![]() |
|
Log-Analyse und Auswertung: Win 7: Bei Facebook-Spiel Weiterleitung auf Website zur Aktualisierung des Flash Players und unerwünschte WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Win 7: Bei Facebook-Spiel Weiterleitung auf Website zur Aktualisierung des Flash Players und unerwünschte Werbung Hallo, seit einigen Tagen hat sich seltsame Werbung auf meinen PC geschlichen, egal auf welche Website ich gehe. Angefangen hat es damit, dass ich während eines Spiels auf Facebook (Pioneer Trail) auf einmal auf eine Website weitergeleitet wurde, die mir sagte, ich solle meinen Flash Player aktualisieren. Ich habe nichts von dieser Seite installiert, sondern sie gleich weg geklickt. Ich weiß auch, dass mein Player aktuell ist. Aber ich werde immer wieder auf diese Seite weitergeleitet, inzwischen auch wenn nicht spiele und nur durchs Internet surfe. Ich fürchte, ich habe mir einen Virus oder so eingefangen, mein AntiVir findet aber nichts und sagt alles sei sauber. Ich habe zwischendurch auch den CCleaner laufen lassen, das hat aber auch nicht viel gebracht. Dankeschön schon mal! Defogger.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 09:41 on 11/03/2014 (Jessy) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2014 Ran by Jessy (administrator) on JESSY-PC on 11-03-2014 09:43:11 Running from C:\Users\Jessy\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Koyote-Lab Inc.) C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (Koyote-Lab Inc.) C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Koyote-Lab Inc.) C:\Program Files\Movies Toolbar\Datamngr\DatamngrUI.exe (VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Siliten) C:\Program Files\SilverCrest OMC807 Driver\MouClient_FD2_9063RL.exe (SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Ask) C:\Program Files\Ask.com\Updater\Updater.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Gainward Co.) C:\Program Files\EXPERTool\TBPANEL.exe (LG Electronics) C:\Users\Jessy\Bluebirds\BlueBirds.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe () C:\Program Files\NETGEAR\WG111v3\WG111v3.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [17154048 2009-03-31] (VIA) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Launch SilverCrest OMC807] - C:\Program Files\SilverCrest OMC807 Driver\MouClient_FD2_9063RL.exe [860672 2010-08-30] (Siliten) HKLM\...\Run: [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe [111928 2010-06-07] (SweetIM Technologies Ltd.) HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [] - [X] HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1573584 2012-08-22] (Ask) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-444858187-217174955-1083293144-1000\...\Run: [GAINWARD] - C:\Program Files\EXPERTool\TBPanel.exe [2181672 2009-05-12] (Gainward Co.) HKU\S-1-5-21-444858187-217174955-1083293144-1000\...\Run: [bluebirds] - C:\Users\Jessy\Bluebirds\BlueBirds.exe [270336 2009-04-29] (LG Electronics) HKU\S-1-5-21-444858187-217174955-1083293144-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-26] (Google Inc.) HKU\S-1-5-21-444858187-217174955-1083293144-1000\...\Run: [EPSON Stylus Photo R265 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE [139264 2006-05-19] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-444858187-217174955-1083293144-1000\...\MountPoints2: {4616de17-6be1-11e0-9a90-806e6f6e6963} - F:\BlueBirds.exe HKU\S-1-5-21-444858187-217174955-1083293144-1000\...\MountPoints2: {e5c71457-3e62-11de-8519-806e6f6e6963} - G:\BlueBirds.exe AppInit_DLLs: C:\PROGRA~2\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-11-04] () AppInit_DLLs: C:\PROGRA~1\MOVIES~1\Datamngr\mgrldr.dll => C:\Program Files\Movies Toolbar\Datamngr\mgrldr.dll [19976 2014-02-05] () IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll [486408 2014-02-05] () <===== ATTENTION HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?o=APN10649A&gct=hp&d=414-0&v=u11465-263&t=4 URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) URLSearchHook: HKCU - SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=414&v=u11465-263&apn_uid=2782881527914174&apn_dtid=BND414&o=APN10649&apn_ptnrs=AGA&q={searchTerms} SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=414&v=u11465-263&apn_uid=2782881527914174&apn_dtid=BND414&o=APN10649&apn_ptnrs=AGA&q={searchTerms} SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} SearchScopes: HKCU - {5A4E8318-D731-4B22-A324-070CFB155336} URL = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=414&v=u11465-263&apn_uid=2782881527914174&apn_dtid=BND414&o=APN10649&apn_ptnrs=AGA&q={searchTerms} SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Movies Toolbar (Dist. by Koyote-Lab, Inc.) - {e5d4f4fd-a039-4670-8354-633c30a5f54e} - C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll () BHO: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () Toolbar: HKLM - Movies Toolbar (Dist. by Koyote-Lab, Inc.) - {e5d4f4fd-a039-4670-8354-633c30a5f54e} - C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll () Toolbar: HKCU - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 FireFox: ======== FF ProfilePath: C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\vimzzb92.Jessy FF SearchEngineOrder.1: Ask.com FF Homepage: hxxp://www.google.de/ FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=B0C06E25-60B3-48FC-B02A-E3248A0C48A0&apn_ptnrs=^AGS&apn_sauid=6BBA1B91-6AF5-418C-8312-843C47DC52F0&apn_dtid=^YYYYYY^YY^DE&&q= FF NetworkProxy: "backup.ftp", "119.30.39.1" FF NetworkProxy: "backup.ftp_port", 3128 FF NetworkProxy: "backup.socks", "119.30.39.1" FF NetworkProxy: "backup.socks_port", 3128 FF NetworkProxy: "backup.ssl", "119.30.39.1" FF NetworkProxy: "backup.ssl_port", 3128 FF NetworkProxy: "ftp", "119.30.39.1" FF NetworkProxy: "ftp_port", 3128 FF NetworkProxy: "http", "119.30.39.1" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "119.30.39.1" FF NetworkProxy: "socks_port", 3128 FF NetworkProxy: "ssl", "119.30.39.1" FF NetworkProxy: "ssl_port", 3128 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jessy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll (Caminova, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\vimzzb92.Jessy\searchplugins\Ask.xml FF SearchPlugin: C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\vimzzb92.Jessy\searchplugins\askcom.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\vimzzb92.Jessy\Extensions\artur.dubovoy@gmail.com [2014-03-11] FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\vimzzb92.Jessy\Extensions\toolbar@ask.com [2013-03-15] FF Extension: DownloadHelper - C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\vimzzb92.Jessy\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-19] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-19] Chrome: ======= CHR HomePage: hxxp://www.searchnu.com/414 CHR RestoreOnStartup: "hxxp://www.searchnu.com/414" CHR DefaultSearchProvider: Search Results CHR DefaultSearchURL: hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=414&sr=0&q={searchTerms} CHR HKLM\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Jessy\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.5.0.crx [2013-03-15] ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-21] (Avira Operations GmbH & Co. KG) R2 DatamngrCoordinator; C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [3449864 2014-02-05] (Koyote-Lab Inc.) R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION) R2 HPSLPSVC; C:\Users\Jessy\AppData\Local\Temp\7zS5D4D\hpslpsvc32.dll [701288 2011-11-14] (Hewlett-Packard Co.) ==================== Drivers (Whitelisted) ==================== R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-11-10] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG) S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten) R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48128 2008-09-23] (Atheros Communications, Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-11-10] () R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [376832 2009-11-18] (NETGEAR Inc. ) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-15] (Avira GmbH) R2 TBPanel; C:\Windows\system32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider) R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1007104 2009-03-26] (VIA Technologies, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-11 09:43 - 2014-03-11 09:43 - 00021499 _____ () C:\Users\Jessy\Desktop\FRST.txt 2014-03-11 09:43 - 2014-03-11 09:43 - 00000000 ____D () C:\FRST 2014-03-11 09:42 - 2014-03-11 09:42 - 01145856 _____ (Farbar) C:\Users\Jessy\Desktop\FRST.exe 2014-03-11 09:40 - 2014-03-11 09:41 - 00000472 _____ () C:\Users\Jessy\Desktop\defogger_disable.log 2014-03-11 09:40 - 2014-03-11 09:40 - 00000000 _____ () C:\Users\Jessy\defogger_reenable 2014-03-11 09:39 - 2014-03-11 09:39 - 00050477 _____ () C:\Users\Jessy\Desktop\Defogger.exe 2014-03-11 09:32 - 2014-03-11 09:33 - 00000224 _____ () C:\Windows\setupact.log 2014-03-11 09:32 - 2014-03-11 09:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-11 09:31 - 2014-03-11 09:31 - 00000568 _____ () C:\Windows\PFRO.log 2014-03-11 09:30 - 2014-03-10 09:50 - 00000426 _____ () C:\AVScanner.ini 2014-03-10 09:49 - 2014-03-10 09:49 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-05 21:51 - 2014-03-01 16:37 - 266282340 ____N () C:\Users\Jessy\Desktop\20140301_163406.mp4 2014-03-05 21:50 - 2014-03-01 16:29 - 240251425 ____N () C:\Users\Jessy\Desktop\20140301_162610.mp4 2014-03-04 08:29 - 2014-03-04 08:29 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-02-19 22:19 - 2014-02-19 22:19 - 00007602 _____ () C:\Users\Jessy\AppData\Local\Resmon.ResmonCfg 2014-02-19 22:11 - 2014-02-19 22:11 - 00000494 _____ () C:\Users\Jessy\Desktop\Lokaler Datenträger (E) - Verknüpfung.lnk 2014-02-19 18:29 - 2014-02-19 18:29 - 00000000 ____D () C:\ProgramData\BrowserProtect 2014-02-19 18:29 - 2014-02-19 18:29 - 00000000 ____D () C:\ProgramData\Browser Manager 2014-02-19 18:29 - 2014-02-19 18:29 - 00000000 ____D () C:\ProgramData\BitGuard 2014-02-19 18:20 - 2014-02-19 18:20 - 00000936 _____ () C:\Users\Jessy\Desktop\Öko - Verknüpfung.lnk 2014-02-19 18:19 - 2014-02-19 18:19 - 00000494 _____ () C:\Users\Jessy\Desktop\Lokaler Datenträger (D) - Verknüpfung.lnk 2014-02-19 17:58 - 2014-02-19 17:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-19 17:34 - 2014-02-19 17:34 - 00001163 _____ () C:\Users\Jessy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Video Converter.lnk 2014-02-19 17:33 - 2014-03-11 09:34 - 00000000 ____D () C:\ProgramData\Datamngr 2014-02-19 17:33 - 2014-02-19 17:33 - 00000000 ____D () C:\ProgramData\Wincert 2014-02-19 17:33 - 2014-02-19 17:33 - 00000000 ____D () C:\Program Files\Movies Toolbar 2014-02-18 07:31 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-02-18 07:31 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-02-18 07:31 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-02-18 07:31 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-02-18 07:30 - 2014-02-18 07:31 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-02-16 21:34 - 2014-02-23 19:16 - 00000000 ____D () C:\Users\Jessy\AppData\Roaming\FreeVideoConverter 2014-02-16 21:34 - 2014-02-19 17:33 - 00001099 _____ () C:\Users\Jessy\Desktop\Free Video Converter.lnk 2014-02-16 21:34 - 2014-02-19 17:33 - 00000000 ____D () C:\Program Files\Windows Searchqu Toolbar 2014-02-16 21:34 - 2014-02-19 17:33 - 00000000 ____D () C:\Program Files\Free Video Converter 2014-02-16 21:34 - 2014-02-18 11:20 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-02-12 17:49 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-12 17:49 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-12 17:49 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-12 17:49 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-12 17:49 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-12 17:49 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-12 17:49 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-12 17:49 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-12 17:49 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-12 17:49 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-12 17:49 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-12 17:49 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-12 17:49 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-12 17:49 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-12 17:49 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-12 17:49 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-12 17:49 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-12 17:49 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-12 17:49 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-12 17:49 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-12 17:49 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-12 17:42 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-12 17:06 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-12 17:06 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-12 17:06 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-12 17:06 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-12 17:06 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-12 17:06 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-12 17:06 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-12 17:06 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-12 17:06 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-12 17:06 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-12 17:06 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-12 17:06 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-12 17:06 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-12 17:06 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll ==================== One Month Modified Files and Folders ======= 2014-03-11 09:43 - 2014-03-11 09:43 - 00021499 _____ () C:\Users\Jessy\Desktop\FRST.txt 2014-03-11 09:43 - 2014-03-11 09:43 - 00000000 ____D () C:\FRST 2014-03-11 09:42 - 2014-03-11 09:42 - 01145856 _____ (Farbar) C:\Users\Jessy\Desktop\FRST.exe 2014-03-11 09:41 - 2014-03-11 09:40 - 00000472 _____ () C:\Users\Jessy\Desktop\defogger_disable.log 2014-03-11 09:40 - 2014-03-11 09:40 - 00000000 _____ () C:\Users\Jessy\defogger_reenable 2014-03-11 09:40 - 2009-11-05 20:42 - 00000000 ____D () C:\Users\Jessy 2014-03-11 09:39 - 2014-03-11 09:39 - 00050477 _____ () C:\Users\Jessy\Desktop\Defogger.exe 2014-03-11 09:39 - 2009-07-14 05:34 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-11 09:39 - 2009-07-14 05:34 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-11 09:36 - 2009-11-05 20:45 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-11 09:36 - 2009-05-11 20:38 - 01750315 _____ () C:\Windows\WindowsUpdate.log 2014-03-11 09:34 - 2014-02-19 17:33 - 00000000 ____D () C:\ProgramData\Datamngr 2014-03-11 09:33 - 2014-03-11 09:32 - 00000224 _____ () C:\Windows\setupact.log 2014-03-11 09:33 - 2010-10-26 13:46 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-11 09:32 - 2014-03-11 09:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-11 09:32 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-11 09:31 - 2014-03-11 09:31 - 00000568 _____ () C:\Windows\PFRO.log 2014-03-11 09:31 - 2009-11-05 21:57 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-11 09:16 - 2013-09-25 06:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-11 08:58 - 2010-10-26 13:46 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-10 09:50 - 2014-03-11 09:30 - 00000426 _____ () C:\AVScanner.ini 2014-03-10 09:49 - 2014-03-10 09:49 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-10 09:49 - 2012-04-09 14:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-10 09:49 - 2011-07-12 07:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-10 09:49 - 2009-12-01 18:13 - 00000000 ____D () C:\Users\Jessy\AppData\Local\Adobe 2014-03-08 10:58 - 2009-05-11 21:34 - 00000000 ____D () C:\Windows\Panther 2014-03-04 08:29 - 2014-03-04 08:29 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-04 08:29 - 2010-10-26 13:45 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-04 08:29 - 2010-10-26 13:45 - 00000000 ___RD () C:\Program Files\Skype 2014-03-04 08:29 - 2010-10-26 13:45 - 00000000 ____D () C:\ProgramData\Skype 2014-03-04 08:03 - 2011-10-21 04:42 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-01 16:37 - 2014-03-05 21:51 - 266282340 ____N () C:\Users\Jessy\Desktop\20140301_163406.mp4 2014-03-01 16:29 - 2014-03-05 21:50 - 240251425 ____N () C:\Users\Jessy\Desktop\20140301_162610.mp4 2014-03-01 05:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-23 19:16 - 2014-02-16 21:34 - 00000000 ____D () C:\Users\Jessy\AppData\Roaming\FreeVideoConverter 2014-02-21 12:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-02-19 22:21 - 2012-08-28 08:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-19 22:19 - 2014-02-19 22:19 - 00007602 _____ () C:\Users\Jessy\AppData\Local\Resmon.ResmonCfg 2014-02-19 22:11 - 2014-02-19 22:11 - 00000494 _____ () C:\Users\Jessy\Desktop\Lokaler Datenträger (E) - Verknüpfung.lnk 2014-02-19 18:29 - 2014-02-19 18:29 - 00000000 ____D () C:\ProgramData\BrowserProtect 2014-02-19 18:29 - 2014-02-19 18:29 - 00000000 ____D () C:\ProgramData\Browser Manager 2014-02-19 18:29 - 2014-02-19 18:29 - 00000000 ____D () C:\ProgramData\BitGuard 2014-02-19 18:20 - 2014-02-19 18:20 - 00000936 _____ () C:\Users\Jessy\Desktop\Öko - Verknüpfung.lnk 2014-02-19 18:19 - 2014-02-19 18:19 - 00000494 _____ () C:\Users\Jessy\Desktop\Lokaler Datenträger (D) - Verknüpfung.lnk 2014-02-19 17:58 - 2014-02-19 17:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-19 17:34 - 2014-02-19 17:34 - 00001163 _____ () C:\Users\Jessy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Video Converter.lnk 2014-02-19 17:33 - 2014-02-19 17:33 - 00000000 ____D () C:\ProgramData\Wincert 2014-02-19 17:33 - 2014-02-19 17:33 - 00000000 ____D () C:\Program Files\Movies Toolbar 2014-02-19 17:33 - 2014-02-16 21:34 - 00001099 _____ () C:\Users\Jessy\Desktop\Free Video Converter.lnk 2014-02-19 17:33 - 2014-02-16 21:34 - 00000000 ____D () C:\Program Files\Windows Searchqu Toolbar 2014-02-19 17:33 - 2014-02-16 21:34 - 00000000 ____D () C:\Program Files\Free Video Converter 2014-02-19 09:48 - 2009-11-09 22:10 - 00000000 ____D () C:\Users\Jessy\Desktop\Patty 2014-02-18 11:20 - 2014-02-16 21:34 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-02-18 07:31 - 2014-02-18 07:30 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-02-18 07:31 - 2013-11-27 09:35 - 00000000 ____D () C:\ProgramData\Oracle 2014-02-18 07:31 - 2012-06-17 07:21 - 00000000 ____D () C:\Program Files\Java 2014-02-17 20:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2014-02-12 17:47 - 2013-08-15 11:37 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-12 17:45 - 2010-10-27 15:37 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-12 17:41 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE Files to move or delete: ==================== C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll C:\Users\Jessy\Dropbox%200.7.110.exe C:\Users\Jessy\Firefox_Setup_7.0.1.exe C:\Users\Jessy\TagesSetup.exe Some content of TEMP: ==================== C:\Users\Jessy\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-18 20:00 ==================== End Of Log ============================ Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2014 Ran by Jessy at 2014-03-11 09:44:08 Running from C:\Users\Jessy\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version: - ) AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version: - ) ANNO 1404 (HKLM\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.03.0000 - Ubisoft) Anno 1404 (Version: 1.00.0000 - Ubisoft) Hidden Anno 1701 (HKLM\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.00 - Sunflowers) ANNO 2070 (HKLM\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft) ANSTOSS 3 (HKLM\...\ANSTOSS 3_is1) (Version: - ) Art Mahjongg (HKCU\...\Art Mahjongg) (Version: - ) Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.5.0 - Ask.com) <==== ATTENTION Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.38 - Atheros Communications Inc.) Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira) Avira SearchFree Toolbar plus Web Protection Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.1.26360 - Ask.com) <==== ATTENTION Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform) Chemland6 (HKLM\...\Chemland6) (Version: - ) Content Manager 2 (HKLM\...\Content Manager 2) (Version: 3.10.0.52790 - NNG Llc.) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Das Vermächtnis: Testament of Sin (HKLM\...\Chronicles of Mystery/DE-German_is1) (Version: - City Interactive) Der Schreibtrainer 3.7 (HKLM\...\Der Schreibtrainer) (Version: - ) Die Kunst des Mordens: Der Marionettenspieler (HKLM\...\Art of Murder 2/DE-German_is1) (Version: - City Interactive) Die Legende von Pocahontas (HKLM\...\{00B52299-F42A-40C3-8232-F987B86E3FD6}_is1) (Version: - cerasus.media GmbH) Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.48.5 - Electronic Arts) Die Sims™ 3 Einfach tierisch (HKLM\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) Die Sims™ 3 Late Night (HKLM\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts) Die Sims™ 3 Luxus-Accessoires (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.13.1 - Electronic Arts) Die Sims™ 3 Reiseabenteuer (HKLM\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.17.2 - Electronic Arts) Die Sims™ 3 Stadt-Accessoires (HKLM\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts) Die Sims™ 3 Traumkarrieren (HKLM\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts) Die Sims™ 3 Traumsuite-Accessoires (HKLM\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts) Document Express DjVu Plug-in (HKLM\...\{749205D2-2B9F-467E-891E-93BF75DF6949}) (Version: 6.1.25349 - Caminova, Inc.) Drakensang - DEMO (HKLM\...\Drakensang - DEMO_is1) (Version: - dtp) EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation) EXPERTool 7.5 (HKLM\...\EXPERTool_is1) (Version: - Gainward Co., Ltd) FILEminimizer Pictures (HKLM\...\FILEminimizer Pictures_is1) (Version: - balesio AG) FileZilla Client 3.7.2 (HKLM\...\FileZilla Client) (Version: 3.7.2 - Tim Kosse) Free Video Converter V 3.2 (HKLM\...\Free Video Converter_is1) (Version: 3.2.0.0 - Koyote Soft) Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden Gothic (HKLM\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version: - ) Gothic 3 (HKLM\...\{17BADF87-3597-46FE-8D74-69C4FA78883E}) (Version: 1.0.0 - JoWood) Gothic_Patch (HKLM\...\{302AC480-43D2-11D5-A818-00500435FC18}) (Version: - ) Heroes of Might and Magic V (HKLM\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version: - ) Hotel Gigant 2 (HKLM\...\{83DD8CC8-522E-4B75-836F-8775FDA4B5AB}) (Version: 1.00 - Nobilis) HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{FBBA35E1-9449-4902-8A0F-89252C0C1407}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Officejet 6500 E710a-f Hilfe (HKLM\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard) HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Marketsplash Schnellzugriffe (HKLM\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard) Memento Mori (HKLM\...\Memento Mori_is1) (Version: - dtp) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version: - ) Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Movies Toolbar for Firefox (Dist. by Koyote-Lab, Inc.) (HKLM\...\koyotesoftmoviestoolbarhaFF) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION Movies Toolbar for Internet Explorer (Dist. by Koyote-Lab, Inc.) (HKLM\...\koyotesoftmoviestoolbarhaIE) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.) NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM\...\InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.01.10 - NETGEAR) NETGEAR WG111v3 wireless USB 2.0 adapter (Version: 1.01.10 - NETGEAR) Hidden NVIDIA 3D Vision Controller-Treiber 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation) NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden O&O MediaRecovery (HKLM\...\{53480870-02D8-48FB-BC27-72C956885168}) (Version: 4.1.1322 - O&O Software GmbH) OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) Origin (HKLM\...\Origin) (Version: 8.3.0.3527 - Electronic Arts, Inc.) PDF Blender (HKLM\...\PDF Blender) (Version: - ) Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH) PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden RAD Video Tools (HKLM\...\RADVideo) (Version: - ) Robinson Crusoe (HKLM\...\{7DF5A0FE-EEC4-439A-A3B5-DF91958DD5A7}_is1) (Version: - cerasus.media GmbH) Sacred Underworld (HKLM\...\Sacred Underworld_is1) (Version: - Ascaron Entertainment GmbH) secrets of tahiti (HKLM\...\secrets of tahiti) (Version: - ) SilverCrest OMC807 Driver (HKLM\...\{C786FE11-22AF-4B6C-B122-9C4A6D012E67}) (Version: 2.0 - SilverCrest) Skype Toolbars (HKLM\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4126 - Skype Technologies S.A.) Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten (HKLM\...\{01E6B88D-32B1-4848-9AC7-7E2CB093EF04}) (Version: 22.50.231.0 - Hewlett-Packard Co.) SweetIM for Messenger 3.2 (HKLM\...\{08ED8855-4C2E-429B-A878-F129E1F624FA}) (Version: 3.2.0004 - SweetIM Technologies Ltd.) <==== ATTENTION SweetIM Toolbar for Internet Explorer 3.9 (HKLM\...\{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}) (Version: 3.9.0007 - SweetIM Technologies Ltd.) <==== ATTENTION Syberia (HKLM\...\{6D582ED7-E2D2-44C7-B421-9E6825917834}) (Version: 1.00.0000 - PurpleHills) Syberia 2 (HKLM\...\{D7F35851-A0FD-4C92-B6BB-B3824500CDF0}) (Version: 1.00.0000 - PurpleHills) TIPP10 Version 2.1.0 (HKLM\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions) Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) VLC media player 1.1.4 (HKLM\...\VLC media player) (Version: 1.1.4 - VideoLAN) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Zoo Safari (HKLM\...\Zoo Safari_is1) (Version: - rondomedia Marketing & Vertriebs GmbH) ==================== Restore Points ========================= 25-02-2014 06:34:18 Windows Update 26-02-2014 07:18:09 Windows Update 04-03-2014 07:28:36 Windows Update 10-03-2014 08:52:14 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {04000951-C623-4BE2-A163-895397E0B67B} - System32\Tasks\{8355A0EB-AC94-4E7A-A34D-DD99E76DBBD3} => D:\Jessys Spiele\Empires.exe Task: {0F6023F8-48BE-4955-A753-7FAB3C19992F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-26] (Google Inc.) Task: {11796EF0-D435-4091-B37B-4ACC4D9C9B9C} - System32\Tasks\{7F75B4ED-69CE-4513-AF5F-47D7465C70BF} => C:\Users\Jessy\Desktop\MTS_FordGT90Concept_1225521_ts3_patch_downloader\TS3PD.exe Task: {1AA0F1B3-6B38-4AED-9331-084172685A65} - System32\Tasks\{CC28C218-C98A-4E4D-B654-5D48C522872C} => C:\Users\Jessy\Desktop\Installationsprogramm für Adobe Reader 9\Setup.exe Task: {4E46B2C3-87BB-478C-B7AB-F1941618BFF1} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-08-22] () <==== ATTENTION Task: {544BD2E4-3BE2-466E-85D3-C0EB5FC3885B} - System32\Tasks\{969656E3-2652-4E48-8B40-0D58B741816A} => D:\Jessys Spiele\Empires.exe Task: {6CEBFF11-AC1F-484F-B527-DBC926764449} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-10] (Adobe Systems Incorporated) Task: {7CA27AAE-74A3-412E-9FF2-64E8C5A44908} - System32\Tasks\{8124B740-6764-4C0F-8CFD-E18890219E13} => C:\Users\Jessy\Desktop\MTS_FordGT90Concept_1225521_ts3_patch_downloader\TS3PD.exe Task: {90B20470-C35A-458E-8284-239A567A8000} - System32\Tasks\{82290852-15E8-4943-95C6-420DDB2C2976} => C:\Users\Jessy\Desktop\Installationsprogramm für Adobe Reader 9\Setup.exe Task: {9572AE09-7804-4D3C-A432-87E9E073A749} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {B674979B-5D00-43F1-BF24-2D0F53101C07} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.) Task: {BCD6B4DB-EA1F-4807-89D7-C9153599D027} - System32\Tasks\{53B708F6-74B1-4079-8701-0A589952B230} => D:\Jessys Spiele\Empires.exe Task: {BFC43F8D-7DF1-4AFD-B47F-ECAA6218A5EE} - System32\Tasks\{887AC465-8BED-4F0B-8AFB-E964D1CD660D} => D:\Jessys Spiele\Empires.exe Task: {C4F64E92-F137-4FD2-AC48-7F7B1407DD39} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-26] (Google Inc.) Task: {CD803EB7-AB06-4CA0-BBE9-6EB111B56296} - System32\Tasks\{73DF0415-5666-44B9-9EDE-45D163C0597A} => D:\Jessys Spiele\system\gothic.exe [2006-01-12] (Piranha Bytes) Task: {D7179AFD-6F6B-4B34-89B0-B631E356EBAC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {E0FC1884-1FAE-4A2E-8A68-51190743AE5F} - System32\Tasks\{66210722-70CB-4F94-91A0-25AACFA6963C} => C:\Users\Jessy\Desktop\Installationsprogramm für Adobe Reader 9\Setup.exe Task: {EEC779FA-18DE-493C-A329-2AA54FEFA8DB} - System32\Tasks\{986DE633-48CA-4FBC-AFB6-F21BC7AF72DD} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.) Task: {FA7E250A-3B8D-4982-AE3B-3542911644CA} - System32\Tasks\{0CFB9E31-8300-4B2D-B0CE-B95F6A9A9C94} => C:\Users\Jessy\Desktop\Installationsprogramm für Adobe Reader 9\Setup.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-19 17:33 - 2014-02-05 19:54 - 00486408 _____ () C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll 2012-11-18 09:03 - 2013-01-18 15:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2013-03-15 11:33 - 2013-03-15 11:29 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 2014-02-19 17:33 - 2014-02-05 19:54 - 00019976 _____ () C:\Program Files\Movies Toolbar\Datamngr\mgrldr.dll 2010-11-10 07:53 - 2009-08-20 01:19 - 00074984 _____ () E:\FILEminimizer Pictures\FILEMShell.dll 2009-11-05 20:50 - 2008-03-17 10:50 - 00069632 ____R () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll 2009-11-05 20:50 - 2009-01-06 10:11 - 00090112 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll 2009-11-05 20:50 - 2008-02-14 06:57 - 00094208 ____R () C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll 2011-04-13 06:57 - 2010-08-30 08:24 - 00049152 _____ () C:\Program Files\SilverCrest OMC807 Driver\UniFunc.dll 2013-11-04 12:24 - 2013-11-04 12:24 - 00007168 _____ () C:\ProgramData\Wincert\win32cert.dll 2013-11-04 12:24 - 2013-11-04 12:24 - 00078336 _____ () C:\ProgramData\Wincert\win32prop.dll 2009-11-05 20:54 - 1998-10-31 10:55 - 00005120 _____ () C:\Program Files\EXPERTool\TBManage.dll 2008-06-13 15:24 - 2008-06-13 15:24 - 02109440 _____ () C:\Program Files\NETGEAR\WG111v3\WG111v3.exe 2014-02-19 17:58 - 2014-02-19 17:58 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-02-21 12:16 - 2014-03-10 09:49 - 16265096 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/08/2014 09:01:14 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden. Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet. ], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet. ], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist. ], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet. ]. Vorgang: Asynchroner Vorgang wird ausgeführt Kontext: Aktueller Status: DoSnapshotSet Error: (03/08/2014 09:01:14 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten. Fehlerkontext: DeviceIoControl(\\?\Volume{e5c71451-3e62-11de-8519-806e6f6e6963} - 0000010C,0x0053c010,002CC3B8,0,002CD3C0,4096,[0]). Vorgang: Schattenkopien werden übertragen Kontext: Ausführungskontext: System Provider Error: (03/07/2014 08:35:53 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 27.0.1.5156, Zeitstempel: 0x52fc0faa Name des fehlerhaften Moduls: xul.dll, Version: 27.0.1.5156, Zeitstempel: 0x52fc0f79 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001560c7 ID des fehlerhaften Prozesses: 0x11ac Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (02/22/2014 11:33:17 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 27.0.1.5156, Zeitstempel: 0x52fc0faa Name des fehlerhaften Moduls: xul.dll, Version: 27.0.1.5156, Zeitstempel: 0x52fc0f79 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001560c7 ID des fehlerhaften Prozesses: 0x7c4 Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (02/21/2014 02:39:25 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/18/2014 08:04:01 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/17/2014 08:37:26 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (01/19/2014 05:43:36 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273 Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0014e1a8 ID des fehlerhaften Prozesses: 0x53c Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (01/17/2014 09:09:43 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273 Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0014e1a8 ID des fehlerhaften Prozesses: 0x458 Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (01/12/2014 06:12:58 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: anstoss3.exe, Version: 1.1.0.0, Zeitstempel: 0x3f02fbca Name des fehlerhaften Moduls: anstoss3.exe, Version: 1.1.0.0, Zeitstempel: 0x3f02fbca Ausnahmecode: 0xc0000005 Fehleroffset: 0x00236641 ID des fehlerhaften Prozesses: 0x11b0 Startzeit der fehlerhaften Anwendung: 0xanstoss3.exe0 Pfad der fehlerhaften Anwendung: anstoss3.exe1 Pfad des fehlerhaften Moduls: anstoss3.exe2 Berichtskennung: anstoss3.exe3 System errors: ============= Error: (03/11/2014 09:34:55 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (03/11/2014 09:34:55 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (03/11/2014 08:17:51 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (03/11/2014 08:17:51 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (03/10/2014 08:16:24 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (03/10/2014 08:16:24 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (03/09/2014 09:53:01 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (03/09/2014 09:53:01 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (03/08/2014 08:35:39 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (03/08/2014 08:35:39 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Microsoft Office Sessions: ========================= Error: (03/27/2011 10:03:14 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/27/2011 09:49:01 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/27/2011 08:33:35 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/27/2011 08:33:23 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/04/2011 03:57:47 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/04/2011 03:57:32 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/04/2011 03:57:27 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/04/2011 03:26:12 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/04/2011 03:18:14 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/14/2011 01:44:38 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 3327.05 MB Available physical RAM: 2023.55 MB Total Pagefile: 6652.4 MB Available Pagefile: 5155.1 MB Total Virtual: 2047.88 MB Available Virtual: 1905.21 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:146.39 GB) (Free:50.63 GB) NTFS Drive d: () (Fixed) (Total:159.64 GB) (Free:132.88 GB) NTFS Drive e: () (Fixed) (Total:159.64 GB) (Free:104.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 13712AFD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=160 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=160 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-03-11 10:53:16 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD502HI rev.1AG01118 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\Jessy\AppData\Local\Temp\fgloypoc.sys ---- System - GMER 2.1 ---- SSDT 9809E92E ZwCreateSection SSDT 9809E938 ZwRequestWaitReplyPort SSDT 9809E933 ZwSetContextThread SSDT 9809E93D ZwSetSecurityObject SSDT 9809E942 ZwSystemDebugControl SSDT 9809E8CF ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82E75A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EAF212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82EB658C 4 Bytes [2E, E9, 09, 98] .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82EB68E8 4 Bytes JMP D2AA00F6 .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82EB692C 4 Bytes [33, E9, 09, 98] .text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82EB69A8 4 Bytes [3D, E9, 09, 98] .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82EB69FC 4 Bytes [42, E9, 09, 98] .text ... .vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0x9E02769D] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9F822300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9F865300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] ntdll.dll!NtCreateDirectoryObject 77B055C8 5 Bytes JMP 73201700 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] ntdll.dll!NtCreateFile 77B05608 5 Bytes JMP 73201600 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] ntdll.dll!NtDeleteFile 77B05848 5 Bytes JMP 73201680 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] ntdll.dll!NtOpenDirectoryObject 77B05CD8 5 Bytes JMP 73201740 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] ntdll.dll!NtOpenFile 77B05D18 5 Bytes JMP 732016B0 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] ntdll.dll!NtSetInformationFile 77B06678 5 Bytes JMP 73201780 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] ntdll.dll!NtTerminateProcess 77B06908 5 Bytes JMP 73202AD0 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WININET.dll!InternetOpenW 77942991 3 Bytes JMP 73202010 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WININET.dll!InternetOpenW + 4 77942995 1 Byte [FB] .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WININET.dll!InternetAttemptConnect 779DD4A3 5 Bytes JMP 73202030 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WININET.dll!InternetCheckConnectionW 779DE615 5 Bytes JMP 73202020 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WININET.dll!InternetGoOnlineW 779E19A6 5 Bytes JMP 73202020 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] advapi32.DLL!RegDeleteKeyTransactedW 75E3A88A 5 Bytes JMP 73203AF0 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] advapi32.DLL!RegDeleteKeyExW 75E3A965 5 Bytes JMP 73203AB0 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] advapi32.DLL!RegDeleteValueW 75E3CED1 5 Bytes JMP 73203A10 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] advapi32.DLL!RegDeleteKeyW 75E411F2 7 Bytes JMP 73203A70 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] advapi32.DLL!RegSetValueExW 75E41456 5 Bytes JMP 732034B0 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] advapi32.DLL!RegSetKeyValueW 75E57118 5 Bytes JMP 732037F0 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] advapi32.DLL!RegSetValueW 75E5A622 5 Bytes JMP 73203660 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] advapi32.DLL!RegDeleteTreeW 75E735AF 5 Bytes JMP 73203B40 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] advapi32.DLL!RegDeleteKeyValueW 75E8FA2F 5 Bytes JMP 732039A0 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WS2_32.dll!WSAStartup 766C3AB2 7 Bytes JMP 732020B0 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WS2_32.dll!WSASocketW 766C3CD3 7 Bytes JMP 732020A0 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WS2_32.dll!socket 766C3EB8 5 Bytes JMP 73202040 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WS2_32.dll!bind 766C4582 5 Bytes JMP 73202040 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WS2_32.dll!connect 766C6BDD 5 Bytes JMP 73202040 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WS2_32.dll!listen 766CB001 5 Bytes JMP 73202060 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WS2_32.dll!WSAConnect 766CCC3F 5 Bytes JMP 73202070 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WS2_32.dll!WSAConnectByList 766DBFDD 5 Bytes JMP 73202080 C:\PROGRA~2\Wincert\win32prop.dll .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WS2_32.dll!WSAConnectByNameW 766DC52F 5 Bytes JMP 73202090 C:\PROGRA~2\Wincert\win32prop.dll ---- EOF - GMER 2.1 ---- |
Themen zu Win 7: Bei Facebook-Spiel Weiterleitung auf Website zur Aktualisierung des Flash Players und unerwünschte Werbung |
antivir, ausgelastet, avira, bingbar, email, error, fehler, firefox, flash player, google, homepage, launch, mozilla, ntdll.dll, officejet, pup.optional.bandoo.a, pup.optional.datamngr.a, pup.optional.moviestoolbar.a, pup.optional.searchqu, pup.optional.searchqu.a, pup.optional.sweetim, pup.optional.sweetim.a, registry, security, software, system, unerwünschte werbung, usb, werbung, windows |