| |
| |||||||
Log-Analyse und Auswertung: Avast blockiert Datei (windows\system32\svchost.exe)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.07.2013, 22:02
| #16 |
 |  Avast blockiert Datei (windows\system32\svchost.exe) Ich habe zwei Scans gemacht. Beim ersten hatte es 17 gefunden. Danach wurde beim Neustart ein Bluescreen angezeigt. Anschließend habe ich einen zweiten Scan durchgeführt (s. Daten) und da hat es keine gefunden. Seit dem Neustart bekomme ich auch keine Meldungen mehr von Avast. |
|
14.07.2013, 22:07
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avast blockiert Datei (windows\system32\svchost.exe) Wo ist das Log mit den Funden?!
__________________
__________________ |
|
14.07.2013, 22:11
| #18 |
| | Avast blockiert Datei (windows\system32\svchost.exe) In dem Ordner von mbar ist nur das eine Logfile das den Anforderungen entspricht.
__________________ |
|
14.07.2013, 22:22
| #19 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast blockiert Datei (windows\system32\svchost.exe) Es steht doch in der Anleitung wo das Log zu finden ist Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.07.2013, 18:29
| #20 |
| | Avast blockiert Datei (windows\system32\svchost.exe) Ich kann nichts hochladen, was ich nicht habe. Das Programm hat nur die eine Datei erstellt, die ich gepostet habe. Was soll ich nun machen? |
|
17.07.2013, 00:13
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast blockiert Datei (windows\system32\svchost.exe) Sry aber das ist Quatsch. Malwarebytes erstellt immer ein neues Log in diesem Ordner. Schau bitte richtig nach. Du wärst der erste, bei dem MBAR das Log gekillt hätte 
__________________ --> Avast blockiert Datei (windows\system32\svchost.exe) |
|
17.07.2013, 15:18
| #22 |
| | Avast blockiert Datei (windows\system32\svchost.exe) Ich will Dir ja nicht zu nahe treten und ich bin ja auch dankbar dafür, dass Du mir hilfst, aber erzähl mir doch bitte mal, wo diese Datei sein soll? Das ist der besagte Ordner und die markierte Datei ist bereits hier im Forum gepostet. Es gibt immer ein erstes Mal. Was weiß ich was da falsch gelaufen ist?!?!?!?! Die Anleitung habe ich gelesen und bin auch so vorgegangen wie beschrieben. Hat es ggf. etwas mit dem Bluescreen zu tun, der aufgetreten war?  |
|
17.07.2013, 15:29
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast blockiert Datei (windows\system32\svchost.exe) Sry aber automatisch wurde das Log noch nie gelöscht. Vermutlich hast du es versehentlich selbst gelöscht. Weißt du noch was in etwa gefunden wurde? Hast du nach dem ersten Scan den Ordner MBAR vllt gelöscht und dann das MBAR-Archiv neu entpackt? Anders kann ich mir as kaum erklären
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.07.2013, 15:40
| #24 |
| | Avast blockiert Datei (windows\system32\svchost.exe) Sorry, ich habe zwar keine Ahnung von diesen Programmen die hier verwendet werden und von Viren und dem sonstigen Zeugs auch nicht. Aber meinen Rechner kann ich schon noch bedienen, zumindest was das Ganze hier angeht. Ich habe strickt nach Anweisung gearbeitet und hier nichts gelöscht oder neu installiert oder sonst was gemacht, was mir nicht gesagt wurde. Bis auf den Bluescreen nach dem ersten Scan und Neustart lief alles wie angesagt. |
|
17.07.2013, 15:43
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast blockiert Datei (windows\system32\svchost.exe) Nagut...dann mach mal ein frisches Log mit GMER und FRST Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.07.2013, 16:23
| #26 |
| | Avast blockiert Datei (windows\system32\svchost.exe) GMER: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-17 17:15:33
Windows 6.2.9200 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9250320AS rev.0303 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\uwldapow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x9120E76E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x820F980E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x9120CC42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x820FACF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x9120E8EA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x820F9556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x820FB1C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x820FB066]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x820F945C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x820F94CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x820F92F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x820FAD16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x820F97A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x820F9742]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePortEx [0x820FC22A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePort [0x821008B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x820FB506]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x820FB7F8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9120E822]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x821060DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x820FE26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x82105EF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x82106036]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x820FDE78]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x82105EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x82106122]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x82105F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x82105F42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x820FB92C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x820FE98C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x820F96DC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x9120CC12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9120E6C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x820FE596]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x820F9676]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x820FAE9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x821060B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x820FA800]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x820FA5E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x82105ECE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x9120E992]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x82105E86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x821060FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x82105F64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x82105F18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x820FA0E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAlpcSendWaitReceivePort [0x820FC256]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9120E5FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x820F9610]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x91227E00]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwCallbackReturn + 16C 816FD4BC 12 Bytes [56, 95, 0F, 82, C8, B1, 0F, ...]
.text ntoskrnl.exe!ZwCallbackReturn + 3E4 816FD734 4 Bytes [22, E8, 20, 91]
.text ntoskrnl.exe!ZwCallbackReturn + 604 816FD954 12 Bytes [B8, 60, 10, 82, 00, A8, 0F, ...]
.text ntoskrnl.exe!ZwReplacePartitionUnit + 2673 81773135 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 66A 81777A1A 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntoskrnl.exe!SeOpenObjectAuditAlarmWithTransaction + 580 8185AA07 5 Bytes JMP 912267CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8194762E 5 Bytes JMP 91224C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 819DC0ED 7 Bytes JMP 91227E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.edata C:\WINDOWS\System32\DRIVERS\netbt.sys unknown last section [0x821CE000, 0x3B6B, 0xC8000040]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[428] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[448] kernel32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\wininit.exe[520] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[604] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[620] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[636] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 010703FC
.text C:\WINDOWS\system32\ctfmon.exe[636] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 010701F8
.text C:\WINDOWS\system32\ctfmon.exe[636] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[636] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 01090A08
.text C:\WINDOWS\system32\ctfmon.exe[636] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 01090804
.text C:\WINDOWS\system32\ctfmon.exe[636] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 010903FC
.text C:\WINDOWS\system32\ctfmon.exe[636] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 010901F8
.text C:\WINDOWS\system32\ctfmon.exe[636] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 01090600
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[800] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[832] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\PDF Architect\HelperService.exe[876] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[912] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1024] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\taskhostex.exe[1036] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 010303FC
.text C:\WINDOWS\system32\taskhostex.exe[1036] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 010301F8
.text C:\WINDOWS\system32\taskhostex.exe[1036] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\taskhostex.exe[1036] user32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 011E0A08
.text C:\WINDOWS\system32\taskhostex.exe[1036] user32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 011E0804
.text C:\WINDOWS\system32\taskhostex.exe[1036] user32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 011E03FC
.text C:\WINDOWS\system32\taskhostex.exe[1036] user32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 011E01F8
.text C:\WINDOWS\system32\taskhostex.exe[1036] user32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 011E0600
.text C:\WINDOWS\system32\svchost.exe[1084] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\System32\WinLogon.exe[1156] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 004803FC
.text C:\WINDOWS\System32\WinLogon.exe[1156] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 004801F8
.text C:\WINDOWS\System32\WinLogon.exe[1156] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\System32\WinLogon.exe[1156] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 004A0A08
.text C:\WINDOWS\System32\WinLogon.exe[1156] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 004A0804
.text C:\WINDOWS\System32\WinLogon.exe[1156] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 004A03FC
.text C:\WINDOWS\System32\WinLogon.exe[1156] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 004A01F8
.text C:\WINDOWS\System32\WinLogon.exe[1156] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 004A0600
.text C:\WINDOWS\system32\svchost.exe[1400] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe[1472] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Users\***\Desktop\gmer_2.1.19163.exe[1516] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 00CC03FC
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 00CC01F8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00CE0A08
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00CE0804
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 00CE03FC
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 00CE01F8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00CE0600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1604] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1712] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1824] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 002003FC
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1824] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 002001F8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1824] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00210A08
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1824] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00210804
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1824] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 002103FC
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1824] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 002101F8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1824] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00210600
.text C:\WINDOWS\System32\spoolsv.exe[1844] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1884] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00330A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00330804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 003303FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 003301F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00330600
.text C:\WINDOWS\system32\wwahost.exe[2476] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 009903FC
.text C:\WINDOWS\system32\wwahost.exe[2476] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 009901F8
.text C:\WINDOWS\system32\wwahost.exe[2476] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00A50A08
.text C:\WINDOWS\system32\wwahost.exe[2476] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00A50804
.text C:\WINDOWS\system32\wwahost.exe[2476] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 00A503FC
.text C:\WINDOWS\system32\wwahost.exe[2476] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 00A501F8
.text C:\WINDOWS\system32\wwahost.exe[2476] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00A50600
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2500] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 002003FC
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2500] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 002001F8
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2500] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2500] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00220A08
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2500] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00220804
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2500] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 002203FC
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2500] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 002201F8
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2500] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00220600
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2536] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 005C03FC
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2536] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 005C01F8
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2536] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2536] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 005E0A08
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2536] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 005E0804
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2536] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 005E03FC
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2536] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 005E01F8
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2536] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 005E0600
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[2608] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 001803FC
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[2608] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 001801F8
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[2608] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[2608] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 001A0A08
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[2608] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 001A0804
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[2608] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 001A03FC
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[2608] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 001A01F8
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[2608] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 001A0600
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.20\LightShot.exe[2616] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 004203FC
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.20\LightShot.exe[2616] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 004201F8
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.20\LightShot.exe[2616] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00440A08
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.20\LightShot.exe[2616] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00440804
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.20\LightShot.exe[2616] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 004403FC
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.20\LightShot.exe[2616] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 004401F8
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.20\LightShot.exe[2616] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00440600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3004] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 002003FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3004] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 002001F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3004] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3004] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00220A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3004] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00220804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3004] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 002203FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3004] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 002201F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3004] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00220600
.text C:\WINDOWS\system32\svchost.exe[3236] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 008403FC
.text C:\WINDOWS\system32\svchost.exe[3236] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 008401F8
.text C:\WINDOWS\system32\svchost.exe[3236] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3236] user32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00860A08
.text C:\WINDOWS\system32\svchost.exe[3236] user32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00860804
.text C:\WINDOWS\system32\svchost.exe[3236] user32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 008603FC
.text C:\WINDOWS\system32\svchost.exe[3236] user32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 008601F8
.text C:\WINDOWS\system32\svchost.exe[3236] user32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00860600
.text C:\WINDOWS\System32\dwm.exe[3344] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 008203FC
.text C:\WINDOWS\System32\dwm.exe[3344] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 008201F8
.text C:\WINDOWS\System32\dwm.exe[3344] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\System32\dwm.exe[3344] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00940A08
.text C:\WINDOWS\System32\dwm.exe[3344] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00940804
.text C:\WINDOWS\System32\dwm.exe[3344] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 009403FC
.text C:\WINDOWS\System32\dwm.exe[3344] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 009401F8
.text C:\WINDOWS\System32\dwm.exe[3344] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00940600
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[3744] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 015403FC
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[3744] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 015401F8
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[3744] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[3744] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 01570A08
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[3744] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 01570804
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[3744] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 015703FC
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[3744] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 015701F8
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[3744] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 01570600
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3900] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 011603FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3900] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 011601F8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3900] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 011B0A08
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3900] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 011B0804
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3900] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 011B03FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3900] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 011B01F8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3900] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 011B0600
.text C:\WINDOWS\system32\SearchIndexer.exe[4036] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 00A103FC
.text C:\WINDOWS\system32\SearchIndexer.exe[4036] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 00A101F8
.text C:\WINDOWS\system32\SearchIndexer.exe[4036] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00B40A08
.text C:\WINDOWS\system32\SearchIndexer.exe[4036] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00B40804
.text C:\WINDOWS\system32\SearchIndexer.exe[4036] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 00B403FC
.text C:\WINDOWS\system32\SearchIndexer.exe[4036] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 00B401F8
.text C:\WINDOWS\system32\SearchIndexer.exe[4036] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00B40600
.text C:\WINDOWS\Explorer.EXE[4664] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 00A603FC
.text C:\WINDOWS\Explorer.EXE[4664] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 00A601F8
.text C:\WINDOWS\Explorer.EXE[4664] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[4664] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00A90A08
.text C:\WINDOWS\Explorer.EXE[4664] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00A90804
.text C:\WINDOWS\Explorer.EXE[4664] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 00A903FC
.text C:\WINDOWS\Explorer.EXE[4664] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 00A901F8
.text C:\WINDOWS\Explorer.EXE[4664] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00A90600
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4692] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 010303FC
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4692] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 010301F8
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4692] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 011E0A08
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4692] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 011E0804
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4692] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 011E03FC
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4692] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 011E01F8
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4692] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 011E0600
.text C:\Windows\System32\RuntimeBroker.exe[4956] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 008403FC
.text C:\Windows\System32\RuntimeBroker.exe[4956] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 008401F8
.text C:\Windows\System32\RuntimeBroker.exe[4956] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Windows\System32\RuntimeBroker.exe[4956] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00860A08
.text C:\Windows\System32\RuntimeBroker.exe[4956] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00860804
.text C:\Windows\System32\RuntimeBroker.exe[4956] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 008603FC
.text C:\Windows\System32\RuntimeBroker.exe[4956] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 008601F8
.text C:\Windows\System32\RuntimeBroker.exe[4956] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00860600
.text C:\WINDOWS\system32\nvvsvc.exe[5080] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 00C603FC
.text C:\WINDOWS\system32\nvvsvc.exe[5080] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 00C601F8
.text C:\WINDOWS\system32\nvvsvc.exe[5080] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\nvvsvc.exe[5080] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00C80A08
.text C:\WINDOWS\system32\nvvsvc.exe[5080] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00C80804
.text C:\WINDOWS\system32\nvvsvc.exe[5080] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 00C803FC
.text C:\WINDOWS\system32\nvvsvc.exe[5080] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 00C801F8
.text C:\WINDOWS\system32\nvvsvc.exe[5080] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00C80600
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[5420] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 006E03FC
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[5420] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 006E01F8
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[5420] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[5420] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 007A0A08
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[5420] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 007A0804
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[5420] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 007A03FC
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[5420] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 007A01F8
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[5420] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 007A0600
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[5444] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 001503FC
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[5444] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 001501F8
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[5444] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00160A08
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[5444] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00160804
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[5444] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 001603FC
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[5444] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 001601F8
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[5444] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00160600
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[5644] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 007A03FC
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[5644] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 007A01F8
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[5644] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 007C0A08
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[5644] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 007C0804
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[5644] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 007C03FC
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[5644] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 007C01F8
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[5644] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 007C0600
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[5768] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 001803FC
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[5768] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 001801F8
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[5768] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[5768] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 001A0A08
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[5768] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 001A0804
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[5768] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 001A03FC
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[5768] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 001A01F8
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[5768] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 001A0600
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5780] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 002003FC
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5780] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 002001F8
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5780] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5780] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00220A08
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5780] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00220804
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5780] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 002203FC
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5780] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 002201F8
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5780] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00220600
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[5980] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 002003FC
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[5980] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 002001F8
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[5980] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[5980] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00320A08
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[5980] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00320804
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[5980] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 003203FC
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[5980] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 003201F8
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[5980] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00320600
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1949246788
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@UpdatesAvailableForDownloadLogon 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@OfflineDetectionPending 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache.v2\Legacy\7971f918-a847-4430-9279-4a52d1efe18d
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache.v2\Legacy\7971f918-a847-4430-9279-4a52d1efe18d@CurrentCacheFile C:\WINDOWS\SoftwareDistribution\EventCache.v2\{D4703C43-E18A-44BE-99AB-AD968635E6AF}.bin
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache.v2\Legacy\7971f918-a847-4430-9279-4a52d1efe18d@FlushCacheFiles
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{E2BC2B90-0F7E-11DE-A5D3-806E6F6E6963} 8445049232
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{E2BC2B91-0F7E-11DE-A5D3-806E6F6E6963} 87172712
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk1\DR1 unknown MBR code
---- EOF - GMER 2.1 ----
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013 02
Ran by *** (administrator) on 17-07-2013 17:20:07
Running from C:\Users\***\Desktop
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(SRS Labs, Inc.) C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe
(Acresso Software Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe
(Microsoft Corporation) C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Skillbrains) C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.20\LightShot.exe
(Microsoft Corporation) C:\WINDOWS\system32\wwahost.exe
==================== Registry (Whitelisted) ==================
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT
548768 2012-06-25] (SRS Labs, Inc.)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [LightShot] - C:\Users\***\AppData\Local\Skillbrains\lightshot\LightShot.exe [226592 2013-05-27] ()
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [SRSHDAudioLab] - C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe [5446056 2012-06-25] ()
HKCU\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [1597864 2013-02-14] (Valve Corporation)
HKCU\...\Run: [SkyDrive] - C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-07-03] (Microsoft Corporation)
HKCU\...\Run: [Exetender_148] - "C:\Program Files\FreeRide Games\GPlayer.exe" /schedule 300000 [x]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Winsock: Catalog5 04 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 18 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 19 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 20 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 21 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 22 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 23 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 24 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 25 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 26 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 27 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 28 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 29 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 30 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 31 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 32 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 33 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 34 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 35 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 36 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 37 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 38 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 39 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 40 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\90vhslw0.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt
========================== Services (Whitelisted) =================
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [106880 2012-09-11] (ASUSTek Computer Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
S2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 SRSHDAudioService; C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe [13232 2012-06-25] (SRS Labs, Inc.)
==================== Drivers (Whitelisted) ====================
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] ()
R3 athr; C:\Windows\system32\DRIVERS\athr.sys [2273280 2012-06-02] (Qualcomm Atheros Communications, Inc.)
R3 MTsensor; C:\Windows\System32\drivers\ATKACPI.sys [14392 2009-05-13] (ASUS)
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [254464 2012-07-26] ()
R3 SRS_AE_Service; C:\Windows\system32\drivers\SRS_AE_i386.sys [407368 2012-06-21] ()
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHDA.sys [x]
U3 uwldapow; \??\C:\Users\***\AppData\Local\Temp\uwldapow.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-17 17:19 - 2013-07-17 17:19 - 01218860 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-17 17:15 - 2013-07-17 17:15 - 00060243 _____ C:\Users\***\Desktop\gmer.log
2013-07-17 16:08 - 2013-07-17 16:08 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2013-07-17 16:08 - 2013-07-17 16:08 - 00000000 ____D C:\Users\***\AppData\Local\Skillbrains
2013-07-17 16:07 - 2013-07-17 16:07 - 02586280 _____ (Skillbrains ) C:\Users\***\Downloads\setup-lightshot.exe
2013-07-17 16:04 - 2013-07-17 16:04 - 00605800 _____ C:\Users\***\Downloads\lightshot-ie-1-3-0-15.exe
2013-07-17 15:54 - 2013-07-17 15:54 - 00393040 _____ (Softonic ) C:\Users\***\Downloads\SoftonicDownloader_fuer_lightshot.exe
2013-07-14 22:16 - 2013-07-14 22:16 - 00377856 _____ C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-14 21:51 - 2013-07-14 21:51 - 00164480 _____ C:\WINDOWS\Minidump\071413-36223-01.dmp
2013-07-14 21:20 - 2013-07-14 22:14 - 00000000 ____D C:\Users\***\Desktop\mbar
2013-07-14 20:58 - 2013-07-14 20:59 - 00020884 _____ C:\Users\***\Desktop\Addition.txt
2013-07-14 20:56 - 2013-07-14 20:56 - 00000000 ____D C:\FRST
2013-07-14 16:48 - 2013-07-14 16:48 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(2).exe
2013-07-14 15:07 - 2013-07-14 15:07 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-14 14:56 - 2013-07-14 14:56 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(1).exe
2013-07-14 14:54 - 2013-07-14 14:54 - 00115388 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-14 14:54 - 2013-07-14 14:54 - 00115112 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-14 14:46 - 2013-07-14 14:46 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-14 14:43 - 2013-07-14 14:45 - 00000474 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-14 14:43 - 2013-07-14 14:43 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-14 14:43 - 2013-07-14 14:43 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-14 14:33 - 2013-07-14 14:33 - 00540072 _____ (Neuber Software) C:\Users\***\Downloads\SvchostAnalyzer.exe
2013-07-14 13:57 - 2013-07-14 13:57 - 04054000 _____ (LionSea Software ) C:\Users\***\Downloads\setup.exe
2013-07-14 12:47 - 2013-07-14 12:47 - 00425072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-14 12:32 - 2013-07-14 12:32 - 00000000 ____D C:\Users\Public\Documents\wildtangent_de
2013-07-14 12:24 - 2013-07-14 12:24 - 00000000 ____D C:\ProgramData\FreeRide Games
2013-07-14 12:16 - 2013-07-14 12:16 - 15314304 _____ C:\Users\***\Downloads\PeggleSetup-en.exe
2013-07-14 11:43 - 2013-07-14 11:43 - 00605800 _____ C:\Users\***\Downloads\peggle-deluxe.exe
2013-07-14 11:15 - 2013-07-14 11:15 - 00369951 _____ (Freeware-Download) C:\Users\***\Downloads\get_Peggle_Deluxe.exe
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Users\***\AppData\Roaming\GetRightToGo
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Users\***\AppData\Local\Big Fish
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\BigFishCache
2013-07-14 11:08 - 2013-07-14 11:08 - 00235872 _____ (Big Fish Games) C:\Users\***\Downloads\peggle_s2_l2_gF1465T1L2_d2117874113.exe
2013-07-14 11:06 - 2013-07-14 11:06 - 00235872 _____ (Big Fish Games) C:\Users\***\Downloads\peggle_s2_l2_gF1465T1L2_d2117873080.exe
2013-07-12 09:48 - 2013-07-12 09:49 - 00000000 ____D C:\Program Files\PDFCreator
2013-07-12 09:48 - 2013-07-12 09:48 - 00000000 ____D C:\Users\***\AppData\Roaming\pdfforge
2013-07-12 09:48 - 2013-04-09 15:13 - 00095416 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2013-07-12 09:48 - 2012-05-05 11:54 - 00662288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCOMCT2.OCX
2013-07-12 09:48 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMAPI32.OCX
2013-07-12 09:48 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPIDE.DLL
2013-07-12 09:48 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB6DE.DLL
2013-07-12 09:48 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCMCDE.DLL
2013-07-12 09:48 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCC2DE.DLL
2013-07-12 09:46 - 2013-07-12 09:46 - 17502040 _____ (pdfforge GbR) C:\Users\***\Downloads\PDFCreator-1_7_0_setup.exe
2013-07-12 09:40 - 2013-07-12 09:40 - 00043823 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-07-11 16:18 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-07-11 16:18 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-07-11 16:18 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-07-11 16:18 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2013-07-11 16:17 - 2013-05-31 01:09 - 03389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-07-11 16:17 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2013-07-11 16:17 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2013-07-11 10:36 - 2013-07-11 10:36 - 00001535 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free YouTube to MP3 Converter.lnk
2013-07-10 11:12 - 2013-07-10 11:12 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-10 11:10 - 2013-07-10 11:10 - 01211048 _____ (DVDVideoSoft Ltd. ) C:\Users\***\Downloads\FreeYouTubeToMP3Converter.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-07-06 08:52 - 2013-07-06 08:52 - 00000000 ____D C:\Program Files\Java
2013-07-06 08:50 - 2013-07-06 08:50 - 31714216 _____ (Oracle Corporation) C:\Users\***\Downloads\jre-7u25-windows-i586.exe
2013-07-06 08:41 - 2013-07-06 08:41 - 00001024 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IKP - Information, Kommunikation und Planung (Herr Rüßmann).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00001018 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rechtssicheres Handeln - Umweltrecht (Herr Dr. Hedermann).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00000957 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betriebswirtschaftliches Handeln (Herr Ziemer).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00000937 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zusammenarbeit im Betrieb (Herr Hagendorf).lnk
2013-07-03 13:03 - 2013-07-03 13:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-28 11:19 - 2013-06-28 11:19 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2013-06-27 09:05 - 2013-06-28 11:19 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2013-06-27 09:05 - 2013-06-28 11:19 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
==================== One Month Modified Files and Folders =======
2013-07-17 17:19 - 2013-07-17 17:19 - 01218860 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-17 17:19 - 2012-12-09 12:43 - 00000000 ___RD C:\Users\***\Desktop
2013-07-17 17:15 - 2013-07-17 17:15 - 00060243 _____ C:\Users\***\Desktop\gmer.log
2013-07-17 17:10 - 2012-12-09 12:51 - 01350557 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-17 17:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-07-17 16:44 - 2012-12-11 18:52 - 00000392 _____ C:\WINDOWS\Tasks\update-sys.job
2013-07-17 16:28 - 2012-12-11 18:52 - 00000392 _____ C:\WINDOWS\Tasks\update-S-1-5-21-4171136491-575053196-1707953686-1000.job
2013-07-17 16:21 - 2012-12-26 15:18 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-17 16:08 - 2013-07-17 16:08 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2013-07-17 16:08 - 2013-07-17 16:08 - 00000000 ____D C:\Users\***\AppData\Local\Skillbrains
2013-07-17 16:08 - 2012-12-11 18:52 - 00000443 _____ C:\Users\***\AppData\Local\UserProducts.xml
2013-07-17 16:07 - 2013-07-17 16:07 - 02586280 _____ (Skillbrains ) C:\Users\***\Downloads\setup-lightshot.exe
2013-07-17 16:04 - 2013-07-17 16:04 - 00605800 _____ C:\Users\***\Downloads\lightshot-ie-1-3-0-15.exe
2013-07-17 15:54 - 2013-07-17 15:54 - 00393040 _____ (Softonic ) C:\Users\***\Downloads\SoftonicDownloader_fuer_lightshot.exe
2013-07-17 15:45 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-07-17 15:36 - 2013-02-06 15:51 - 00000000 ___RD C:\Users\***\SkyDrive
2013-07-16 21:05 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-16 21:04 - 2012-12-27 13:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-14 23:17 - 2012-12-09 12:43 - 00000000 ____D C:\Users\***
2013-07-14 22:16 - 2013-07-14 22:16 - 00377856 _____ C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-14 22:14 - 2013-07-14 21:20 - 00000000 ____D C:\Users\***\Desktop\mbar
2013-07-14 21:51 - 2013-07-14 21:51 - 00164480 _____ C:\WINDOWS\Minidump\071413-36223-01.dmp
2013-07-14 21:51 - 2012-12-19 15:57 - 00000000 ____D C:\WINDOWS\Minidump
2013-07-14 21:51 - 2012-12-19 15:56 - 548319931 _____ C:\WINDOWS\MEMORY.DMP
2013-07-14 21:51 - 2012-12-09 12:37 - 00026908 _____ C:\WINDOWS\PFRO.log
2013-07-14 21:50 - 2012-07-26 08:53 - 00000000 _SHDC C:\WINDOWS\$NtUninstallKB10095$
2013-07-14 21:50 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Help
2013-07-14 20:59 - 2013-07-14 20:58 - 00020884 _____ C:\Users\***\Desktop\Addition.txt
2013-07-14 20:56 - 2013-07-14 20:56 - 00000000 ____D C:\FRST
2013-07-14 16:48 - 2013-07-14 16:48 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(2).exe
2013-07-14 15:07 - 2013-07-14 15:07 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-14 14:56 - 2013-07-14 14:56 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(1).exe
2013-07-14 14:54 - 2013-07-14 14:54 - 00115388 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-14 14:54 - 2013-07-14 14:54 - 00115112 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-14 14:46 - 2013-07-14 14:46 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-14 14:45 - 2013-07-14 14:43 - 00000474 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-14 14:43 - 2013-07-14 14:43 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-14 14:43 - 2013-07-14 14:43 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-14 14:33 - 2013-07-14 14:33 - 00540072 _____ (Neuber Software) C:\Users\***\Downloads\SvchostAnalyzer.exe
2013-07-14 14:07 - 2012-07-26 08:53 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-14 13:57 - 2013-07-14 13:57 - 04054000 _____ (LionSea Software ) C:\Users\***\Downloads\setup.exe
2013-07-14 13:43 - 2012-07-26 06:17 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2013-07-14 12:47 - 2013-07-14 12:47 - 00425072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-14 12:32 - 2013-07-14 12:32 - 00000000 ____D C:\Users\Public\Documents\wildtangent_de
2013-07-14 12:24 - 2013-07-14 12:24 - 00000000 ____D C:\ProgramData\FreeRide Games
2013-07-14 12:24 - 2012-12-19 14:50 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-14 12:16 - 2013-07-14 12:16 - 15314304 _____ C:\Users\***\Downloads\PeggleSetup-en.exe
2013-07-14 11:43 - 2013-07-14 11:43 - 00605800 _____ C:\Users\***\Downloads\peggle-deluxe.exe
2013-07-14 11:15 - 2013-07-14 11:15 - 00369951 _____ (Freeware-Download) C:\Users\***\Downloads\get_Peggle_Deluxe.exe
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Users\***\AppData\Roaming\GetRightToGo
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Users\***\AppData\Local\Big Fish
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\BigFishCache
2013-07-14 11:08 - 2013-07-14 11:08 - 00235872 _____ (Big Fish Games) C:\Users\***\Downloads\peggle_s2_l2_gF1465T1L2_d2117874113.exe
2013-07-14 11:06 - 2013-07-14 11:06 - 00235872 _____ (Big Fish Games) C:\Users\***\Downloads\peggle_s2_l2_gF1465T1L2_d2117873080.exe
2013-07-14 08:59 - 2012-12-28 12:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 18:51 - 2012-07-26 10:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 17:27 - 2012-12-11 18:31 - 00000000 ____D C:\Users\***\AppData\Roaming\MediaMonkey
2013-07-12 16:28 - 2012-12-09 12:52 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-12 16:15 - 2013-01-18 12:11 - 00000000 ____D C:\Users\***\.gimp-2.8
2013-07-12 09:50 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2013-07-12 09:49 - 2013-07-12 09:48 - 00000000 ____D C:\Program Files\PDFCreator
2013-07-12 09:48 - 2013-07-12 09:48 - 00000000 ____D C:\Users\***\AppData\Roaming\pdfforge
2013-07-12 09:46 - 2013-07-12 09:46 - 17502040 _____ (pdfforge GbR) C:\Users\***\Downloads\PDFCreator-1_7_0_setup.exe
2013-07-12 09:40 - 2013-07-12 09:40 - 00043823 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-07-11 17:02 - 2012-12-10 19:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 16:57 - 2012-12-13 17:42 - 75699896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-07-11 16:08 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-07-11 10:36 - 2013-07-11 10:36 - 00001535 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free YouTube to MP3 Converter.lnk
2013-07-11 10:22 - 2012-12-12 18:47 - 00000000 ____D C:\Users\***\AppData\Local\Adobe
2013-07-10 11:14 - 2013-05-20 12:12 - 00000000 ____D C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
2013-07-10 11:12 - 2013-07-10 11:12 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-10 11:12 - 2012-12-11 18:55 - 00000000 ____D C:\Users\***\AppData\Roaming\DVDVideoSoft
2013-07-10 11:10 - 2013-07-10 11:10 - 01211048 _____ (DVDVideoSoft Ltd. ) C:\Users\***\Downloads\FreeYouTubeToMP3Converter.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-07-06 08:52 - 2013-07-06 08:52 - 00000000 ____D C:\Program Files\Java
2013-07-06 08:52 - 2012-12-21 15:46 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-07-06 08:52 - 2012-12-21 15:46 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-07-06 08:50 - 2013-07-06 08:50 - 31714216 _____ (Oracle Corporation) C:\Users\***\Downloads\jre-7u25-windows-i586.exe
2013-07-06 08:41 - 2013-07-06 08:41 - 00001024 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IKP - Information, Kommunikation und Planung (Herr Rüßmann).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00001018 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rechtssicheres Handeln - Umweltrecht (Herr Dr. Hedermann).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00000957 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betriebswirtschaftliches Handeln (Herr Ziemer).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00000937 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zusammenarbeit im Betrieb (Herr Hagendorf).lnk
2013-07-04 18:08 - 2012-12-11 19:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-03 13:03 - 2013-07-03 13:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 09:57 - 2013-02-06 15:51 - 00002251 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2013-07-01 17:04 - 2012-07-26 08:03 - 00080005 _____ C:\WINDOWS\setupact.log
2013-06-28 11:19 - 2013-06-28 11:19 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2013-06-28 11:19 - 2013-06-27 09:05 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2013-06-28 11:19 - 2013-06-27 09:05 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
2013-06-28 11:19 - 2013-03-19 19:39 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-06-28 11:19 - 2012-12-09 13:39 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-06-28 11:19 - 2012-12-09 13:39 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-06-28 00:04 - 2013-04-14 13:34 - 00693112 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-06-28 00:04 - 2013-04-14 13:34 - 00078200 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-11 10:35
==================== End Of Log ============================
ADDITION: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-07-2013
Ran by *** at 2013-07-14 20:58:00
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.0.0)
Adobe Bridge 1.0 (Version: 001.000.001)
Adobe Common File Installer (Version: 1.00.001)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Help Center 1.0 (Version: 1.0.1)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Adobe Stock Photos 1.0 (Version: 1.0.1)
ATK Package (Version: 1.0.0023)
avast! Free Antivirus (Version: 8.0.1489.0)
Catan - Städte und Ritter (Version: 1.229)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EPSON BX305 Plus Series Printer Uninstall
Epson Easy Photo Print 2 (Version: 2.3.2.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
EPSON Scan
Free YouTube to MP3 Converter version 3.12.5.628 (Version: 3.12.5.628)
GIMP 2.8.4 (Version: 2.8.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
lightshot-4.3.0.0 (Version: 4.3.0.0)
MediaMonkey 4.0 (Version: 4.0)
Microsoft Expression Design 4 (Version: 8.0.31217.1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 17.0.2011.0627)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
Netzwerkhandbuch EPSON BX305 Plus Series
NVIDIA 3D Vision Treiber 310.90 (Version: 310.90)
NVIDIA Grafiktreiber 310.90 (Version: 310.90)
NVIDIA Install Application (Version: 2.1002.95.599)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1090)
NVIDIA Systemsteuerung 310.90 (Version: 310.90)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Origin (Version: 9.1.3.2637)
PDF Architect (Version: 1.0.52.8917)
PDFCreator (Version: 1.7.0)
SRS Audio Essentials (Version: 1.02.0312)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 16.2.21.0)
System Power Shortcuts (Version: 1.1.1029)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
==================== Restore Points =========================
23-06-2013 13:01:54 Geplanter Prüfpunkt
03-07-2013 08:10:25 Geplanter Prüfpunkt
06-07-2013 06:51:08 Installed Java 7 Update 25
11-07-2013 14:52:48 Windows Update
==================== Hosts content: ==========================
2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0E78FEE0-C387-4530-AC36-4D46887FBFD5} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {0FB9F3EA-4F42-41A0-B8CE-06CDEF09B849} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {159DA30B-9B91-4267-A71F-5B7ACC15230D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {174644D4-4E5F-4B13-893F-DC718163E165} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {21EBABC3-315E-4262-91EA-833D48E9208B} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {307D6D3E-9D87-4CFD-B668-C60E8C86B0E3} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {30AFB382-B450-4F01-B005-A373C9538063} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {311C4CC9-7320-42AB-B437-C1D02EEB6587} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {342D8E10-501F-4B38-A4C0-F2DE193B46E9} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {363B18FF-B363-4665-B1C4-DD7823139C45} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation)
Task: {3799C698-B9E2-4D51-86FC-B9B20E8DEF91} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {3979CF68-CD08-46D3-A340-CB769AE09013} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {3B292858-FAAA-4B61-9C76-6902AEB7607B} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {3E787B0D-8405-40CD-BC79-5BF41DAB734D} - System32\Tasks\update-S-1-5-21-4171136491-575053196-1707953686-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-02-23] ()
Task: {3EC42D4C-09B0-49D9-A6A8-F2E1A94C0A74} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {4294B8A6-13BD-4733-8559-C8D558B6F597} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {44E19131-88E9-4238-9DCD-22306E438BB1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {4875C8FF-DF2A-4DBF-B93B-C18E351949B5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {4F2DA3E8-0B43-47C0-8811-45ECA435391F} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {545C008C-4471-44F8-AD15-96CB8BB2BB0C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {5986D1E8-C632-477C-8096-ECEBBDF07468} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-02-23] ()
Task: {5B88CA1D-EEEA-4BAC-9E36-D94BA7D5CC37} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {5CB273A4-513A-4D26-9064-1880BFE98AD1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {6495D7D8-52C0-4309-9097-247A7B9574CC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {67FF304D-1A11-4CB0-909A-A92DCFD95294} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {68070BBC-F2DE-4476-95C6-C2ED1ECE3D0F} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {6BB2238B-0B60-43CB-9FD7-30FC5D5758BA} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe No File
Task: {6CEE63A4-32D4-473A-9615-35287493A8D0} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4171136491-575053196-1707953686-1000
Task: {74748E76-21FC-465C-ABE1-5E465834A900} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {753C8596-7415-46D3-AF5E-9EEC299E7D90} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {7EBC5A66-ABD2-4B81-872F-BC7CA4AD5D55} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {8E694376-21AC-46FA-8E80-C453341417E4} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {973628F1-FAD0-487A-B3EC-A318007483E8} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {9C3ADA14-4FAF-445F-B971-A69F60A7C497} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {9D175E12-DB50-4682-9F62-F923B154AA57} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A014EC55-F9EB-479D-9F4C-ACBE30C9E949} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: {AAEB0B67-69E8-4F99-922A-28CB70F79E35} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {AFE9EACD-AC61-4642-A077-BB06D1147FC5} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {BB4910D3-79D9-461E-AC1B-915B8E8672A3} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BC858B0C-7D0F-436F-B08B-50D51DF74306} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {C25EB31A-6966-4BF5-BAAB-9107993D54BD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\WINDOWS\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {C465A656-3917-43C0-B40A-4EBBE8708BB9} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {C66B8D31-A32F-4AF7-800E-475B2C2BE27D} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {C7B00221-71A0-4FB5-84F5-F1A8A2CA1B2A} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {D1CDD09C-5F29-4A7F-8FB4-897B439CC9A9} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {E3F2C42C-4547-49CD-A14F-FDDA37794A75} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {E3FC5136-FFFE-42DA-BB1D-6C62CAEB4585} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {E60C98D3-B41B-482A-AC61-DD19EDF2841D} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {E6EF7532-3F7A-443F-8769-AED6CC439EC5} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {EF9592CE-7796-47A6-9CD5-8630640D45BB} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {F273F7E8-98FA-47D0-BFE3-8B71C8C3E9A8} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {F413C755-E3DC-4075-BB1E-AC60C1CA9AEA} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {F69E710E-D481-4685-9A82-C1B0C2369EB5} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {F6E06073-27B2-48BB-8FA1-AAA8B50066D0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {FB96BBB5-A5AD-4886-B14B-183EA8E08AD0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-11] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-4171136491-575053196-1707953686-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/14/2013 00:40:29 PM) (Source: Application on Demand - JQM2_ger) (User: )
Description: ALoggerFileCyclic: Failed to release mutex. Last error code: 288
Type:
ERROR
Location:
::(0) : error 0:
Computer:
Id: 0, Name:Null
Error: (07/14/2013 00:40:29 PM) (Source: Application on Demand - JQM2_ger) (User: )
Description: ALoggerFileCyclic: Failed to release mutex. Last error code: 288
Type:
ERROR
Location:
::(0) : error 0:
Computer:
Id: 0, Name:Null
Error: (07/14/2013 00:24:26 PM) (Source: Application on Demand - plugin-container) (User: )
Description: ALoggerFileCyclic: Failed to delete an old log file Last error code: 32
Type:
ERROR
Location:
::(0) : error 0:
Computer:
Id: 0, Name:Null
Error: (07/10/2013 08:44:54 AM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.
Error: (06/29/2013 08:07:09 AM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.
Error: (06/22/2013 08:04:14 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (06/14/2013 04:10:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: LABTOP)
Description: Die App „microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error: (06/14/2013 02:56:03 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (06/13/2013 02:35:17 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (06/12/2013 00:53:05 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
System errors:
=============
Error: (07/14/2013 08:59:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2147942405
Error: (07/14/2013 08:59:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%2147942405
Error: (07/14/2013 08:59:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2147942405
Error: (07/14/2013 08:59:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%2147942405
Error: (07/14/2013 08:47:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1062
Error: (07/14/2013 08:47:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2147942405
Error: (07/14/2013 08:47:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%2147942405
Error: (07/14/2013 08:35:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2147942405
Error: (07/14/2013 08:35:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%2147942405
Error: (07/14/2013 08:35:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2147942405
Microsoft Office Sessions:
=========================
Error: (07/14/2013 00:40:29 PM) (Source: Application on Demand - JQM2_ger)(User: )
Description: ALoggerFileCyclic: Failed to release mutex. Last error code: 288
Type:
ERROR
Location:
::(0) : error 0:
Computer:
Id: 0, Name:Null
Error: (07/14/2013 00:40:29 PM) (Source: Application on Demand - JQM2_ger)(User: )
Description: ALoggerFileCyclic: Failed to release mutex. Last error code: 288
Type:
ERROR
Location:
::(0) : error 0:
Computer:
Id: 0, Name:Null
Error: (07/14/2013 00:24:26 PM) (Source: Application on Demand - plugin-container)(User: )
Description: ALoggerFileCyclic: Failed to delete an old log file Last error code: 32
Type:
ERROR
Location:
::(0) : error 0:
Computer:
Id: 0, Name:Null
Error: (07/10/2013 08:44:54 AM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
Error: (06/29/2013 08:07:09 AM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
Error: (06/22/2013 08:04:14 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (06/14/2013 04:10:31 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: LABTOP)
Description: microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive
Error: (06/14/2013 02:56:03 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (06/13/2013 02:35:17 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (06/12/2013 00:53:05 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
==================== Memory info ===========================
Percentage of memory in use: 74%
Total physical RAM: 3071.33 MB
Available physical RAM: 786.73 MB
Total Pagefile: 6143.33 MB
Available Pagefile: 3486.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1839.45 MB
==================== Drives ================================
Drive c: (Windows 8) (Fixed) (Total:116.44 GB) (Free:67.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (***) (Fixed) (Total:104.73 GB) (Free:54.45 GB) NTFS
Drive e: () (Fixed) (Total:116.44 GB) (Free:69.39 GB) NTFS
Drive g: () (Fixed) (Total:116.44 GB) (Free:116.16 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: BBC58B91)
Partition 1: (Not Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=116 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 97646C29)
Partition 1: (Not Active) - (Size=12 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=105 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
18.07.2013, 00:56
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast blockiert Datei (windows\system32\svchost.exe) Ich möchte sichergehen aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.07.2013, 18:01
| #28 |
| | Avast blockiert Datei (windows\system32\svchost.exe) Ich weiß nicht woran es liegt, aber die Funktionalität auf meinem Rechner bricht nach und nach zusammen. Diverse Apps funktionieren nicht mehr und meine Internetverbindung zum Router bricht immer öfter zusammen. Da hier nichts mehr so ist, wie ich es gewohnt bin und bevor noch mehr passiert, habe ich mich entschlossen den Rechner neu aufzusetzen, da ich ihn auch dringend zum Arbeiten benötige und so nicht weiter komme. Meine Daten habe ich zwischenzeitlich auf diversen Clouds verteilt und zwischengespeichert. Was muss/kann ich tun, um den Rechner komplett wieder clean zu bekommen, außer dem normalen Standard? Die Daten, die ich von meinem Rechner sichern wollte habe ich gesichert (auf DVDs gebrannt) und die Dateien vor dem brennen mit Avast und Malwarebytes gescannt. Dateien, die infiziert waren habe ich erst gar nicht kopiert. Wie gehe ich jetzt am besten weiter vor? Kannst Du mir behilflich sein beim Aufsetzen meines Rechners? Ich weiß zwar grundsätzlich wie das geht, doch in diesem Fall wäre ich für Unterstützung seeeeeeeeeeeeehr dankbar. Soll ja auch was bringen  |
|
18.07.2013, 20:38
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast blockiert Datei (windows\system32\svchost.exe) Hm, wenn du unbedingt alles neu machen willst dann lies mal den Artikel zu Neuinstallation von Windows. Beachte auch das Handbuch zu deinem Computer
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.07.2013, 20:57
| #30 |
| | Avast blockiert Datei (windows\system32\svchost.exe) Habe mir die Anleitung zur Neuinstallation durchgelesen. Wie verhält es sich mit Windows 8? Ich hatte mal Vista auf dem Rechner und werde es nach der Anleitung installieren. Danach einfach Windows 8 drüber schreiben oder muss ich da auch noch was beachten? |
|
| Themen zu Avast blockiert Datei (windows\system32\svchost.exe) |
| avast, beendet, blockiert, datei, datenträger, diverse, fehlermeldung, gen, gmer, infizierte, internet, langsam, laptop, laufwerk, meldung, probleme, rechner, sekunden, spiele, spielen, svchost.exe, system, system32, unregelmäßige, verbindung, windows |
Linear-Darstellung
