| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Komische Probleme IIIWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.08.2013, 00:14
| #1 |
 |  Komische Probleme III Hallo Leute ... ich habe mal wieder ein Problem. Seit kurzem möche mein Firefox ständig einen Neustart wenn ich ihn öffnen möchte um Updates zu installieren. Die ersten male habe ich mir nichts dabei gedacht aber langsam nervt es. Außerdem befinden sich auf meiner Festplatte C einige Ordner doppelt, wie zum Beispiel "Programme" (der ist zweimal da und auf einen kann ich nicht zugreifen obwohl ich Admin bin) oder einmal in englischer Version "Documents and Setting" und einmal in deutscher "Dokumente und Einstellungen" (auch keine Zugriffsrechte, bei beiden, wie beim zweiten Programme Ordner). Dann gibt es noch einen vierten Ordner der den Zugriff verweigert, mit der Bezeichnung "$RECYCLE.BIN". Wenn ich als Admin keine Zugriffsrechte habe, wer dann? Ich habe avast!Free Antivirus immer laufen und auf dem neuesten Stand und mache hin und wieder mal einen Anti-Malware-Scann mit Malwarebytes ... war immer alles unauffällig und ohne Meldung. Hier die Logs der Scanns von heute: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.24.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Ismir Uebel :: ISMIRUEBEL-PC [Administrator] 26.08.2013 00:35:55 mbam-log-2013-08-26 (00-35-55).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 267943 Laufzeit: 2 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:47 on 26/08/2013 (Ismir Uebel)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2013 02
Ran by Ismir Uebel (administrator) on 26-08-2013 00:48:07
Running from C:\Users\Ismir Uebel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
==================== Registry (Whitelisted) ==================
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\system: [LogonHoursAction] 2
MountPoints2: {de962ca5-77b2-11e2-92be-806e6f6e6963} - D:\Autorun.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKU\täglicher Gebrauch\...\Policies\system: [LogonHoursAction] 2
HKU\täglicher Gebrauch\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK-Konfigurationstool.lnk
ShortcutTarget: TP-LINK-Konfigurationstool.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-30] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation )
R3 trustms; C:\Windows\System32\drivers\trustms.sys [12416 2010-11-15] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-26 00:47 - 2013-08-26 00:47 - 00000000 _____ C:\Users\Ismir Uebel\defogger_reenable
2013-08-26 00:34 - 2013-08-26 00:34 - 00377856 _____ C:\Users\Ismir Uebel\Desktop\gmer_2.1.19163.exe
2013-08-26 00:33 - 2013-08-26 00:34 - 01576630 _____ (Farbar) C:\Users\Ismir Uebel\Desktop\FRST64.exe
2013-08-26 00:33 - 2013-08-26 00:33 - 00050477 _____ C:\Users\Ismir Uebel\Desktop\Defogger.exe
2013-08-25 14:40 - 2013-08-25 15:28 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Data
2013-08-24 08:37 - 2013-08-26 00:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-23 14:48 - 2013-08-23 15:48 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Zero Hour Data
2013-08-23 14:14 - 2013-08-23 14:14 - 00014064 _____ C:\Users\Ismir Uebel\Desktop\Dienstplan September.odt
2013-08-23 13:30 - 2013-08-23 13:30 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\OpenOffice
2013-08-22 10:48 - 2013-08-22 11:42 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Neuer Ordner
2013-08-21 16:53 - 2013-08-21 16:53 - 03272136 _____ (Secunia) C:\Users\Ismir Uebel\Downloads\PSISetup711.exe
2013-08-21 12:09 - 2013-08-21 12:09 - 00009869 _____ C:\Users\ISMIRU~1\AppData\Local\recently-used.xbel
2013-08-18 16:24 - 2013-08-18 16:24 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-18 13:16 - 2013-08-18 13:16 - 00003262 _____ C:\Windows\System32\Tasks\{D0C60491-CDE1-4122-94E4-5116A5D060B4}
2013-08-18 12:59 - 2013-08-18 12:59 - 00001252 _____ C:\Users\Public\Desktop\Command & Conquer.lnk
2013-08-18 12:48 - 2013-08-18 12:48 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-08-18 11:15 - 2013-08-24 08:22 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-08-18 11:14 - 2013-08-18 11:15 - 04817275 _____ (Tim Kosse) C:\Users\Ismir Uebel\Downloads\FileZilla_3.7.2_win32-setup.exe
2013-08-18 11:13 - 2013-08-18 11:13 - 01620836 _____ (FileZilla Project) C:\Users\Ismir Uebel\Downloads\FileZilla_Server-0_9_41.exe
2013-08-15 09:47 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 09:47 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 09:47 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 09:47 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 09:47 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 09:47 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 09:47 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 09:47 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 09:47 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 09:47 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 09:47 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 09:47 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 08:43 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 08:43 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 08:43 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 08:43 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 08:43 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 08:43 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 08:43 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 08:43 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 08:42 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 08:42 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 08:42 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 08:42 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 08:42 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 08:42 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 08:42 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 08:42 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 08:42 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 08:42 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 08:42 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 08:42 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 08:42 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 08:42 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 08:42 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 08:42 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 08:42 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 08:42 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 08:42 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-09 20:06 - 2013-08-09 20:07 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\messer
2013-08-06 17:06 - 2013-08-06 17:22 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist Fotos
2013-08-06 17:04 - 2013-08-06 17:06 - 200804141 _____ C:\Users\Ismir Uebel\Downloads\Resist.zip
2013-08-06 14:48 - 2013-08-06 14:56 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist To Exist Shirts
2013-08-01 10:55 - 2013-08-01 10:55 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-08-01 10:54 - 2013-08-01 10:54 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-01 09:38 - 2013-08-01 09:39 - 162401424 _____ C:\Users\Ismir Uebel\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-07-30 16:33 - 2013-07-30 16:33 - 00000000 ____D C:\ProgramData\EA Core
2013-07-30 16:32 - 2013-07-30 16:32 - 00000000 ____D C:\Users\Ismir Uebel\Documents\MeinSpore-Kreationen
2013-07-30 16:31 - 2013-07-30 16:39 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\SPORE
2013-07-30 16:31 - 2013-07-30 16:31 - 00000000 __RHD C:\Users\Ismir Uebel\AppData\Roaming\SecuROM
2013-07-30 16:31 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-07-30 16:31 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-07-30 16:30 - 2013-08-18 12:59 - 00018681 _____ C:\Windows\DirectX.log
2013-07-30 16:15 - 2013-07-30 16:15 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-07-30 16:14 - 2013-07-31 19:04 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Origin
2013-07-30 16:14 - 2013-07-30 16:15 - 00000000 ____D C:\Users\ISMIRU~1\AppData\Local\Origin
2013-07-30 16:12 - 2013-08-18 12:00 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-30 16:12 - 2013-07-30 16:15 - 00000000 ____D C:\ProgramData\Origin
2013-07-30 16:12 - 2013-07-30 16:12 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-07-30 16:12 - 2013-07-30 16:12 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-07-30 16:11 - 2013-07-30 16:11 - 16949128 _____ (Electronic Arts, Inc.) C:\Users\Ismir Uebel\Downloads\OriginThinSetup.exe
2013-07-29 11:44 - 2013-07-29 11:48 - 50742119 _____ C:\Users\Ismir Uebel\Downloads\Knochenfabrik - Ameisenstaat (1999).rar
==================== One Month Modified Files and Folders =======
2013-08-26 00:47 - 2013-08-26 00:47 - 00000484 _____ C:\Users\Ismir Uebel\Desktop\defogger_disable.log
2013-08-26 00:47 - 2013-08-26 00:47 - 00000000 _____ C:\Users\Ismir Uebel\defogger_reenable
2013-08-26 00:47 - 2013-06-05 23:18 - 00000000 ____D C:\Users\Ismir Uebel
2013-08-26 00:44 - 2013-08-24 08:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-26 00:41 - 2013-02-27 22:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-26 00:37 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-26 00:37 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-26 00:34 - 2013-08-26 00:34 - 00377856 _____ C:\Users\Ismir Uebel\Desktop\gmer_2.1.19163.exe
2013-08-26 00:34 - 2013-08-26 00:33 - 01576630 _____ (Farbar) C:\Users\Ismir Uebel\Desktop\FRST64.exe
2013-08-26 00:33 - 2013-08-26 00:33 - 00050477 _____ C:\Users\Ismir Uebel\Desktop\Defogger.exe
2013-08-26 00:33 - 2013-06-05 23:16 - 01184744 _____ C:\Windows\WindowsUpdate.log
2013-08-26 00:31 - 2013-05-29 12:16 - 00001075 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-26 00:31 - 2013-05-29 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-26 00:29 - 2013-06-05 23:16 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-26 00:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-26 00:29 - 2009-07-14 06:51 - 01063534 _____ C:\Windows\setupact.log
2013-08-26 00:20 - 2013-04-18 06:32 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-08-26 00:19 - 2013-02-16 02:26 - 00058764 _____ C:\Windows\PFRO.log
2013-08-25 15:28 - 2013-08-25 14:40 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Data
2013-08-24 08:22 - 2013-08-18 11:15 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-08-23 15:48 - 2013-08-23 14:48 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Zero Hour Data
2013-08-23 14:14 - 2013-08-23 14:14 - 00014064 _____ C:\Users\Ismir Uebel\Desktop\Dienstplan September.odt
2013-08-23 13:30 - 2013-08-23 13:30 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\OpenOffice
2013-08-22 12:31 - 2013-02-16 18:17 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Filme - intern
2013-08-22 11:42 - 2013-08-22 10:48 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Neuer Ordner
2013-08-22 10:29 - 2013-06-06 09:36 - 00071944 _____ C:\Users\ISMIRU~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-21 16:53 - 2013-08-21 16:53 - 03272136 _____ (Secunia) C:\Users\Ismir Uebel\Downloads\PSISetup711.exe
2013-08-21 13:06 - 2009-07-14 19:58 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-08-21 13:06 - 2009-07-14 19:58 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-08-21 13:06 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-21 12:17 - 2013-07-24 16:00 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\patches
2013-08-21 12:15 - 2013-04-01 12:55 - 00000000 ____D C:\Users\Ismir Uebel\.gimp-2.8
2013-08-21 12:09 - 2013-08-21 12:09 - 00009869 _____ C:\Users\ISMIRU~1\AppData\Local\recently-used.xbel
2013-08-19 22:42 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-18 19:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 16:28 - 2009-07-14 06:45 - 00315552 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-18 16:24 - 2013-08-18 16:24 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-18 13:16 - 2013-08-18 13:16 - 00003262 _____ C:\Windows\System32\Tasks\{D0C60491-CDE1-4122-94E4-5116A5D060B4}
2013-08-18 13:15 - 2013-02-15 23:14 - 00000000 ____D C:\Users\ISMIRU~1\AppData\Local\VirtualStore
2013-08-18 12:59 - 2013-08-18 12:59 - 00001252 _____ C:\Users\Public\Desktop\Command & Conquer.lnk
2013-08-18 12:59 - 2013-07-30 16:30 - 00018681 _____ C:\Windows\DirectX.log
2013-08-18 12:48 - 2013-08-18 12:48 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-08-18 12:48 - 2013-07-10 18:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-18 12:00 - 2013-07-30 16:12 - 00000000 ____D C:\Program Files (x86)\Origin
2013-08-18 11:15 - 2013-08-18 11:14 - 04817275 _____ (Tim Kosse) C:\Users\Ismir Uebel\Downloads\FileZilla_3.7.2_win32-setup.exe
2013-08-18 11:15 - 2013-02-17 13:10 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\FileZilla
2013-08-18 11:13 - 2013-08-18 11:13 - 01620836 _____ (FileZilla Project) C:\Users\Ismir Uebel\Downloads\FileZilla_Server-0_9_41.exe
2013-08-15 09:43 - 2013-07-22 11:52 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 09:42 - 2013-06-06 09:59 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 12:49 - 2013-02-16 03:54 - 00000000 ____D C:\World of Warcraft
2013-08-12 18:42 - 2013-04-29 06:19 - 00001949 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-08-12 18:42 - 2013-04-29 06:19 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-08-09 20:07 - 2013-08-09 20:06 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\messer
2013-08-06 17:22 - 2013-08-06 17:06 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist Fotos
2013-08-06 17:06 - 2013-08-06 17:04 - 200804141 _____ C:\Users\Ismir Uebel\Downloads\Resist.zip
2013-08-06 14:57 - 2013-02-16 03:58 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Ismir
2013-08-06 14:56 - 2013-08-06 14:48 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist To Exist Shirts
2013-08-01 10:55 - 2013-08-01 10:55 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-08-01 10:54 - 2013-08-01 10:54 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-01 10:54 - 2013-02-16 03:34 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-08-01 10:51 - 2013-03-10 12:12 - 00011776 ___SH C:\Users\Ismir Uebel\Thumbs.db
2013-08-01 09:39 - 2013-08-01 09:38 - 162401424 _____ C:\Users\Ismir Uebel\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-07-31 19:04 - 2013-07-30 16:14 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Origin
2013-07-30 16:39 - 2013-07-30 16:31 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\SPORE
2013-07-30 16:33 - 2013-07-30 16:33 - 00000000 ____D C:\ProgramData\EA Core
2013-07-30 16:32 - 2013-07-30 16:32 - 00000000 ____D C:\Users\Ismir Uebel\Documents\MeinSpore-Kreationen
2013-07-30 16:31 - 2013-07-30 16:31 - 00000000 __RHD C:\Users\Ismir Uebel\AppData\Roaming\SecuROM
2013-07-30 16:15 - 2013-07-30 16:15 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-07-30 16:15 - 2013-07-30 16:14 - 00000000 ____D C:\Users\ISMIRU~1\AppData\Local\Origin
2013-07-30 16:15 - 2013-07-30 16:12 - 00000000 ____D C:\ProgramData\Origin
2013-07-30 16:12 - 2013-07-30 16:12 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-07-30 16:12 - 2013-07-30 16:12 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-07-30 16:11 - 2013-07-30 16:11 - 16949128 _____ (Electronic Arts, Inc.) C:\Users\Ismir Uebel\Downloads\OriginThinSetup.exe
2013-07-29 11:48 - 2013-07-29 11:44 - 50742119 _____ C:\Users\Ismir Uebel\Downloads\Knochenfabrik - Ameisenstaat (1999).rar
Files to move or delete:
====================
C:\Users\ISMIRU~1\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nvStInst.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\oKTSypeZ.exe.part
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\InstallHelper.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\EnumDevLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\IpLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\libeay32.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RTLDHCP.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RtlICS.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RtlIhvOid.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RtlLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\EnumDevLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\IpLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\libeay32.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RTLDHCP.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RtlICS.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RtlIhvOid.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RtlLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\WDEE85E.tmp\CddbLangDE.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\WDEBC0D.tmp\CddbLangDE.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\WDE5253.tmp\CddbLangDE.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nsp2B29.tmp\LangDLL.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nsp2B29.tmp\nsis_chklist.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\mProjector3175261488\mPlayer.3.1.1k.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\dotNetFx40LP_Full_x86_x64de.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\isp3F16.tmp\_Setup.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-22 18:33
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-26 00:57:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD5000AAKS-00V1A0 rev.05.01D05 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ISMIRU~1\AppData\Local\Temp\kfdiauow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[472] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\services.exe[536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[808] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Windows\System32\svchost.exe[944] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\Explorer.EXE[1548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[1888] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[1888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76]
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[1888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1964] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76]
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1148] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[1856] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76]
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76]
.text ... * 2
.text C:\Program Files\Windows Sidebar\sidebar.exe[2476] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\SysWOW64\schtasks.exe[2496] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2516] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76]
.text ... * 2
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2612] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2784] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007738fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007738fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077390038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000773ac4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000773b1287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000766c5181 5 bytes JMP 00000001001a1014
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000766c5254 5 bytes JMP 00000001001a0804
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000766c53d5 5 bytes JMP 00000001001a0a08
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000766c54c2 5 bytes JMP 00000001001a0c0c
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000766c55e2 5 bytes JMP 00000001001a0e10
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000766c567c 5 bytes JMP 00000001001a01f8
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000766c589f 5 bytes JMP 00000001001a03fc
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000766c5a22 5 bytes JMP 00000001001a0600
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76]
.text ... * 2
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771b3b10 5 bytes JMP 00000001001e075c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771b7ac0 5 bytes JMP 00000001001e03a4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000771e1430 5 bytes JMP 00000001001e0b14
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000771e1490 5 bytes JMP 00000001001e0ecc
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e1570 5 bytes JMP 00000001001e163c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771e17b0 5 bytes JMP 00000001001e1284
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e27e0 5 bytes JMP 00000001001e19f4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe866e00 5 bytes JMP 000007ff7e881dac
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe866f2c 5 bytes JMP 000007ff7e880ecc
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe867220 5 bytes JMP 000007ff7e881284
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe86739c 5 bytes JMP 000007ff7e88163c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe867538 5 bytes JMP 000007ff7e8819f4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe8675e8 5 bytes JMP 000007ff7e8803a4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe86790c 5 bytes JMP 000007ff7e88075c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe867ab4 5 bytes JMP 000007ff7e880b14
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771b3b10 5 bytes JMP 000000010044075c
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771b7ac0 5 bytes JMP 00000001004403a4
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000771e1430 5 bytes JMP 0000000100440b14
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000771e1490 5 bytes JMP 0000000100440ecc
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e1570 5 bytes JMP 000000010044163c
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771e17b0 5 bytes JMP 0000000100441284
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e27e0 5 bytes JMP 00000001004419f4
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe866e00 5 bytes JMP 000007ff7e881dac
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe866f2c 5 bytes JMP 000007ff7e880ecc
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe867220 5 bytes JMP 000007ff7e881284
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe86739c 5 bytes JMP 000007ff7e88163c
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe867538 5 bytes JMP 000007ff7e8819f4
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe8675e8 5 bytes JMP 000007ff7e8803a4
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe86790c 5 bytes JMP 000007ff7e88075c
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe867ab4 5 bytes JMP 000007ff7e880b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3280] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771b3b10 5 bytes JMP 000000010039075c
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771b7ac0 5 bytes JMP 00000001003903a4
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000771e1430 5 bytes JMP 0000000100390b14
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000771e1490 5 bytes JMP 0000000100390ecc
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e1570 5 bytes JMP 000000010039163c
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771e17b0 5 bytes JMP 0000000100391284
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e27e0 5 bytes JMP 00000001003919f4
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe866e00 5 bytes JMP 000007ff7e881dac
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe866f2c 5 bytes JMP 000007ff7e880ecc
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe867220 5 bytes JMP 000007ff7e881284
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe86739c 5 bytes JMP 000007ff7e88163c
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe867538 5 bytes JMP 000007ff7e8819f4
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe8675e8 5 bytes JMP 000007ff7e8803a4
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe86790c 5 bytes JMP 000007ff7e88075c
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe867ab4 5 bytes JMP 000007ff7e880b14
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771b3b10 5 bytes JMP 000000010036075c
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771b7ac0 5 bytes JMP 00000001003603a4
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000771e1430 5 bytes JMP 0000000100360b14
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000771e1490 5 bytes JMP 0000000100360ecc
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e1570 5 bytes JMP 000000010036163c
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771e17b0 5 bytes JMP 0000000100361284
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e27e0 5 bytes JMP 00000001003619f4
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe866e00 5 bytes JMP 000007ff7e881dac
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe866f2c 5 bytes JMP 000007ff7e880ecc
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe867220 5 bytes JMP 000007ff7e881284
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe86739c 5 bytes JMP 000007ff7e88163c
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe867538 5 bytes JMP 000007ff7e8819f4
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe8675e8 5 bytes JMP 000007ff7e8803a4
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe86790c 5 bytes JMP 000007ff7e88075c
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe867ab4 5 bytes JMP 000007ff7e880b14
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe866e00 5 bytes JMP 000007ff7e881dac
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe866f2c 5 bytes JMP 000007ff7e880ecc
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe867220 5 bytes JMP 000007ff7e881284
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe86739c 5 bytes JMP 000007ff7e88163c
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe867538 5 bytes JMP 000007ff7e8819f4
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe8675e8 5 bytes JMP 000007ff7e8803a4
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe86790c 5 bytes JMP 000007ff7e88075c
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe867ab4 5 bytes JMP 000007ff7e880b14
.text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Users\Ismir Uebel\Desktop\gmer_2.1.19163.exe[2684] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [2548:4660] 000007feee3f9688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 4
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 177
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition1\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 1386102
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 3
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 4
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 177
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition1\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 1386102
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 3
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters@BootCounter 33
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition1\Windows
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters@TickCounter 260886
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet003\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet003\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet003\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet003\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet003\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet003\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet003\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet003\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet003\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet003\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@ObjectName LocalSystem
---- EOF - GMER 2.1 ----
Vielen Dank schonmal ... ich bin echt froh, dass es euch gibt! Grüße aus Berlin |
|
26.08.2013, 07:35
| #2 |
| /// the machine /// TB-Ausbilder    | Komische Probleme III hi,
__________________Additional.txt von FRST fehlt noch 
__________________ |
|
26.08.2013, 09:04
| #3 |
| | Komische Probleme III Oh, Entschuldigung, hab ich wohl vergessen.
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2013 Ran by Ismir Uebel at 2013-05-28 22:36:36 Run: Running from C:\Users\Ismir Uebel\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 ActiveX (Version: 11.7.700.202) Adobe Flash Player 11 Plugin (Version: 11.7.700.202) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03) avast! Free Antivirus (Version: 8.0.1489.0) CDBurnerXP (Version: 4.5.1.4003) DivX-Setup (Version: 2.6.1.32) FileHippo.com Update Checker FileZilla Client 3.7.0.1 (Version: 3.7.0.1) FLV Player 2.0 (build 25) (Version: 2.0 (build 25)) FormatFactory 3.0.1 (Version: 3.0.1) GIMP 2.8.4 (Version: 2.8.4) jAlbum (Version: 11.0.5) Java 7 Update 21 (64-bit) (Version: 7.0.210) Java 7 Update 21 (Version: 7.0.210) Java Auto Updater (Version: 2.1.9.5) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) MotoHelper 2.0.45 Driver 5.0.0 (Version: 2.0.45) MotoHelper MergeModules (Version: 1.2.0) Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0) Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1) Mozilla Maintenance Service (Version: 20.0.1) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) NVIDIA 3D Vision Controller-Treiber 314.07 (Version: 314.07) NVIDIA 3D Vision Treiber 314.07 (Version: 314.07) NVIDIA Drivers (Version: 1.10.62.40) NVIDIA Grafiktreiber 314.07 (Version: 314.07) NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1) NVIDIA Install Application (Version: 2.1002.109.706) NVIDIA PhysX (Version: 9.12.1031) NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031) NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1407) NVIDIA Systemsteuerung 314.07 (Version: 314.07) NVIDIA Update 1.12.12 (Version: 1.12.12) NVIDIA Update Components (Version: 1.12.12) OpenOffice.org 3.4.1 (Version: 3.41.9593) Panda USB Vaccine 1.0.1.4 Phase 5 HTML-Editor (Version: 5.6.2.3) Secunia PSI (3.0.0.4001) (Version: 3.0.0.4001) TeamSpeak 3 Client (Version: 3.0.10.1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) WinRAR 4.20 (32-Bit) (Version: 4.20.0) World of Warcraft (Version: 5.2.0.16826) ==================== Restore Points ========================= 10-05-2013 16:15:29 Installed MSXML 4.0 SP3 Parser 12-05-2013 11:53:05 Windows Update 13-05-2013 18:39:28 Windows Update 15-05-2013 05:06:01 Windows Update 15-05-2013 21:47:48 Windows Update 21-05-2013 10:13:27 Windows Update 28-05-2013 20:00:52 Windows Update ==================== Faulty Device Manager Devices ============= Name: Coprozessor Description: Coprozessor Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/14/2013 06:44:36 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847, Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847, Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften Prozesses: 0x1334 Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (05/10/2013 06:18:17 PM) (Source: Application Error) (User: ) Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder der Datenträger fehlt. Das Programm Secunia PSI Agent wurde wegen dieses Fehlers geschlossen. Programm: Secunia PSI Agent Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: 00000000 Datenträgertyp: 0 Error: (05/10/2013 06:18:17 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.4001, Zeitstempel: 0x50602ab1 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000096 Fehleroffset: 0x00048665 ID des fehlerhaften Prozesses: 0x4b4 Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0 Pfad der fehlerhaften Anwendung: PSIA.exe1 Pfad des fehlerhaften Moduls: PSIA.exe2 Berichtskennung: PSIA.exe3 Error: (05/07/2013 07:29:37 PM) (Source: Application Hang) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 658 Startzeit: 01ce4b44ab87d420 Endzeit: 5332 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: 9fcf88e1-b73b-11e2-b455-002511c81c08 Error: (05/01/2013 11:24:50 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/01/2013 11:24:50 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/01/2013 11:24:50 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/01/2013 11:24:49 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/01/2013 11:24:49 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/01/2013 11:24:48 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (05/28/2013 09:58:59 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (05/28/2013 09:58:59 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (05/28/2013 09:38:55 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am ?28.?05.?2013 um 21:33:52 unerwartet heruntergefahren. Error: (05/28/2013 09:32:52 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am ?28.?05.?2013 um 21:29:34 unerwartet heruntergefahren. Error: (05/28/2013 08:49:56 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (05/28/2013 08:49:56 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (05/28/2013 08:47:40 PM) (Source: BugCheck) (User: ) Description: 0x00000101 (0x0000000000000061, 0x0000000000000000, 0xfffff880009ea180, 0x0000000000000001)C:\Windows\MEMORY.DMP052813-19344-01 Error: (05/28/2013 08:47:34 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am ?28.?05.?2013 um 20:41:10 unerwartet heruntergefahren. Error: (05/28/2013 02:55:36 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (05/28/2013 02:55:36 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Microsoft Office Sessions: ========================= Error: (05/14/2013 06:44:36 AM) (Source: Application Error)(User: ) Description: firefox.exe20.0.1.484751650aeexul.dll20.0.1.484751650a09c0000005000b10e8133401ce505c09775580C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dllfa29b8a0-bc50-11e2-a364-002511c81c08 Error: (05/10/2013 06:18:17 PM) (Source: Application Error)(User: ) Description: Secunia PSI Agent000000000 Error: (05/10/2013 06:18:17 PM) (Source: Application Error)(User: ) Description: PSIA.exe3.0.0.400150602ab1ole32.dll6.1.7601.175144ce7b96fc0000096000486654b401ce4d994aa6af80C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Windows\syswow64\ole32.dll38c18c80-b98d-11e2-9a3b-002511c81c08 Error: (05/07/2013 07:29:37 PM) (Source: Application Hang)(User: ) Description: Explorer.EXE6.1.7601.1756765801ce4b44ab87d4205332C:\Windows\Explorer.EXE9fcf88e1-b73b-11e2-b455-002511c81c08 Error: (05/01/2013 11:24:50 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll Error: (05/01/2013 11:24:50 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll Error: (05/01/2013 11:24:50 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Plus Media Foundation Components\ACMWrapperDMO.dll Error: (05/01/2013 11:24:49 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll Error: (05/01/2013 11:24:49 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll Error: (05/01/2013 11:24:48 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Plus Media Foundation Components\ACMWrapperDMO.dll Soll ich nochmal scannen? |
|
26.08.2013, 09:05
| #4 |
| /// the machine /// TB-Ausbilder | Komische Probleme III Ja, FRST öffnen, Haken setzen bei Additional und scannen, dann gibt es ne neue.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.08.2013, 09:18
| #5 |
| | Komische Probleme III so dann hier nochmal beide ganz frisch: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2013 02
Ran by Ismir Uebel (administrator) on 26-08-2013 10:14:24
Running from C:\Users\Ismir Uebel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\system32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
==================== Registry (Whitelisted) ==================
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\system: [LogonHoursAction] 2
MountPoints2: {de962ca5-77b2-11e2-92be-806e6f6e6963} - D:\Autorun.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKU\täglicher Gebrauch\...\Policies\system: [LogonHoursAction] 2
HKU\täglicher Gebrauch\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK-Konfigurationstool.lnk
ShortcutTarget: TP-LINK-Konfigurationstool.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-30] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation )
R3 trustms; C:\Windows\System32\drivers\trustms.sys [12416 2010-11-15] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-26 00:47 - 2013-08-26 00:47 - 00000484 _____ C:\Users\Ismir Uebel\Desktop\defogger_disable.log
2013-08-26 00:47 - 2013-08-26 00:47 - 00000000 _____ C:\Users\Ismir Uebel\defogger_reenable
2013-08-26 00:44 - 2013-08-26 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-26 00:34 - 2013-08-26 00:34 - 00377856 _____ C:\Users\Ismir Uebel\Desktop\gmer_2.1.19163.exe
2013-08-26 00:33 - 2013-08-26 00:34 - 01576630 _____ (Farbar) C:\Users\Ismir Uebel\Desktop\FRST64.exe
2013-08-26 00:33 - 2013-08-26 00:33 - 00050477 _____ C:\Users\Ismir Uebel\Desktop\Defogger.exe
2013-08-25 14:40 - 2013-08-25 15:28 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Data
2013-08-23 14:48 - 2013-08-23 15:48 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Zero Hour Data
2013-08-23 14:14 - 2013-08-23 14:14 - 00014064 _____ C:\Users\Ismir Uebel\Desktop\Dienstplan September.odt
2013-08-23 13:30 - 2013-08-23 13:30 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\OpenOffice
2013-08-22 10:48 - 2013-08-22 11:42 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Neuer Ordner
2013-08-21 16:53 - 2013-08-21 16:53 - 03272136 _____ (Secunia) C:\Users\Ismir Uebel\Downloads\PSISetup711.exe
2013-08-21 12:09 - 2013-08-21 12:09 - 00009869 _____ C:\Users\ISMIRU~1\AppData\Local\recently-used.xbel
2013-08-18 16:24 - 2013-08-18 16:24 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-18 13:16 - 2013-08-18 13:16 - 00003262 _____ C:\Windows\System32\Tasks\{D0C60491-CDE1-4122-94E4-5116A5D060B4}
2013-08-18 12:59 - 2013-08-18 12:59 - 00001252 _____ C:\Users\Public\Desktop\Command & Conquer.lnk
2013-08-18 12:48 - 2013-08-18 12:48 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-08-18 11:15 - 2013-08-24 08:22 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-08-18 11:14 - 2013-08-18 11:15 - 04817275 _____ (Tim Kosse) C:\Users\Ismir Uebel\Downloads\FileZilla_3.7.2_win32-setup.exe
2013-08-18 11:13 - 2013-08-18 11:13 - 01620836 _____ (FileZilla Project) C:\Users\Ismir Uebel\Downloads\FileZilla_Server-0_9_41.exe
2013-08-15 09:47 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 09:47 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 09:47 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 09:47 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 09:47 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 09:47 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 09:47 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 09:47 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 09:47 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 09:47 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 09:47 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 09:47 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 08:43 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 08:43 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 08:43 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 08:43 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 08:43 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 08:43 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 08:43 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 08:43 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 08:42 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 08:42 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 08:42 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 08:42 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 08:42 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 08:42 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 08:42 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 08:42 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 08:42 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 08:42 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 08:42 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 08:42 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 08:42 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 08:42 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 08:42 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 08:42 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 08:42 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 08:42 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 08:42 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-09 20:06 - 2013-08-09 20:07 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\messer
2013-08-06 17:06 - 2013-08-06 17:22 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist Fotos
2013-08-06 17:04 - 2013-08-06 17:06 - 200804141 _____ C:\Users\Ismir Uebel\Downloads\Resist.zip
2013-08-06 14:48 - 2013-08-06 14:56 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist To Exist Shirts
2013-08-01 10:55 - 2013-08-01 10:55 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-08-01 10:54 - 2013-08-01 10:54 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-01 09:38 - 2013-08-01 09:39 - 162401424 _____ C:\Users\Ismir Uebel\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-07-30 16:33 - 2013-07-30 16:33 - 00000000 ____D C:\ProgramData\EA Core
2013-07-30 16:32 - 2013-07-30 16:32 - 00000000 ____D C:\Users\Ismir Uebel\Documents\MeinSpore-Kreationen
2013-07-30 16:31 - 2013-07-30 16:39 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\SPORE
2013-07-30 16:31 - 2013-07-30 16:31 - 00000000 __RHD C:\Users\Ismir Uebel\AppData\Roaming\SecuROM
2013-07-30 16:31 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-07-30 16:31 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-07-30 16:30 - 2013-08-18 12:59 - 00018681 _____ C:\Windows\DirectX.log
2013-07-30 16:15 - 2013-07-30 16:15 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-07-30 16:14 - 2013-07-31 19:04 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Origin
2013-07-30 16:14 - 2013-07-30 16:15 - 00000000 ____D C:\Users\ISMIRU~1\AppData\Local\Origin
2013-07-30 16:12 - 2013-08-18 12:00 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-30 16:12 - 2013-07-30 16:15 - 00000000 ____D C:\ProgramData\Origin
2013-07-30 16:12 - 2013-07-30 16:12 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-07-30 16:12 - 2013-07-30 16:12 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-07-30 16:11 - 2013-07-30 16:11 - 16949128 _____ (Electronic Arts, Inc.) C:\Users\Ismir Uebel\Downloads\OriginThinSetup.exe
2013-07-29 11:44 - 2013-07-29 11:48 - 50742119 _____ C:\Users\Ismir Uebel\Downloads\Knochenfabrik - Ameisenstaat (1999).rar
==================== One Month Modified Files and Folders =======
2013-08-26 09:48 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-26 09:48 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-26 09:42 - 2013-08-26 00:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-26 09:42 - 2013-06-05 23:16 - 01216841 _____ C:\Windows\WindowsUpdate.log
2013-08-26 09:42 - 2013-05-29 12:16 - 00001075 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-26 09:42 - 2013-05-29 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-26 09:41 - 2013-04-18 06:32 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-08-26 09:41 - 2013-02-27 22:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-26 09:40 - 2013-06-05 23:16 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-26 09:40 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-26 09:40 - 2009-07-14 06:51 - 01071394 _____ C:\Windows\setupact.log
2013-08-26 00:57 - 2013-08-26 00:57 - 00072114 _____ C:\Users\Ismir Uebel\Desktop\gmer scan.log
2013-08-26 00:47 - 2013-08-26 00:47 - 00000484 _____ C:\Users\Ismir Uebel\Desktop\defogger_disable.log
2013-08-26 00:47 - 2013-08-26 00:47 - 00000000 _____ C:\Users\Ismir Uebel\defogger_reenable
2013-08-26 00:47 - 2013-06-05 23:18 - 00000000 ____D C:\Users\Ismir Uebel
2013-08-26 00:34 - 2013-08-26 00:34 - 00377856 _____ C:\Users\Ismir Uebel\Desktop\gmer_2.1.19163.exe
2013-08-26 00:34 - 2013-08-26 00:33 - 01576630 _____ (Farbar) C:\Users\Ismir Uebel\Desktop\FRST64.exe
2013-08-26 00:33 - 2013-08-26 00:33 - 00050477 _____ C:\Users\Ismir Uebel\Desktop\Defogger.exe
2013-08-26 00:19 - 2013-02-16 02:26 - 00058764 _____ C:\Windows\PFRO.log
2013-08-25 15:28 - 2013-08-25 14:40 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Data
2013-08-24 08:22 - 2013-08-18 11:15 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-08-23 15:48 - 2013-08-23 14:48 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Zero Hour Data
2013-08-23 14:14 - 2013-08-23 14:14 - 00014064 _____ C:\Users\Ismir Uebel\Desktop\Dienstplan September.odt
2013-08-23 13:30 - 2013-08-23 13:30 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\OpenOffice
2013-08-22 12:31 - 2013-02-16 18:17 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Filme - intern
2013-08-22 11:42 - 2013-08-22 10:48 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Neuer Ordner
2013-08-22 10:29 - 2013-06-06 09:36 - 00071944 _____ C:\Users\ISMIRU~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-21 16:53 - 2013-08-21 16:53 - 03272136 _____ (Secunia) C:\Users\Ismir Uebel\Downloads\PSISetup711.exe
2013-08-21 13:06 - 2009-07-14 19:58 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-08-21 13:06 - 2009-07-14 19:58 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-08-21 13:06 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-21 12:17 - 2013-07-24 16:00 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\patches
2013-08-21 12:15 - 2013-04-01 12:55 - 00000000 ____D C:\Users\Ismir Uebel\.gimp-2.8
2013-08-21 12:09 - 2013-08-21 12:09 - 00009869 _____ C:\Users\ISMIRU~1\AppData\Local\recently-used.xbel
2013-08-19 22:42 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-18 19:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 16:28 - 2009-07-14 06:45 - 00315552 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-18 16:24 - 2013-08-18 16:24 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-18 13:16 - 2013-08-18 13:16 - 00003262 _____ C:\Windows\System32\Tasks\{D0C60491-CDE1-4122-94E4-5116A5D060B4}
2013-08-18 13:15 - 2013-02-15 23:14 - 00000000 ____D C:\Users\ISMIRU~1\AppData\Local\VirtualStore
2013-08-18 12:59 - 2013-08-18 12:59 - 00001252 _____ C:\Users\Public\Desktop\Command & Conquer.lnk
2013-08-18 12:59 - 2013-07-30 16:30 - 00018681 _____ C:\Windows\DirectX.log
2013-08-18 12:48 - 2013-08-18 12:48 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-08-18 12:48 - 2013-07-10 18:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-18 12:00 - 2013-07-30 16:12 - 00000000 ____D C:\Program Files (x86)\Origin
2013-08-18 11:15 - 2013-08-18 11:14 - 04817275 _____ (Tim Kosse) C:\Users\Ismir Uebel\Downloads\FileZilla_3.7.2_win32-setup.exe
2013-08-18 11:15 - 2013-02-17 13:10 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\FileZilla
2013-08-18 11:13 - 2013-08-18 11:13 - 01620836 _____ (FileZilla Project) C:\Users\Ismir Uebel\Downloads\FileZilla_Server-0_9_41.exe
2013-08-15 09:43 - 2013-07-22 11:52 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 09:42 - 2013-06-06 09:59 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 12:49 - 2013-02-16 03:54 - 00000000 ____D C:\World of Warcraft
2013-08-12 18:42 - 2013-04-29 06:19 - 00001949 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-08-12 18:42 - 2013-04-29 06:19 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-08-09 20:07 - 2013-08-09 20:06 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\messer
2013-08-06 17:22 - 2013-08-06 17:06 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist Fotos
2013-08-06 17:06 - 2013-08-06 17:04 - 200804141 _____ C:\Users\Ismir Uebel\Downloads\Resist.zip
2013-08-06 14:57 - 2013-02-16 03:58 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Ismir
2013-08-06 14:56 - 2013-08-06 14:48 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist To Exist Shirts
2013-08-01 10:55 - 2013-08-01 10:55 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-08-01 10:54 - 2013-08-01 10:54 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-01 10:54 - 2013-02-16 03:34 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-08-01 10:51 - 2013-03-10 12:12 - 00011776 ___SH C:\Users\Ismir Uebel\Thumbs.db
2013-08-01 09:39 - 2013-08-01 09:38 - 162401424 _____ C:\Users\Ismir Uebel\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-07-31 19:04 - 2013-07-30 16:14 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Origin
2013-07-30 16:39 - 2013-07-30 16:31 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\SPORE
2013-07-30 16:33 - 2013-07-30 16:33 - 00000000 ____D C:\ProgramData\EA Core
2013-07-30 16:32 - 2013-07-30 16:32 - 00000000 ____D C:\Users\Ismir Uebel\Documents\MeinSpore-Kreationen
2013-07-30 16:31 - 2013-07-30 16:31 - 00000000 __RHD C:\Users\Ismir Uebel\AppData\Roaming\SecuROM
2013-07-30 16:15 - 2013-07-30 16:15 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-07-30 16:15 - 2013-07-30 16:14 - 00000000 ____D C:\Users\ISMIRU~1\AppData\Local\Origin
2013-07-30 16:15 - 2013-07-30 16:12 - 00000000 ____D C:\ProgramData\Origin
2013-07-30 16:12 - 2013-07-30 16:12 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-07-30 16:12 - 2013-07-30 16:12 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-07-30 16:11 - 2013-07-30 16:11 - 16949128 _____ (Electronic Arts, Inc.) C:\Users\Ismir Uebel\Downloads\OriginThinSetup.exe
2013-07-29 11:48 - 2013-07-29 11:44 - 50742119 _____ C:\Users\Ismir Uebel\Downloads\Knochenfabrik - Ameisenstaat (1999).rar
Files to move or delete:
====================
C:\Users\ISMIRU~1\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nvStInst.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\oKTSypeZ.exe.part
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\InstallHelper.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\EnumDevLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\IpLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\libeay32.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RTLDHCP.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RtlICS.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RtlIhvOid.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RtlLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\EnumDevLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\IpLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\libeay32.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RTLDHCP.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RtlICS.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RtlIhvOid.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RtlLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\WDEE85E.tmp\CddbLangDE.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\WDEBC0D.tmp\CddbLangDE.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\WDE5253.tmp\CddbLangDE.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nsp2B29.tmp\LangDLL.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nsp2B29.tmp\nsis_chklist.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\mProjector3175261488\mPlayer.3.1.1k.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\MozUpdater\bgupdate\updater.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\dotNetFx40LP_Full_x86_x64de.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\isp3F16.tmp\_Setup.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-22 18:33
==================== End Of Log ============================
und Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2013 02 Ran by Ismir Uebel at 2013-08-26 10:15:07 Running from C:\Users\Ismir Uebel\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) avast! Free Antivirus (x32 Version: 8.0.1489.0) Bing-Desktop (x32 Version: 1.3.171.0) CDBurnerXP (x32 Version: 4.5.2.4214) Command & Conquer Die ersten 10 Jahre (x32 Version: 1.00.0000) DivX-Setup (x32 Version: 2.6.1.32) FileZilla Client 3.7.3 (x32 Version: 3.7.3) FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25)) FormatFactory 3.0.1 (x32 Version: 3.0.1) jAlbum (x32 Version: 11.0.5) Java 7 Update 25 (64-bit) (Version: 7.0.250) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) MotoHelper 2.0.45 Driver 5.0.0 (x32 Version: 2.0.45) MotoHelper MergeModules (x32 Version: 1.2.0) Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0) Mozilla Firefox 23.0 (x86 de) (x32 Version: 23.0) Mozilla Maintenance Service (x32 Version: 23.0) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49) NVIDIA 3D Vision Treiber 320.49 (Version: 320.49) NVIDIA Drivers (Version: 1.10.62.40) NVIDIA Grafiktreiber 320.49 (Version: 320.49) NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2) NVIDIA Install Application (Version: 2.1002.124.810) NVIDIA PhysX (x32 Version: 9.13.0604) NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049) NVIDIA Systemsteuerung 320.49 (Version: 320.49) NVIDIA Update 1.12.12 (Version: 1.12.12) NVIDIA Update Components (Version: 1.12.12) OpenOffice 4.0.0 (x32 Version: 4.00.9702) Origin (x32 Version: 9.3.1.4482) P 2.8.4 (Version: 2.8.4) Panda USB Vaccine 1.0.1.4 (x32) Phase 5 HTML-Editor (x32 Version: 5.6.2.3) PosteRazor (x32 Version: 1.5) Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011) SPORE™ (x32 Version: 1.05.0001) TeamSpeak 3 Client (Version: 3.0.10.1) TP-LINK 300Mbps Wireless USB Adapter Treiber (x32 Version: 1.3.1) TP-LINK-Konfigurationstool (x32 Version: 1.3.1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) Winamp (x32 Version: 5.64 ) Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1) WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0) World of Warcraft (x32 Version: 5.3.0.17128) ==================== Restore Points ========================= 15-08-2013 07:41:31 Windows Update 18-08-2013 10:48:31 Installiert Command & Conquer Die ersten 10 Jahre 19-08-2013 08:00:47 Windows-Sicherung 20-08-2013 06:01:09 Windows Update 26-08-2013 07:50:59 Windows-Sicherung ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0BBE5BCD-2836-4487-A909-E1F560891DEC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {3C3A1CDA-0950-4EDC-BE8F-63A4A26A4C85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-13] (Adobe Systems Incorporated) Task: {51483FA3-3041-4CD2-9699-497DDB1C66B4} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] () Task: {59C932E9-D492-4049-A3D8-EB55827CFD1C} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation) Task: {61FB653C-478F-4BAB-8622-05407E373B47} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] () Task: {7A3F5438-0429-4A2A-9DA9-31E58C6A6D25} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {8A907C1F-F026-4ABE-AAF6-CB2348136987} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] () Task: {98AA0F46-07C4-4493-ACE8-C446B7991C30} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] () Task: {A96F0D0C-1789-49F4-AFB3-CF811BB7605C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {C0D7F1BC-1DFE-44C5-B1E9-A5416FF199CC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {C78ED25B-2E98-48C5-BF6F-E18C42A4A65C} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] () Task: {CAF4A85B-ED87-4E03-B751-76592CF4F384} - \SidebarExecute No Task File Task: {D6A437D8-D612-4735-A0BC-4831F9101D5C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Faulty Device Manager Devices ============= Name: Coprozessor Description: Coprozessor Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/26/2013 09:42:02 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.7011, Zeitstempel: 0x51d3d69b Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004866a ID des fehlerhaften Prozesses: 0x8e0 Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0 Pfad der fehlerhaften Anwendung: PSIA.exe1 Pfad des fehlerhaften Moduls: PSIA.exe2 Berichtskennung: PSIA.exe3 Error: (08/26/2013 01:04:28 AM) (Source: Application Hang) (User: ) Description: Programm updater.exe, Version 23.0.0.4959 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c84 Startzeit: 01cea1e6c3d0c480 Endzeit: 0 Anwendungspfad: C:\Users\ISMIRU~1\AppData\Local\Temp\MozUpdater\bgupdate\updater.exe Berichts-ID: Error: (08/22/2013 11:47:24 AM) (Source: Application Hang) (User: ) Description: Programm USBVaccine.exe, Version 1.0.1.4 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 94c Startzeit: 01ce9f0d5a8eb440 Endzeit: 2 Anwendungspfad: C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe Berichts-ID: Error: (07/15/2013 10:13:19 AM) (Source: Application Hang) (User: ) Description: Programm USBVaccine.exe, Version 1.0.1.4 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a80 Startzeit: 01ce812e39d9aa40 Endzeit: 3 Anwendungspfad: C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe Berichts-ID: 67028231-ed26-11e2-895e-002511c81c08 Error: (06/09/2013 07:22:19 AM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "mscorlib, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=x86" /NoDependencies . The error returned was Error: The specified assembly is not installed. . Error: (06/09/2013 07:22:12 AM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "mscorlib, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=amd64" /NoDependencies . The error returned was Error: The specified assembly is not installed. . Error: (06/08/2013 11:00:21 PM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Design, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed. . Error: (06/08/2013 11:00:21 PM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Windows.Forms, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed. . Error: (06/08/2013 11:00:21 PM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed. . Error: (06/08/2013 11:00:21 PM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed. . System errors: ============= Error: (08/26/2013 09:43:08 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (08/26/2013 09:43:08 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (08/26/2013 09:42:04 AM) (Source: Service Control Manager) (User: ) Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (08/26/2013 09:40:29 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\Rtlihvs.dll Fehlercode: 126 Error: (08/26/2013 01:01:13 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (08/26/2013 01:01:13 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (08/26/2013 00:58:51 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\Rtlihvs.dll Fehlercode: 126 Error: (08/26/2013 00:31:46 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (08/26/2013 00:31:46 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (08/26/2013 00:29:35 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\Rtlihvs.dll Fehlercode: 126 Microsoft Office Sessions: ========================= Error: (08/26/2013 09:42:02 AM) (Source: Application Error)(User: ) Description: PSIA.exe3.0.0.701151d3d69bole32.dll6.1.7601.175144ce7b96fc00000050004866a8e001cea22f9857ca80C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Windows\syswow64\ole32.dllfe7fad00-0e22-11e3-9d6e-002511c81c08 Error: (08/26/2013 01:04:28 AM) (Source: Application Hang)(User: ) Description: updater.exe23.0.0.4959c8401cea1e6c3d0c4800C:\Users\ISMIRU~1\AppData\Local\Temp\MozUpdater\bgupdate\updater.exe Error: (08/22/2013 11:47:24 AM) (Source: Application Hang)(User: ) Description: USBVaccine.exe1.0.1.494c01ce9f0d5a8eb4402C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe Error: (07/15/2013 10:13:19 AM) (Source: Application Hang)(User: ) Description: USBVaccine.exe1.0.1.4a8001ce812e39d9aa403C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe67028231-ed26-11e2-895e-002511c81c08 Error: (06/09/2013 07:22:19 AM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "mscorlib, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=x86" /NoDependencies . The error returned was Error: The specified assembly is not installed. . Error: (06/09/2013 07:22:12 AM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "mscorlib, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=amd64" /NoDependencies . The error returned was Error: The specified assembly is not installed. . Error: (06/08/2013 11:00:21 PM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Design, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed. . Error: (06/08/2013 11:00:21 PM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Windows.Forms, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed. . Error: (06/08/2013 11:00:21 PM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed. . Error: (06/08/2013 11:00:21 PM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed. . ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 8191.24 MB Available physical RAM: 6721.33 MB Total Pagefile: 16380.67 MB Available Pagefile: 14926.16 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.76 GB) (Free:374.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DE10J) (CDROM) (Total:7.01 GB) (Free:0 GB) UDF Drive f: (VERBATIM) (Fixed) (Total:232.83 GB) (Free:88.45 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0DFADDDB) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 233 GB) (Disk ID: 06B9DB8A) Partition 1: (Not Active) - (Size=233 GB) - (Type=0C) ==================== End Of Log ============================ |
|
26.08.2013, 11:47
| #6 |
| /// the machine /// TB-Ausbilder | Komische Probleme III Zeig mal bitte nen Screenshot von den Ordnern. Bei Firefox will er immer von Version 23 auf 23.1 updaten oder wie?
__________________ --> Komische Probleme III |
|
27.08.2013, 07:05
| #7 |
| | Komische Probleme III Er möchte halt immer wieder, dass ich den PC neu starte um updates zu installieren, was genau weiß ich jetzt auch nicht, ist auch nicht bei jedem Neustart von Firfox. Ich mache davon dann nächste mal auch nen Screenshot. Und hier der Screenshot von den Ordnern:  und das kommt, wenn ich einen "verschlossenen" Ordner öffnen möchte:  Hier nochmal ergänzend, was eventuell hilfreiches, zum Firefox-Problem. Secunia PSI will da auch ständig updaten, aber der Vorgang kommt nicht zum Ende und beginnt immer wieder neu ...  |
|
27.08.2013, 11:00
| #8 | |
| /// the machine /// TB-Ausbilder | Komische Probleme IIIZitat:
Screenshot sehe ich keinen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.08.2013, 08:05
| #9 |
| | Komische Probleme III Ich soll den PC neu starten. Bei Secunia steht er will von 20.0.1. auf 23.x updaten aber wenn ich über Firefox selbst versuche zu updaten, sagt er, dass alles aktuell ist. Ich habe die drei Screenshots (.png Format) mal als Dateianhang hinzugefügt. Hoffe du kannst sie dann sehen, bei mir werden sie auch im Forum angezeigt. |
|
28.08.2013, 09:39
| #10 |
| /// the machine /// TB-Ausbilder | Komische Probleme III Dann spinnt Secunia, ignorier das. Oder startet Firefox von sich aus ein Update? Du lässt versteckte Dateien und Ordner anzeigen, daher siehst Du Recycler und Co. Einzig der Programme-Ordner ist komisch. Kannst Du mit Rechtsklick die Rechte übernehmen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.08.2013, 11:40
| #11 |
| | Komische Probleme III Firefox hat ebend wieder geupdatet aber dann angezeigt, in nem extra Tab, dass er aktull ist. Und ich kann da nix ändern an dem Programme Ordner. Egal ob ich auf SYSTEM, Mich als Nutzer oder Admin umstelle, es ändert sich nix und ich kann den Ordner nicht öffnen, gleiches bei den beiden anderen verschlossenen. |
|
28.08.2013, 16:43
| #12 |
| /// the machine /// TB-Ausbilder | Komische Probleme III Downloade dir bitte Windows Repair (All In One) von hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.08.2013, 21:13
| #13 |
| | Komische Probleme III So, erledigt ... jetzt sind sie nicht mehr verschlossen sondern Verknüpfungen. Hier nochmal nen Screenshot (auch als Anhang)  |
|
29.08.2013, 08:06
| #14 |
| /// the machine /// TB-Ausbilder | Komische Probleme III und wohin zeigen die Verknüpfungen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.08.2013, 08:19
| #15 |
| | Komische Probleme III Die Verknüpfung von Programme führt zu Programme. Im Programme Ordner ist wieder ein verschlossener Ordner Namens "Gemeinsame Dateien" Die Verknüpfung Dokumente und Einstellungen führt zu Dokumente und Einstellungen (Wobei dieser Ordner auf der Festplatte C (laut Pfad) liegen soll, dort aber nicht angezeigt wird). Im Ordner Dokumente und Einstellungen ist ein Ordner mit solch einem Schloss, ich kann ihn aber öffnen, Namens: "All Users". Und der Ordner Documents and Settings zeigt zwar kein Schloss mehr an aber ich kann ihn trotzdem nicht öffnen bzw. die Verknüpfung führt nirgendwo hin. (Kann nicht zugegriffen werden) |
|
| Themen zu Komische Probleme III |
| adobe, antivirus, avast, browser, einstellungen, explorer, farbar, farbar recovery scan tool, festplatte, firefox, flash player, ftp, home, installation, langsam, mozilla, origin, panda usb vaccine, plug-in, realtek, registry, secunia psi, security, services.exe, software, svchost.exe, taskhost.exe, temp, updates, usb, vista, zugriff verweigert |
Linear-Darstellung
