:58 Installed calibre
30-08-2014 09:10:35 Windows Update
31-08-2014 17:08:02 Windows Update
01-09-2014 19:36:10 Windows Update
06-09-2014 07:17:19 Windows Update
06-09-2014 08:04:42 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2014-08-03 19:40 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1ECD2D98-335A-440A-A326-64CBD74B35C8} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {2655F762-A0F7-4F38-9B50-5DCD4251EFFA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {34D1B738-8771-4B25-9191-5CFAE0A5D1CA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {54FF06C6-E6AC-4BCC-8837-CE9CFBF843BF} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {A6612EC5-7BD7-49CD-96A7-50187EF8349C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D74FD37A-372C-425F-8211-FEE72FB1F3EE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {F7D5183D-B7B1-47B5-AF12-B5EA4F6645A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-09-08 00:21 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Philip\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-12 20:07 - 2014-09-12 20:07 - 00043008 _____ () c:\users\philip\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqe4o6n.dll
2014-09-08 00:20 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Philip\AppData\Roaming\Dropbox\bin\libcef.dll
2014-08-04 21:14 - 2014-08-04 21:14 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-08-03 22:29 - 2014-03-18 12:40 - 04327936 _____ () C:\Program Files\UseNeXT\UseNeXT.exe
2013-08-03 22:29 - 2014-03-06 10:24 - 00041472 _____ () C:\Program Files\UseNeXT\Par2Calc.dll
2013-08-03 22:29 - 2014-03-06 10:18 - 00160768 _____ () C:\Program Files\UseNeXT\unrar.dll
2014-07-09 13:17 - 2014-07-09 13:17 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
2014-09-12 21:04 - 2014-09-12 21:04 - 00050477 _____ () C:\Users\Philip\Downloads\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Philip\Downloads\7z920.exe:BDU
AlternateDataStreams: C:\Users\Philip\Downloads\epson327066eu.exe:BDU
AlternateDataStreams: C:\Users\Philip\Downloads\Firefox Setup Stub 29.0.exe:BDU
AlternateDataStreams: C:\Users\Philip\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe:BDU
AlternateDataStreams: C:\Users\Philip\Downloads\install_flashplayer14x32au_mssa_aaa_aih.exe:BDU
AlternateDataStreams: C:\Users\Philip\Downloads\jxpiinstall.exe:BDU
AlternateDataStreams: C:\Users\Philip\Downloads\mbam-setup-2.0.2.1012.exe:BDU
AlternateDataStreams: C:\Users\Philip\Downloads\vlc-2.0.8-win32.exe:BDU
AlternateDataStreams: C:\Users\Philip\Downloads\Windows7-USB-DVD1024-tool.exe:BDU
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/12/2014 11:01:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5601
Error: (09/12/2014 11:01:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5601
Error: (09/12/2014 11:01:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/07/2014 08:49:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5350
Error: (09/07/2014 08:49:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5350
Error: (09/07/2014 08:49:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/07/2014 08:49:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4321
Error: (09/07/2014 08:49:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4321
Error: (09/07/2014 08:49:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/07/2014 08:49:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3198
System errors:
=============
Error: (09/12/2014 08:51:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.
Error: (09/11/2014 10:20:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Error: (08/22/2014 11:19:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.
Error: (08/21/2014 10:26:02 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 21.08.2014 um 11:01:26 unerwartet heruntergefahren.
Error: (08/20/2014 07:03:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}
Error: (08/20/2014 07:03:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Error: (08/20/2014 06:43:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (08/20/2014 06:43:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C332C124-340D-4430-AA0D-C75602876FCC}
Error: (08/20/2014 00:22:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
Error: (08/20/2014 00:22:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
Error: (09/12/2014 11:01:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5601
Error: (09/12/2014 11:01:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5601
Error: (09/12/2014 11:01:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/07/2014 08:49:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5350
Error: (09/07/2014 08:49:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5350
Error: (09/07/2014 08:49:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/07/2014 08:49:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4321
Error: (09/07/2014 08:49:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4321
Error: (09/07/2014 08:49:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/07/2014 08:49:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3198
CodeIntegrity Errors:
===================================
Date: 2013-08-05 13:22:14.834
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00198_002\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-05 13:04:36.548
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00198_002\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-05 12:54:27.310
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00198_002\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-05 12:40:25.676
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00198_002\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-05 12:24:29.186
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00198_002\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-03 23:34:18.526
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00198_002\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-03 23:22:06.640
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\avc3_000_001\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-03 23:13:38.480
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\avc3_000_001\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-03 23:04:49.601
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\avc3_000_001\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 44%
Total physical RAM: 2972.93 MB
Available physical RAM: 1643.39 MB
Total Pagefile: 5944.15 MB
Available Pagefile: 4317.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:149.9 GB) (Free:106.66 GB) NTFS
Drive d: (Daten) (Fixed) (Total:315.76 GB) (Free:90.9 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5D64B986)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=315.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Philip (administrator) on PHILIP-PC on 12-09-2014 21:06:54
Running from C:\Users\Philip\Downloads
Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGBU.EXE
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Spotify Ltd) C:\Users\Philip\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dropbox, Inc.) C:\Users\Philip\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\UseNeXT\UseNeXT.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
() C:\Users\Philip\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1136648 2009-09-04] (Dritek System Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-08-05] (Microsoft Corporation)
HKU\S-1-5-21-4226238308-3715390832-3613772639-1001\...\Run: [Epson Stylus Office BX620FWD(Netzwerk)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBU.EXE [201216 2013-08-05] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4226238308-3715390832-3613772639-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-4226238308-3715390832-3613772639-1001\...\Run: [Spotify Web Helper] => C:\Users\Philip\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-11] (Spotify Ltd)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
Startup: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x34720E207A90CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: 127.0.0.1 validation.sls.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\5ydzpxmx.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\5ydzpxmx.default\Extensions\abs@avira.com [2014-09-08]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-08-17] (Disc Soft Ltd)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-08-15] (Avira GmbH)
S1 DritekPortIO; \??\C:\Program Files\Launch Manager\DPortIO.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-12 21:06 - 2014-09-12 21:07 - 00010272 _____ () C:\Users\Philip\Downloads\FRST.txt
2014-09-12 21:06 - 2014-09-12 21:07 - 00000000 ____D () C:\FRST
2014-09-12 21:06 - 2014-09-12 21:06 - 01097728 _____ (Farbar) C:\Users\Philip\Downloads\FRST.exe
2014-09-12 21:05 - 2014-09-12 21:05 - 00000544 _____ () C:\Users\Philip\Downloads\defogger_disable.log
2014-09-12 21:05 - 2014-09-12 21:05 - 00000156 _____ () C:\Users\Philip\defogger_reenable
2014-09-12 21:04 - 2014-09-12 21:04 - 00050477 _____ () C:\Users\Philip\Downloads\Defogger.exe
2014-09-08 09:48 - 2014-09-08 09:48 - 01057472 _____ (Adobe) C:\Users\Philip\Downloads\install_flashplayer14x32au_mssd_aaa_aih(1).exe
2014-09-08 00:26 - 2014-09-08 00:26 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Avira
2014-09-08 00:25 - 2014-09-08 00:22 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-08 00:24 - 2014-09-12 20:09 - 00000000 ___RD () C:\Users\Philip\Dropbox
2014-09-08 00:24 - 2014-09-08 00:24 - 00001041 _____ () C:\Users\Philip\Desktop\Dropbox.lnk
2014-09-08 00:20 - 2014-09-08 00:20 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-08 00:20 - 2014-08-15 10:30 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-09-08 00:19 - 2014-08-15 10:30 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-08 00:19 - 2014-08-15 10:30 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-08 00:19 - 2014-08-15 10:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-08 00:17 - 2014-09-12 20:09 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Dropbox
2014-09-08 00:17 - 2014-09-08 00:17 - 00323696 _____ (Dropbox, Inc.) C:\Users\Philip\Downloads\DropboxInstaller.exe
2014-09-08 00:14 - 2014-09-08 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-08 00:14 - 2014-09-08 00:19 - 00000000 ____D () C:\ProgramData\Avira
2014-09-08 00:14 - 2014-09-08 00:19 - 00000000 ____D () C:\Program Files\Avira
2014-09-08 00:14 - 2014-09-08 00:14 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-08 00:14 - 2014-09-08 00:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-08 00:07 - 2014-09-08 00:07 - 04755688 _____ (Avira Operations GmbH & Co. KG) C:\Users\Philip\Downloads\avira_de_av___ws.exe
2014-09-08 00:05 - 2014-09-08 00:05 - 02209056 _____ () C:\Users\Philip\Downloads\avira-eu-cleaner_de.exe
2014-09-08 00:05 - 2014-09-08 00:05 - 00002033 _____ () C:\Users\Philip\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-09-08 00:05 - 2014-09-08 00:05 - 00001977 _____ () C:\Users\Philip\Desktop\Avira EU-Cleaner.lnk
2014-09-07 07:29 - 2014-09-07 20:12 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-06 09:17 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-05 10:49 - 2014-09-09 07:00 - 00015633 ____H () C:\Users\Philip\Desktop\~WRL0665.tmp
2014-09-01 21:44 - 2014-09-01 21:44 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dublinbet
2014-09-01 21:36 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-01 21:36 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-01 21:33 - 2014-09-01 21:33 - 01058200 _____ (Adobe) C:\Users\Philip\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-09-01 21:31 - 2014-09-01 21:31 - 00000000 ____D () C:\Windows\system32\Lang
2014-09-01 21:31 - 2009-09-02 11:18 - 00398848 _____ (Intel(R) Corporation) C:\Windows\system32\TVWizudlg.exe
2014-09-01 21:31 - 2009-09-02 11:18 - 00140288 _____ () C:\Windows\system32\igfxtvcx.dll
2014-09-01 21:31 - 2009-09-02 11:16 - 00121232 _____ () C:\Windows\system32\IScrNB.bmp
2014-08-31 19:10 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-08-31 19:10 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-08-31 19:10 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-08-31 19:09 - 2014-08-31 19:09 - 00000000 ____D () C:\Windows\system32\x64
2014-08-31 19:09 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-31 19:09 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-31 19:09 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-31 19:09 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-31 19:09 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-31 19:09 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-31 19:09 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-31 19:09 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-31 19:09 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-31 19:09 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-31 19:09 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-31 19:09 - 2009-09-02 18:56 - 01002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe
2014-08-31 19:07 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-31 19:07 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-31 19:07 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-31 19:07 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-08-21 23:32 - 2014-08-21 23:32 - 00000000 ____D () C:\Users\Philip\AppData\Local\Adobe
2014-08-21 23:06 - 2014-08-21 23:06 - 00000000 ____D () C:\Users\Philip\AppData\Local\calibre-cache
2014-08-21 23:05 - 2014-08-22 01:15 - 00000000 ____D () C:\Users\Philip\Documents\Calibre-Bibliothek
2014-08-21 23:05 - 2014-08-21 23:06 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\calibre
2014-08-21 23:04 - 2014-08-21 23:04 - 00000930 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-08-21 23:04 - 2014-08-21 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-08-21 23:04 - 2014-08-21 23:04 - 00000000 ____D () C:\Program Files\Calibre2
2014-08-21 22:56 - 2014-08-21 22:56 - 01101648 _____ () C:\Users\Philip\Downloads\Calibre 32 Bit - CHIP-Installer.exe
2014-08-18 22:01 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-18 22:01 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-18 22:01 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-18 22:01 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-18 22:01 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-18 22:01 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-18 22:01 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-18 22:01 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-18 22:01 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-17 18:06 - 2014-08-17 18:07 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-17 18:06 - 2014-08-17 18:06 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\pdfforge
2014-08-17 18:06 - 2014-08-17 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-17 18:06 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCT2.OCX
2014-08-17 18:06 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\system32\MSMAPI32.OCX
2014-08-17 18:06 - 2014-04-25 17:44 - 00095416 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-08-17 18:06 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\MSMPIDE.DLL
2014-08-17 18:06 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\system32\VB6DE.DLL
2014-08-17 18:06 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\MSCMCDE.DLL
2014-08-17 18:06 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\MSCC2DE.DLL
2014-08-17 18:04 - 2014-08-17 18:05 - 27843432 _____ (pdfforge ) C:\Users\Philip\Downloads\PDFCreator-1_7_3_setup.exe
2014-08-17 16:18 - 2014-08-17 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-08-17 16:18 - 2014-08-17 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-17 16:17 - 2014-08-17 16:17 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-17 16:17 - 2014-08-17 16:17 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-08-17 16:17 - 2014-08-17 16:17 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-08-17 16:17 - 2014-08-17 16:17 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-08-17 16:17 - 2014-08-17 16:17 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-17 16:16 - 2014-08-17 16:16 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-08-17 16:15 - 2014-08-17 16:15 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-08-17 16:13 - 2014-08-17 16:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-17 16:13 - 2014-08-17 16:17 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-17 16:13 - 2014-08-17 16:13 - 00000000 __RHD () C:\MSOCache
2014-08-17 16:13 - 2014-08-17 16:13 - 00000000 ____D () C:\Users\Philip\AppData\Local\Microsoft Help
2014-08-17 16:06 - 2014-08-17 16:09 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\DAEMON Tools Lite
2014-08-17 16:06 - 2014-08-17 16:06 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-08-17 16:06 - 2014-08-17 16:06 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2014-08-17 16:05 - 2014-08-17 16:09 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-08-17 15:55 - 2014-08-17 15:55 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Thunderbird
2014-08-17 15:55 - 2014-08-17 15:55 - 00000000 ____D () C:\Users\Philip\AppData\Local\Thunderbird
2014-08-17 15:54 - 2014-08-17 15:54 - 00002048 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-08-17 15:54 - 2014-08-17 15:54 - 00002036 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-08-17 15:52 - 2014-08-17 15:52 - 26310952 _____ (Mozilla) C:\Users\Philip\Downloads\Thunderbird Setup 31.0.exe
2014-08-13 22:24 - 2014-08-13 22:24 - 00000709 _____ () C:\Users\Philip\Desktop\Imre.txt
2014-08-13 11:45 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 11:45 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 11:45 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 11:45 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 11:40 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 11:40 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 11:40 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 11:40 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 11:40 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 11:40 - 2014-07-25 15:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 11:40 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 11:40 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 11:40 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 11:40 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 11:40 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 11:40 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 11:40 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 11:40 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 11:40 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 11:40 - 2014-07-25 14:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 11:40 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 11:40 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 11:40 - 2014-07-25 13:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 11:40 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 11:40 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 11:40 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 11:40 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 11:40 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 11:40 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 11:40 - 2014-07-25 13:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 11:40 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 11:40 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 11:40 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 11:40 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 11:40 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 11:40 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 11:40 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 11:40 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 11:40 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 11:40 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 11:40 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-13 11:40 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 11:40 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 11:40 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 11:40 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 11:40 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 11:38 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 11:38 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 11:38 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 11:38 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 11:38 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 11:38 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale.nls
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-12 21:07 - 2014-09-12 21:06 - 00010272 _____ () C:\Users\Philip\Downloads\FRST.txt
2014-09-12 21:07 - 2014-09-12 21:06 - 00000000 ____D () C:\FRST
2014-09-12 21:06 - 2014-09-12 21:06 - 01097728 _____ (Farbar) C:\Users\Philip\Downloads\FRST.exe
2014-09-12 21:05 - 2014-09-12 21:05 - 00000544 _____ () C:\Users\Philip\Downloads\defogger_disable.log
2014-09-12 21:05 - 2014-09-12 21:05 - 00000156 _____ () C:\Users\Philip\defogger_reenable
2014-09-12 21:05 - 2013-08-03 20:47 - 00000000 ____D () C:\Users\Philip
2014-09-12 21:04 - 2014-09-12 21:04 - 00050477 _____ () C:\Users\Philip\Downloads\Defogger.exe
2014-09-12 21:04 - 2014-05-06 12:48 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\UseNeXT
2014-09-12 20:53 - 2013-08-03 20:47 - 01942143 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 20:44 - 2013-08-07 17:53 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\vlc
2014-09-12 20:19 - 2009-07-14 06:34 - 00018256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 20:19 - 2009-07-14 06:34 - 00018256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 20:17 - 2014-05-06 15:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-12 20:09 - 2014-09-08 00:24 - 00000000 ___RD () C:\Users\Philip\Dropbox
2014-09-12 20:09 - 2014-09-08 00:17 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Dropbox
2014-09-12 20:06 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 20:06 - 2009-07-14 06:39 - 00042526 _____ () C:\Windows\setupact.log
2014-09-12 09:59 - 2013-08-05 13:24 - 00248164 _____ () C:\Windows\PFRO.log
2014-09-12 08:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\SchCache
2014-09-11 17:14 - 2014-05-30 18:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 17:10 - 2010-06-08 20:59 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 10:04 - 2014-08-05 16:23 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Spotify
2014-09-11 09:09 - 2014-08-05 16:24 - 00000000 ____D () C:\Users\Philip\AppData\Local\Spotify
2014-09-09 07:00 - 2014-09-05 10:49 - 00015633 ____H () C:\Users\Philip\Desktop\~WRL0665.tmp
2014-09-08 09:48 - 2014-09-08 09:48 - 01057472 _____ (Adobe) C:\Users\Philip\Downloads\install_flashplayer14x32au_mssd_aaa_aih(1).exe
2014-09-08 09:45 - 2013-08-03 20:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-08 00:26 - 2014-09-08 00:26 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Avira
2014-09-08 00:24 - 2014-09-08 00:24 - 00001041 _____ () C:\Users\Philip\Desktop\Dropbox.lnk
2014-09-08 00:22 - 2014-09-08 00:25 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-08 00:21 - 2014-09-08 00:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-08 00:20 - 2014-09-08 00:20 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-08 00:19 - 2014-09-08 00:14 - 00000000 ____D () C:\ProgramData\Avira
2014-09-08 00:19 - 2014-09-08 00:14 - 00000000 ____D () C:\Program Files\Avira
2014-09-08 00:17 - 2014-09-08 00:17 - 00323696 _____ (Dropbox, Inc.) C:\Users\Philip\Downloads\DropboxInstaller.exe
2014-09-08 00:14 - 2014-09-08 00:14 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-08 00:14 - 2014-09-08 00:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-08 00:07 - 2014-09-08 00:07 - 04755688 _____ (Avira Operations GmbH & Co. KG) C:\Users\Philip\Downloads\avira_de_av___ws.exe
2014-09-08 00:05 - 2014-09-08 00:05 - 02209056 _____ () C:\Users\Philip\Downloads\avira-eu-cleaner_de.exe
2014-09-08 00:05 - 2014-09-08 00:05 - 00002033 _____ () C:\Users\Philip\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-09-08 00:05 - 2014-09-08 00:05 - 00001977 _____ () C:\Users\Philip\Desktop\Avira EU-Cleaner.lnk
2014-09-07 20:12 - 2014-09-07 07:29 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-07 08:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-06 10:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-01 21:44 - 2014-09-01 21:44 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dublinbet
2014-09-01 21:44 - 2013-08-08 12:55 - 00002107 _____ () C:\Users\Philip\Desktop\dublinbet.lnk
2014-09-01 21:44 - 2013-08-08 12:55 - 00000000 ____D () C:\ProgramData\VueTec
2014-09-01 21:33 - 2014-09-01 21:33 - 01058200 _____ (Adobe) C:\Users\Philip\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-09-01 21:31 - 2014-09-01 21:31 - 00000000 ____D () C:\Windows\system32\Lang
2014-09-01 21:31 - 2013-08-03 20:52 - 00000000 ____D () C:\Program Files\Intel
2014-09-01 21:30 - 2009-07-14 06:33 - 00409104 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-01 21:30 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-31 22:13 - 2009-07-14 11:03 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-08-31 19:09 - 2014-08-31 19:09 - 00000000 ____D () C:\Windows\system32\x64
2014-08-23 03:46 - 2014-08-31 19:07 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-31 19:07 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 01:15 - 2014-08-21 23:05 - 00000000 ____D () C:\Users\Philip\Documents\Calibre-Bibliothek
2014-08-21 23:32 - 2014-08-21 23:32 - 00000000 ____D () C:\Users\Philip\AppData\Local\Adobe
2014-08-21 23:06 - 2014-08-21 23:06 - 00000000 ____D () C:\Users\Philip\AppData\Local\calibre-cache
2014-08-21 23:06 - 2014-08-21 23:05 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\calibre
2014-08-21 23:04 - 2014-08-21 23:04 - 00000930 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-08-21 23:04 - 2014-08-21 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-08-21 23:04 - 2014-08-21 23:04 - 00000000 ____D () C:\Program Files\Calibre2
2014-08-21 22:56 - 2014-08-21 22:56 - 01101648 _____ () C:\Users\Philip\Downloads\Calibre 32 Bit - CHIP-Installer.exe
2014-08-18 23:19 - 2013-08-03 21:07 - 00109672 _____ () C:\Users\Philip\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-17 18:07 - 2014-08-17 18:06 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-17 18:06 - 2014-08-17 18:06 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\pdfforge
2014-08-17 18:06 - 2014-08-17 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-17 18:05 - 2014-08-17 18:04 - 27843432 _____ (pdfforge ) C:\Users\Philip\Downloads\PDFCreator-1_7_3_setup.exe
2014-08-17 17:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-17 16:27 - 2014-08-17 16:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-17 16:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-08-17 16:27 - 2009-07-14 04:04 - 00000580 _____ () C:\Windows\win.ini
2014-08-17 16:18 - 2014-08-17 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-08-17 16:18 - 2014-08-17 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-17 16:18 - 2009-07-14 11:15 - 00000000 ____D () C:\Windows\ShellNew
2014-08-17 16:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-17 16:17 - 2014-08-17 16:17 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-17 16:17 - 2014-08-17 16:17 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-08-17 16:17 - 2014-08-17 16:17 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-08-17 16:17 - 2014-08-17 16:17 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-08-17 16:17 - 2014-08-17 16:17 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-17 16:17 - 2014-08-17 16:13 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-17 16:17 - 2013-08-03 23:52 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-08-17 16:17 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-08-17 16:16 - 2014-08-17 16:16 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-08-17 16:15 - 2014-08-17 16:15 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-08-17 16:13 - 2014-08-17 16:13 - 00000000 __RHD () C:\MSOCache
2014-08-17 16:13 - 2014-08-17 16:13 - 00000000 ____D () C:\Users\Philip\AppData\Local\Microsoft Help
2014-08-17 16:09 - 2014-08-17 16:06 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\DAEMON Tools Lite
2014-08-17 16:09 - 2014-08-17 16:05 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-08-17 16:06 - 2014-08-17 16:06 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-08-17 16:06 - 2014-08-17 16:06 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2014-08-17 15:55 - 2014-08-17 15:55 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Thunderbird
2014-08-17 15:55 - 2014-08-17 15:55 - 00000000 ____D () C:\Users\Philip\AppData\Local\Thunderbird
2014-08-17 15:54 - 2014-08-17 15:54 - 00002048 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-08-17 15:54 - 2014-08-17 15:54 - 00002036 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-08-17 15:52 - 2014-08-17 15:52 - 26310952 _____ (Mozilla) C:\Users\Philip\Downloads\Thunderbird Setup 31.0.exe
2014-08-15 10:30 - 2014-09-08 00:20 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-08-15 10:30 - 2014-09-08 00:19 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-15 10:30 - 2014-09-08 00:19 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-15 10:30 - 2014-09-08 00:19 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-13 22:24 - 2014-08-13 22:24 - 00000709 _____ () C:\Users\Philip\Desktop\Imre.txt
2014-08-13 19:13 - 2013-08-03 20:47 - 00000000 ____D () C:\Users\Philip\AppData\Local\VirtualStore
2014-08-13 18:35 - 2014-06-05 09:28 - 00000000 ____D () C:\Users\Philip\.tfo4
2014-08-13 14:57 - 2014-05-06 17:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 12:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-13 11:53 - 2013-08-07 17:53 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-13 11:53 - 2013-08-07 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-13 11:51 - 2013-08-19 21:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 11:49 - 2010-06-08 21:04 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Philip\AppData\Local\Temp\avgnt.exe
C:\Users\Philip\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqe4o6n.dll
C:\Users\Philip\AppData\Local\Temp\FileSystemView.dll
C:\Users\Philip\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Philip\AppData\Local\Temp\install_reader11_de_mssd_aaa_aih.exe
C:\Users\Philip\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Philip\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Philip\AppData\Local\Temp\kmsemul.exe
C:\Users\Philip\AppData\Local\Temp\MouseKeyboardCenterx86_1031.exe
C:\Users\Philip\AppData\Local\Temp\ose00000.exe
C:\Users\Philip\AppData\Local\Temp\vlc-2.1.5-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-07 08:49
==================== End Of Log ============================
--- --- --- Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-12 21:27:35
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM500JI rev.2AC101C4 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Philip\AppData\Local\Temp\pxdiapod.sys
---- System - GMER 2.1 ----
SSDT 93A53B2E ZwCreateSection
SSDT 93A53B38 ZwRequestWaitReplyPort
SSDT 93A53B33 ZwSetContextThread
SSDT 93A53B3D ZwSetSecurityObject
SSDT 93A53B42 ZwSystemDebugControl
SSDT 93A53ACF ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C3EA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C78212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C7F58C 4 Bytes [2E, 3B, A5, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82C7F8E8 4 Bytes [38, 3B, A5, 93] {CMP [EBX], BH; MOVSD ; XCHG EBX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82C7F92C 4 Bytes [33, 3B, A5, 93] {XOR EDI, [EBX]; MOVSD ; XCHG EBX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82C7F9A8 4 Bytes [3D, 3B, A5, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82C7F9FC 4 Bytes [42, 3B, A5, 93]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[3596] ntdll.dll!NtCreateFile 77275608 5 Bytes JMP 581B3D20 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3596] ntdll.dll!NtFlushBuffersFile 77275998 5 Bytes JMP 5819C661 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3596] ntdll.dll!NtQueryFullAttributesFile 77276028 5 Bytes JMP 581B3820 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3596] ntdll.dll!NtReadFile 772762F8 5 Bytes JMP 5819C750 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3596] ntdll.dll!NtReadFileScatter 77276308 5 Bytes JMP 58A3E1FF C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3596] ntdll.dll!NtWriteFile 77276AA8 5 Bytes JMP 581B43D0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3596] ntdll.dll!NtWriteFileGather 77276AB8 5 Bytes JMP 58A3E1AE C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3596] ntdll.dll!LdrLoadDll 772922AE 5 Bytes JMP 60B21F4C C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3596] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 76E794E6 7 Bytes JMP 589DF55F C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3596] kernel32.dll!QueryPerformanceCounter + 13 76E7C4E5 7 Bytes JMP 589DF582 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3596] kernel32.dll!LoadAppInitDlls + 355 76E7F5A6 7 Bytes JMP 581B06F3 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3596] USER32.dll!GetWindowInfo 76B04B5E 5 Bytes JMP 588EE5A9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3596] GDI32.dll!GetViewportOrgEx + 26C 76D4884B 1 Byte [E9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3596] GDI32.dll!GetViewportOrgEx + 26C 76D4884B 7 Bytes JMP 589DF4E0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4672] USER32.dll!GetWindowInfo 76B04B5E 5 Bytes JMP 5840825D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4672] USER32.dll!ToUnicodeEx + 71 76B12223 7 Bytes JMP 58401BFA C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtCreateFile + 6 7727560E 4 Bytes [28, B8, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtCreateFile + B 77275613 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtCreateKey + 6 7727564E 4 Bytes [68, B9, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtCreateKey + B 77275653 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtCreateMutant + 6 7727568E 4 Bytes [68, BA, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtCreateMutant + B 77275693 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtCreateSection + 6 7727572E 4 Bytes [A8, BA, 24, 00] {TEST AL, 0xba; AND AL, 0x0}
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtCreateSection + B 77275733 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtMapViewOfSection + B 77275C73 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenFile + 6 77275D1E 4 Bytes [68, B8, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenFile + B 77275D23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenKey + 6 77275D4E 4 Bytes [A8, B9, 24, 00] {TEST AL, 0xb9; AND AL, 0x0}
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenKey + B 77275D53 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenKeyEx + B 77275D63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenMutant + 6 77275D9E 4 Bytes [28, BA, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenMutant + B 77275DA3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenProcess + 6 77275DCE 4 Bytes [68, BB, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenProcess + B 77275DD3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenProcessToken + 6 77275DDE 4 Bytes [A8, BB, 24, 00] {TEST AL, 0xbb; AND AL, 0x0}
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenProcessToken + B 77275DE3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenProcessTokenEx + 6 77275DEE 4 Bytes [68, BC, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenProcessTokenEx + B 77275DF3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenSection + B 77275E13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenThread + 6 77275E4E 4 Bytes [28, BB, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenThread + B 77275E53 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenThreadToken + 6 77275E5E 4 Bytes [28, BC, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenThreadToken + B 77275E63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenThreadTokenEx + 6 77275E6E 4 Bytes [A8, BC, 24, 00] {TEST AL, 0xbc; AND AL, 0x0}
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtOpenThreadTokenEx + B 77275E73 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtQueryAttributesFile + 6 77275F7E 4 Bytes [A8, B8, 24, 00] {TEST AL, 0xb8; AND AL, 0x0}
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtQueryAttributesFile + B 77275F83 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtQueryFullAttributesFile + B 77276033 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtSetInformationFile + 6 7727667E 4 Bytes [28, B9, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtSetInformationFile + B 77276683 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtSetInformationThread + B 772766E3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtUnmapViewOfSection + 6 772769FE 4 Bytes [28, BD, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ntdll.dll!NtUnmapViewOfSection + B 77276A03 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] kernel32.dll!CreateProcessW 76E3204D 5 Bytes JMP 00250030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] kernel32.dll!CreateProcessA 76E32082 5 Bytes JMP 00250070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!ActivateKeyboardLayout 76AF8203 5 Bytes JMP 002904F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!ScreenToClient 76AFA506 7 Bytes JMP 00290670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!RegisterClipboardFormatA 76AFC091 5 Bytes JMP 002902F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!RegisterClipboardFormatW 76AFDF8D 5 Bytes JMP 002902B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!SetCursor 76B03075 5 Bytes JMP 00290530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!MonitorFromWindow 76B03622 3 Bytes JMP 00290630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!MonitorFromWindow + 4 76B03626 3 Bytes [89, CC, CC] {MOV ESP, ECX; INT 3 }
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!PostMessageW 76B0447B 5 Bytes JMP 002905F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!IsWindowVisible 76B04D69 7 Bytes JMP 002906B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!GetClientRect 76B054DD 7 Bytes JMP 002905B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!MapWindowPoints 76B05CAA 5 Bytes JMP 00290570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!GetParent 76B06029 7 Bytes JMP 002906F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!EmptyClipboard 76B1290C 5 Bytes JMP 00290130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!SetClipboardData 76B12962 5 Bytes JMP 00290170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!GetClipboardData 76B12BA7 5 Bytes JMP 00290030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!GetClipboardFormatNameW 76B15FD2 5 Bytes JMP 00290230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!SetClipboardViewer 76B16FF6 5 Bytes JMP 002904B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!GetClipboardFormatNameA 76B1700A 5 Bytes JMP 00290270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!ChangeClipboardChain 76B2147C 5 Bytes JMP 00290430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!GetTopWindow 76B224D9 7 Bytes JMP 00290730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!CloseClipboard 76B2446C 5 Bytes JMP 002900B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!OpenClipboard 76B2447E 5 Bytes JMP 00290070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!IsClipboardFormatAvailable 76B244FF 5 Bytes JMP 002900F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!GetClipboardSequenceNumber 76B24513 5 Bytes JMP 00290330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!GetClipboardOwner 76B24525 5 Bytes JMP 00290370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!CountClipboardFormats 76B2470A 5 Bytes JMP 002901F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!EnumClipboardFormats 76B247EC 5 Bytes JMP 002901B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!GetOpenClipboardWindow 76B2480B 5 Bytes JMP 002903F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!SetCursorPos 76B3C1B0 5 Bytes JMP 00290770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!GetClipboardViewer 76B54AF7 5 Bytes JMP 00290470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] user32.DLL!GetPriorityClipboardFormat 76B54BF9 5 Bytes JMP 002903B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!DeleteObject 76D45F14 5 Bytes JMP 002A01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!SelectObject 76D46640 5 Bytes JMP 002A05F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!SetTextColor 76D46906 5 Bytes JMP 002A0A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!SetBkMode 76D469B1 5 Bytes JMP 002A08F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!DeleteDC 76D46EAA 5 Bytes JMP 002A0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!GetDeviceCaps 76D46F7F 5 Bytes JMP 002A03B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!ExtSelectClipRgn 76D47114 5 Bytes JMP 002A02F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!SelectClipRgn 76D47242 5 Bytes JMP 002A05B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!SetStretchBltMode 76D47705 5 Bytes JMP 002A06B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!GetCurrentObject 76D47917 5 Bytes JMP 002A0370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!GetTextMetricsW 76D47B8F 5 Bytes JMP 002A0E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!GetTextAlign 76D47DAF 5 Bytes JMP 002A0D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!IntersectClipRect 76D47DFE 5 Bytes JMP 002A03F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!ExtTextOutW 76D48192 5 Bytes JMP 002A0970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!SetTextAlign 76D4828E 5 Bytes JMP 002A09F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!GetClipBox 76D48525 5 Bytes JMP 002A0330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!MoveToEx 76D48C21 5 Bytes JMP 002A0470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!StretchDIBits 76D4A53E 5 Bytes JMP 002A0770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!RestoreDC 76D4A67B 5 Bytes JMP 002A0530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!SaveDC 76D4A74B 5 Bytes JMP 002A0570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!GetTextExtentPoint32W 76D4B4B5 5 Bytes JMP 002A0670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!GetTextFaceW 76D4B73A 2 Bytes JMP 002A0D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!GetTextFaceW + 3 76D4B73D 2 Bytes [55, 89]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!GetFontData 76D4BCC4 5 Bytes JMP 002A0C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!SetWorldTransform 76D4C90A 5 Bytes JMP 002A06F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!CreateDCA 76D4CCA9 5 Bytes JMP 002A00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!CreateDCW 76D4CF79 5 Bytes JMP 002A00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!CreateICW 76D4CFD0 5 Bytes JMP 002A0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!GetTextMetricsA 76D4D0F2 5 Bytes JMP 002A0DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!Rectangle 76D4F1E7 5 Bytes JMP 002A09B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!LineTo 76D4F583 5 Bytes JMP 002A0430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!SetICMMode 76D4FA8C 5 Bytes JMP 002A0DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!ExtTextOutA 76D50D08 5 Bytes JMP 002A0930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!GetTextExtentPoint32A 76D51167 5 Bytes JMP 002A0630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!ExtEscape 76D52D31 5 Bytes JMP 002A02B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!Escape 76D533E8 5 Bytes JMP 002A0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!ResetDCW 76D53A83 5 Bytes JMP 002A0AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!EndPage 76D540C2 5 Bytes JMP 002A0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!SetPolyFillMode 76D567C9 5 Bytes JMP 002A0B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!SetMiterLimit 76D56985 5 Bytes JMP 002A0B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!GetTextFaceA 76D60D12 5 Bytes JMP 002A0CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!GetGlyphOutlineW 76D6C32A 5 Bytes JMP 002A0CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!CreateScalableFontResourceW 76D6E987 5 Bytes JMP 002A0BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!AddFontResourceW 76D6ED83 5 Bytes JMP 002A0BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!RemoveFontResourceW 76D6F279 5 Bytes JMP 002A0C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!AbortDoc 76D74E79 5 Bytes JMP 002A0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!EndDoc 76D752C0 5 Bytes JMP 002A01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!StartPage 76D753AB 5 Bytes JMP 002A0730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!StartDocW 76D75DC6 5 Bytes JMP 002A07F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!BeginPath 76D7656D 5 Bytes JMP 002A0830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!SelectClipPath 76D765C4 5 Bytes JMP 002A0AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!CloseFigure 76D7661F 5 Bytes JMP 002A0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!EndPath 76D76676 5 Bytes JMP 002A0A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!StrokePath 76D768A9 5 Bytes JMP 002A07B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!FillPath 76D76936 5 Bytes JMP 002A0870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!PolylineTo 76D76DA4 5 Bytes JMP 002A04F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!PolyBezierTo 76D76E35 5 Bytes JMP 002A04B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] GDI32.dll!PolyDraw 76D76EE7 5 Bytes JMP 002A08B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ole32.dll!OleSetClipboard 76F70045 5 Bytes JMP 002C0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ole32.dll!OleIsCurrentClipboard 76F736B2 5 Bytes JMP 002C0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5176] ole32.dll!OleGetClipboard 76F9FDCD 5 Bytes JMP 002C00B0
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269de0901
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{506B9694-FC7F-46F3-A370-07ACBDD07792}@LeaseObtainedTime 1410549416
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{506B9694-FC7F-46F3-A370-07ACBDD07792}@T1 1410549446
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{506B9694-FC7F-46F3-A370-07ACBDD07792}@T2 1410549468
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{506B9694-FC7F-46F3-A370-07ACBDD07792}@LeaseTerminatesTime 1410549476
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269de0901 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{4E7D0D60-FC58-11E2-9B79-806E6F6E6963} 713628392
---- EOF - GMER 2.1 ----
|
So funktioniert es:
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
