| |
| |||||||
Log-Analyse und Auswertung: Win 7: Bei Facebook-Spiel Weiterleitung auf Website zur Aktualisierung des Flash Players und unerwünschte WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.03.2014, 11:33
| #1 |
| |  Win 7: Bei Facebook-Spiel Weiterleitung auf Website zur Aktualisierung des Flash Players und unerwünschte Werbung Hallo, seit einigen Tagen hat sich seltsame Werbung auf meinen PC geschlichen, egal auf welche Website ich gehe. Angefangen hat es damit, dass ich während eines Spiels auf Facebook (Pioneer Trail) auf einmal auf eine Website weitergeleitet wurde, die mir sagte, ich solle meinen Flash Player aktualisieren. Ich habe nichts von dieser Seite installiert, sondern sie gleich weg geklickt. Ich weiß auch, dass mein Player aktuell ist. Aber ich werde immer wieder auf diese Seite weitergeleitet, inzwischen auch wenn nicht spiele und nur durchs Internet surfe. Ich fürchte, ich habe mir einen Virus oder so eingefangen, mein AntiVir findet aber nichts und sagt alles sei sauber. Ich habe zwischendurch auch den CCleaner laufen lassen, das hat aber auch nicht viel gebracht. Dankeschön schon mal! Defogger.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:41 on 11/03/2014 (Jessy)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2014
Ran by Jessy (administrator) on JESSY-PC on 11-03-2014 09:43:11
Running from C:\Users\Jessy\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Koyote-Lab Inc.) C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(Koyote-Lab Inc.) C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Koyote-Lab Inc.) C:\Program Files\Movies Toolbar\Datamngr\DatamngrUI.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Siliten) C:\Program Files\SilverCrest OMC807 Driver\MouClient_FD2_9063RL.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Gainward Co.) C:\Program Files\EXPERTool\TBPANEL.exe
(LG Electronics) C:\Users\Jessy\Bluebirds\BlueBirds.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [17154048 2009-03-31] (VIA)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Launch SilverCrest OMC807] - C:\Program Files\SilverCrest OMC807 Driver\MouClient_FD2_9063RL.exe [860672 2010-08-30] (Siliten)
HKLM\...\Run: [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe [111928 2010-06-07] (SweetIM Technologies Ltd.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1573584 2012-08-22] (Ask)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-444858187-217174955-1083293144-1000\...\Run: [GAINWARD] - C:\Program Files\EXPERTool\TBPanel.exe [2181672 2009-05-12] (Gainward Co.)
HKU\S-1-5-21-444858187-217174955-1083293144-1000\...\Run: [bluebirds] - C:\Users\Jessy\Bluebirds\BlueBirds.exe [270336 2009-04-29] (LG Electronics)
HKU\S-1-5-21-444858187-217174955-1083293144-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-26] (Google Inc.)
HKU\S-1-5-21-444858187-217174955-1083293144-1000\...\Run: [EPSON Stylus Photo R265 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE [139264 2006-05-19] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-444858187-217174955-1083293144-1000\...\MountPoints2: {4616de17-6be1-11e0-9a90-806e6f6e6963} - F:\BlueBirds.exe
HKU\S-1-5-21-444858187-217174955-1083293144-1000\...\MountPoints2: {e5c71457-3e62-11de-8519-806e6f6e6963} - G:\BlueBirds.exe
AppInit_DLLs: C:\PROGRA~2\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-11-04] ()
AppInit_DLLs: C:\PROGRA~1\MOVIES~1\Datamngr\mgrldr.dll => C:\Program Files\Movies Toolbar\Datamngr\mgrldr.dll [19976 2014-02-05] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll [486408 2014-02-05] () <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?o=APN10649A&gct=hp&d=414-0&v=u11465-263&t=4
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=414&v=u11465-263&apn_uid=2782881527914174&apn_dtid=BND414&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=414&v=u11465-263&apn_uid=2782881527914174&apn_dtid=BND414&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
SearchScopes: HKCU - {5A4E8318-D731-4B22-A324-070CFB155336} URL = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=414&v=u11465-263&apn_uid=2782881527914174&apn_dtid=BND414&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Movies Toolbar (Dist. by Koyote-Lab, Inc.) - {e5d4f4fd-a039-4670-8354-633c30a5f54e} - C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
BHO: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKLM - Movies Toolbar (Dist. by Koyote-Lab, Inc.) - {e5d4f4fd-a039-4670-8354-633c30a5f54e} - C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
Toolbar: HKCU - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
FireFox:
========
FF ProfilePath: C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\vimzzb92.Jessy
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=B0C06E25-60B3-48FC-B02A-E3248A0C48A0&apn_ptnrs=^AGS&apn_sauid=6BBA1B91-6AF5-418C-8312-843C47DC52F0&apn_dtid=^YYYYYY^YY^DE&&q=
FF NetworkProxy: "backup.ftp", "119.30.39.1"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "119.30.39.1"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "119.30.39.1"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "119.30.39.1"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "119.30.39.1"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "119.30.39.1"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "119.30.39.1"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jessy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll (Caminova, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\vimzzb92.Jessy\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\vimzzb92.Jessy\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\vimzzb92.Jessy\Extensions\artur.dubovoy@gmail.com [2014-03-11]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\vimzzb92.Jessy\Extensions\toolbar@ask.com [2013-03-15]
FF Extension: DownloadHelper - C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\vimzzb92.Jessy\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-19]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-19]
Chrome:
=======
CHR HomePage: hxxp://www.searchnu.com/414
CHR RestoreOnStartup: "hxxp://www.searchnu.com/414"
CHR DefaultSearchProvider: Search Results
CHR DefaultSearchURL: hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=414&sr=0&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Jessy\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.5.0.crx [2013-03-15]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 DatamngrCoordinator; C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [3449864 2014-02-05] (Koyote-Lab Inc.)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
R2 HPSLPSVC; C:\Users\Jessy\AppData\Local\Temp\7zS5D4D\hpslpsvc32.dll [701288 2011-11-14] (Hewlett-Packard Co.)
==================== Drivers (Whitelisted) ====================
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-11-10] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48128 2008-09-23] (Atheros Communications, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-11-10] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [376832 2009-11-18] (NETGEAR Inc. )
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-15] (Avira GmbH)
R2 TBPanel; C:\Windows\system32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1007104 2009-03-26] (VIA Technologies, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-11 09:43 - 2014-03-11 09:43 - 00021499 _____ () C:\Users\Jessy\Desktop\FRST.txt
2014-03-11 09:43 - 2014-03-11 09:43 - 00000000 ____D () C:\FRST
2014-03-11 09:42 - 2014-03-11 09:42 - 01145856 _____ (Farbar) C:\Users\Jessy\Desktop\FRST.exe
2014-03-11 09:40 - 2014-03-11 09:41 - 00000472 _____ () C:\Users\Jessy\Desktop\defogger_disable.log
2014-03-11 09:40 - 2014-03-11 09:40 - 00000000 _____ () C:\Users\Jessy\defogger_reenable
2014-03-11 09:39 - 2014-03-11 09:39 - 00050477 _____ () C:\Users\Jessy\Desktop\Defogger.exe
2014-03-11 09:32 - 2014-03-11 09:33 - 00000224 _____ () C:\Windows\setupact.log
2014-03-11 09:32 - 2014-03-11 09:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-11 09:31 - 2014-03-11 09:31 - 00000568 _____ () C:\Windows\PFRO.log
2014-03-11 09:30 - 2014-03-10 09:50 - 00000426 _____ () C:\AVScanner.ini
2014-03-10 09:49 - 2014-03-10 09:49 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-05 21:51 - 2014-03-01 16:37 - 266282340 ____N () C:\Users\Jessy\Desktop\20140301_163406.mp4
2014-03-05 21:50 - 2014-03-01 16:29 - 240251425 ____N () C:\Users\Jessy\Desktop\20140301_162610.mp4
2014-03-04 08:29 - 2014-03-04 08:29 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-19 22:19 - 2014-02-19 22:19 - 00007602 _____ () C:\Users\Jessy\AppData\Local\Resmon.ResmonCfg
2014-02-19 22:11 - 2014-02-19 22:11 - 00000494 _____ () C:\Users\Jessy\Desktop\Lokaler Datenträger (E) - Verknüpfung.lnk
2014-02-19 18:29 - 2014-02-19 18:29 - 00000000 ____D () C:\ProgramData\BrowserProtect
2014-02-19 18:29 - 2014-02-19 18:29 - 00000000 ____D () C:\ProgramData\Browser Manager
2014-02-19 18:29 - 2014-02-19 18:29 - 00000000 ____D () C:\ProgramData\BitGuard
2014-02-19 18:20 - 2014-02-19 18:20 - 00000936 _____ () C:\Users\Jessy\Desktop\Öko - Verknüpfung.lnk
2014-02-19 18:19 - 2014-02-19 18:19 - 00000494 _____ () C:\Users\Jessy\Desktop\Lokaler Datenträger (D) - Verknüpfung.lnk
2014-02-19 17:58 - 2014-02-19 17:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-19 17:34 - 2014-02-19 17:34 - 00001163 _____ () C:\Users\Jessy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Video Converter.lnk
2014-02-19 17:33 - 2014-03-11 09:34 - 00000000 ____D () C:\ProgramData\Datamngr
2014-02-19 17:33 - 2014-02-19 17:33 - 00000000 ____D () C:\ProgramData\Wincert
2014-02-19 17:33 - 2014-02-19 17:33 - 00000000 ____D () C:\Program Files\Movies Toolbar
2014-02-18 07:31 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-18 07:31 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-18 07:31 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-18 07:31 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-18 07:30 - 2014-02-18 07:31 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-02-16 21:34 - 2014-02-23 19:16 - 00000000 ____D () C:\Users\Jessy\AppData\Roaming\FreeVideoConverter
2014-02-16 21:34 - 2014-02-19 17:33 - 00001099 _____ () C:\Users\Jessy\Desktop\Free Video Converter.lnk
2014-02-16 21:34 - 2014-02-19 17:33 - 00000000 ____D () C:\Program Files\Windows Searchqu Toolbar
2014-02-16 21:34 - 2014-02-19 17:33 - 00000000 ____D () C:\Program Files\Free Video Converter
2014-02-16 21:34 - 2014-02-18 11:20 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-12 17:49 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 17:49 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 17:49 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 17:49 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 17:49 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 17:49 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 17:49 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 17:49 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 17:49 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 17:49 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 17:49 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 17:49 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 17:49 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 17:49 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 17:49 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 17:49 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 17:49 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 17:49 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 17:49 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 17:49 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 17:49 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 17:42 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 17:06 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 17:06 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 17:06 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 17:06 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 17:06 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 17:06 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 17:06 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 17:06 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 17:06 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 17:06 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 17:06 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 17:06 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 17:06 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 17:06 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
==================== One Month Modified Files and Folders =======
2014-03-11 09:43 - 2014-03-11 09:43 - 00021499 _____ () C:\Users\Jessy\Desktop\FRST.txt
2014-03-11 09:43 - 2014-03-11 09:43 - 00000000 ____D () C:\FRST
2014-03-11 09:42 - 2014-03-11 09:42 - 01145856 _____ (Farbar) C:\Users\Jessy\Desktop\FRST.exe
2014-03-11 09:41 - 2014-03-11 09:40 - 00000472 _____ () C:\Users\Jessy\Desktop\defogger_disable.log
2014-03-11 09:40 - 2014-03-11 09:40 - 00000000 _____ () C:\Users\Jessy\defogger_reenable
2014-03-11 09:40 - 2009-11-05 20:42 - 00000000 ____D () C:\Users\Jessy
2014-03-11 09:39 - 2014-03-11 09:39 - 00050477 _____ () C:\Users\Jessy\Desktop\Defogger.exe
2014-03-11 09:39 - 2009-07-14 05:34 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-11 09:39 - 2009-07-14 05:34 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-11 09:36 - 2009-11-05 20:45 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-11 09:36 - 2009-05-11 20:38 - 01750315 _____ () C:\Windows\WindowsUpdate.log
2014-03-11 09:34 - 2014-02-19 17:33 - 00000000 ____D () C:\ProgramData\Datamngr
2014-03-11 09:33 - 2014-03-11 09:32 - 00000224 _____ () C:\Windows\setupact.log
2014-03-11 09:33 - 2010-10-26 13:46 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-11 09:32 - 2014-03-11 09:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-11 09:32 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-11 09:31 - 2014-03-11 09:31 - 00000568 _____ () C:\Windows\PFRO.log
2014-03-11 09:31 - 2009-11-05 21:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-11 09:16 - 2013-09-25 06:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-11 08:58 - 2010-10-26 13:46 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-10 09:50 - 2014-03-11 09:30 - 00000426 _____ () C:\AVScanner.ini
2014-03-10 09:49 - 2014-03-10 09:49 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-10 09:49 - 2012-04-09 14:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-10 09:49 - 2011-07-12 07:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-10 09:49 - 2009-12-01 18:13 - 00000000 ____D () C:\Users\Jessy\AppData\Local\Adobe
2014-03-08 10:58 - 2009-05-11 21:34 - 00000000 ____D () C:\Windows\Panther
2014-03-04 08:29 - 2014-03-04 08:29 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-04 08:29 - 2010-10-26 13:45 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-04 08:29 - 2010-10-26 13:45 - 00000000 ___RD () C:\Program Files\Skype
2014-03-04 08:29 - 2010-10-26 13:45 - 00000000 ____D () C:\ProgramData\Skype
2014-03-04 08:03 - 2011-10-21 04:42 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-01 16:37 - 2014-03-05 21:51 - 266282340 ____N () C:\Users\Jessy\Desktop\20140301_163406.mp4
2014-03-01 16:29 - 2014-03-05 21:50 - 240251425 ____N () C:\Users\Jessy\Desktop\20140301_162610.mp4
2014-03-01 05:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-23 19:16 - 2014-02-16 21:34 - 00000000 ____D () C:\Users\Jessy\AppData\Roaming\FreeVideoConverter
2014-02-21 12:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-19 22:21 - 2012-08-28 08:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-19 22:19 - 2014-02-19 22:19 - 00007602 _____ () C:\Users\Jessy\AppData\Local\Resmon.ResmonCfg
2014-02-19 22:11 - 2014-02-19 22:11 - 00000494 _____ () C:\Users\Jessy\Desktop\Lokaler Datenträger (E) - Verknüpfung.lnk
2014-02-19 18:29 - 2014-02-19 18:29 - 00000000 ____D () C:\ProgramData\BrowserProtect
2014-02-19 18:29 - 2014-02-19 18:29 - 00000000 ____D () C:\ProgramData\Browser Manager
2014-02-19 18:29 - 2014-02-19 18:29 - 00000000 ____D () C:\ProgramData\BitGuard
2014-02-19 18:20 - 2014-02-19 18:20 - 00000936 _____ () C:\Users\Jessy\Desktop\Öko - Verknüpfung.lnk
2014-02-19 18:19 - 2014-02-19 18:19 - 00000494 _____ () C:\Users\Jessy\Desktop\Lokaler Datenträger (D) - Verknüpfung.lnk
2014-02-19 17:58 - 2014-02-19 17:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-19 17:34 - 2014-02-19 17:34 - 00001163 _____ () C:\Users\Jessy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Video Converter.lnk
2014-02-19 17:33 - 2014-02-19 17:33 - 00000000 ____D () C:\ProgramData\Wincert
2014-02-19 17:33 - 2014-02-19 17:33 - 00000000 ____D () C:\Program Files\Movies Toolbar
2014-02-19 17:33 - 2014-02-16 21:34 - 00001099 _____ () C:\Users\Jessy\Desktop\Free Video Converter.lnk
2014-02-19 17:33 - 2014-02-16 21:34 - 00000000 ____D () C:\Program Files\Windows Searchqu Toolbar
2014-02-19 17:33 - 2014-02-16 21:34 - 00000000 ____D () C:\Program Files\Free Video Converter
2014-02-19 09:48 - 2009-11-09 22:10 - 00000000 ____D () C:\Users\Jessy\Desktop\Patty
2014-02-18 11:20 - 2014-02-16 21:34 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-18 07:31 - 2014-02-18 07:30 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-02-18 07:31 - 2013-11-27 09:35 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-18 07:31 - 2012-06-17 07:21 - 00000000 ____D () C:\Program Files\Java
2014-02-17 20:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-12 17:47 - 2013-08-15 11:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 17:45 - 2010-10-27 15:37 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 17:41 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
Files to move or delete:
====================
C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll
C:\Users\Jessy\Dropbox%200.7.110.exe
C:\Users\Jessy\Firefox_Setup_7.0.1.exe
C:\Users\Jessy\TagesSetup.exe
Some content of TEMP:
====================
C:\Users\Jessy\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-18 20:00
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2014
Ran by Jessy at 2014-03-11 09:44:08
Running from C:\Users\Jessy\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version: - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version: - )
ANNO 1404 (HKLM\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.03.0000 - Ubisoft)
Anno 1404 (Version: 1.00.0000 - Ubisoft) Hidden
Anno 1701 (HKLM\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.00 - Sunflowers)
ANNO 2070 (HKLM\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
ANSTOSS 3 (HKLM\...\ANSTOSS 3_is1) (Version: - )
Art Mahjongg (HKCU\...\Art Mahjongg) (Version: - )
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.5.0 - Ask.com) <==== ATTENTION
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.38 - Atheros Communications Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.1.26360 - Ask.com) <==== ATTENTION
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Chemland6 (HKLM\...\Chemland6) (Version: - )
Content Manager 2 (HKLM\...\Content Manager 2) (Version: 3.10.0.52790 - NNG Llc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Das Vermächtnis: Testament of Sin (HKLM\...\Chronicles of Mystery/DE-German_is1) (Version: - City Interactive)
Der Schreibtrainer 3.7 (HKLM\...\Der Schreibtrainer) (Version: - )
Die Kunst des Mordens: Der Marionettenspieler (HKLM\...\Art of Murder 2/DE-German_is1) (Version: - City Interactive)
Die Legende von Pocahontas (HKLM\...\{00B52299-F42A-40C3-8232-F987B86E3FD6}_is1) (Version: - cerasus.media GmbH)
Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.48.5 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.13.1 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.17.2 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Document Express DjVu Plug-in (HKLM\...\{749205D2-2B9F-467E-891E-93BF75DF6949}) (Version: 6.1.25349 - Caminova, Inc.)
Drakensang - DEMO (HKLM\...\Drakensang - DEMO_is1) (Version: - dtp)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EXPERTool 7.5 (HKLM\...\EXPERTool_is1) (Version: - Gainward Co., Ltd)
FILEminimizer Pictures (HKLM\...\FILEminimizer Pictures_is1) (Version: - balesio AG)
FileZilla Client 3.7.2 (HKLM\...\FileZilla Client) (Version: 3.7.2 - Tim Kosse)
Free Video Converter V 3.2 (HKLM\...\Free Video Converter_is1) (Version: 3.2.0.0 - Koyote Soft)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Gothic (HKLM\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version: - )
Gothic 3 (HKLM\...\{17BADF87-3597-46FE-8D74-69C4FA78883E}) (Version: 1.0.0 - JoWood)
Gothic_Patch (HKLM\...\{302AC480-43D2-11D5-A818-00500435FC18}) (Version: - )
Heroes of Might and Magic V (HKLM\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version: - )
Hotel Gigant 2 (HKLM\...\{83DD8CC8-522E-4B75-836F-8775FDA4B5AB}) (Version: 1.00 - Nobilis)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{FBBA35E1-9449-4902-8A0F-89252C0C1407}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Hilfe (HKLM\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Marketsplash Schnellzugriffe (HKLM\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
Memento Mori (HKLM\...\Memento Mori_is1) (Version: - dtp)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version: - )
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movies Toolbar for Firefox (Dist. by Koyote-Lab, Inc.) (HKLM\...\koyotesoftmoviestoolbarhaFF) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Movies Toolbar for Internet Explorer (Dist. by Koyote-Lab, Inc.) (HKLM\...\koyotesoftmoviestoolbarhaIE) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM\...\InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.01.10 - NETGEAR)
NETGEAR WG111v3 wireless USB 2.0 adapter (Version: 1.01.10 - NETGEAR) Hidden
NVIDIA 3D Vision Controller-Treiber 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
O&O MediaRecovery (HKLM\...\{53480870-02D8-48FB-BC27-72C956885168}) (Version: 4.1.1322 - O&O Software GmbH)
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Origin (HKLM\...\Origin) (Version: 8.3.0.3527 - Electronic Arts, Inc.)
PDF Blender (HKLM\...\PDF Blender) (Version: - )
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
RAD Video Tools (HKLM\...\RADVideo) (Version: - )
Robinson Crusoe (HKLM\...\{7DF5A0FE-EEC4-439A-A3B5-DF91958DD5A7}_is1) (Version: - cerasus.media GmbH)
Sacred Underworld (HKLM\...\Sacred Underworld_is1) (Version: - Ascaron Entertainment GmbH)
secrets of tahiti (HKLM\...\secrets of tahiti) (Version: - )
SilverCrest OMC807 Driver (HKLM\...\{C786FE11-22AF-4B6C-B122-9C4A6D012E67}) (Version: 2.0 - SilverCrest)
Skype Toolbars (HKLM\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4126 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten (HKLM\...\{01E6B88D-32B1-4848-9AC7-7E2CB093EF04}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
SweetIM for Messenger 3.2 (HKLM\...\{08ED8855-4C2E-429B-A878-F129E1F624FA}) (Version: 3.2.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
SweetIM Toolbar for Internet Explorer 3.9 (HKLM\...\{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}) (Version: 3.9.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
Syberia (HKLM\...\{6D582ED7-E2D2-44C7-B421-9E6825917834}) (Version: 1.00.0000 - PurpleHills)
Syberia 2 (HKLM\...\{D7F35851-A0FD-4C92-B6BB-B3824500CDF0}) (Version: 1.00.0000 - PurpleHills)
TIPP10 Version 2.1.0 (HKLM\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 1.1.4 (HKLM\...\VLC media player) (Version: 1.1.4 - VideoLAN)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zoo Safari (HKLM\...\Zoo Safari_is1) (Version: - rondomedia Marketing & Vertriebs GmbH)
==================== Restore Points =========================
25-02-2014 06:34:18 Windows Update
26-02-2014 07:18:09 Windows Update
04-03-2014 07:28:36 Windows Update
10-03-2014 08:52:14 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {04000951-C623-4BE2-A163-895397E0B67B} - System32\Tasks\{8355A0EB-AC94-4E7A-A34D-DD99E76DBBD3} => D:\Jessys Spiele\Empires.exe
Task: {0F6023F8-48BE-4955-A753-7FAB3C19992F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-26] (Google Inc.)
Task: {11796EF0-D435-4091-B37B-4ACC4D9C9B9C} - System32\Tasks\{7F75B4ED-69CE-4513-AF5F-47D7465C70BF} => C:\Users\Jessy\Desktop\MTS_FordGT90Concept_1225521_ts3_patch_downloader\TS3PD.exe
Task: {1AA0F1B3-6B38-4AED-9331-084172685A65} - System32\Tasks\{CC28C218-C98A-4E4D-B654-5D48C522872C} => C:\Users\Jessy\Desktop\Installationsprogramm für Adobe Reader 9\Setup.exe
Task: {4E46B2C3-87BB-478C-B7AB-F1941618BFF1} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-08-22] () <==== ATTENTION
Task: {544BD2E4-3BE2-466E-85D3-C0EB5FC3885B} - System32\Tasks\{969656E3-2652-4E48-8B40-0D58B741816A} => D:\Jessys Spiele\Empires.exe
Task: {6CEBFF11-AC1F-484F-B527-DBC926764449} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-10] (Adobe Systems Incorporated)
Task: {7CA27AAE-74A3-412E-9FF2-64E8C5A44908} - System32\Tasks\{8124B740-6764-4C0F-8CFD-E18890219E13} => C:\Users\Jessy\Desktop\MTS_FordGT90Concept_1225521_ts3_patch_downloader\TS3PD.exe
Task: {90B20470-C35A-458E-8284-239A567A8000} - System32\Tasks\{82290852-15E8-4943-95C6-420DDB2C2976} => C:\Users\Jessy\Desktop\Installationsprogramm für Adobe Reader 9\Setup.exe
Task: {9572AE09-7804-4D3C-A432-87E9E073A749} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {B674979B-5D00-43F1-BF24-2D0F53101C07} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {BCD6B4DB-EA1F-4807-89D7-C9153599D027} - System32\Tasks\{53B708F6-74B1-4079-8701-0A589952B230} => D:\Jessys Spiele\Empires.exe
Task: {BFC43F8D-7DF1-4AFD-B47F-ECAA6218A5EE} - System32\Tasks\{887AC465-8BED-4F0B-8AFB-E964D1CD660D} => D:\Jessys Spiele\Empires.exe
Task: {C4F64E92-F137-4FD2-AC48-7F7B1407DD39} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-26] (Google Inc.)
Task: {CD803EB7-AB06-4CA0-BBE9-6EB111B56296} - System32\Tasks\{73DF0415-5666-44B9-9EDE-45D163C0597A} => D:\Jessys Spiele\system\gothic.exe [2006-01-12] (Piranha Bytes)
Task: {D7179AFD-6F6B-4B34-89B0-B631E356EBAC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E0FC1884-1FAE-4A2E-8A68-51190743AE5F} - System32\Tasks\{66210722-70CB-4F94-91A0-25AACFA6963C} => C:\Users\Jessy\Desktop\Installationsprogramm für Adobe Reader 9\Setup.exe
Task: {EEC779FA-18DE-493C-A329-2AA54FEFA8DB} - System32\Tasks\{986DE633-48CA-4FBC-AFB6-F21BC7AF72DD} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {FA7E250A-3B8D-4982-AE3B-3542911644CA} - System32\Tasks\{0CFB9E31-8300-4B2D-B0CE-B95F6A9A9C94} => C:\Users\Jessy\Desktop\Installationsprogramm für Adobe Reader 9\Setup.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-02-19 17:33 - 2014-02-05 19:54 - 00486408 _____ () C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll
2012-11-18 09:03 - 2013-01-18 15:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-03-15 11:33 - 2013-03-15 11:29 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2014-02-19 17:33 - 2014-02-05 19:54 - 00019976 _____ () C:\Program Files\Movies Toolbar\Datamngr\mgrldr.dll
2010-11-10 07:53 - 2009-08-20 01:19 - 00074984 _____ () E:\FILEminimizer Pictures\FILEMShell.dll
2009-11-05 20:50 - 2008-03-17 10:50 - 00069632 ____R () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2009-11-05 20:50 - 2009-01-06 10:11 - 00090112 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2009-11-05 20:50 - 2008-02-14 06:57 - 00094208 ____R () C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll
2011-04-13 06:57 - 2010-08-30 08:24 - 00049152 _____ () C:\Program Files\SilverCrest OMC807 Driver\UniFunc.dll
2013-11-04 12:24 - 2013-11-04 12:24 - 00007168 _____ () C:\ProgramData\Wincert\win32cert.dll
2013-11-04 12:24 - 2013-11-04 12:24 - 00078336 _____ () C:\ProgramData\Wincert\win32prop.dll
2009-11-05 20:54 - 1998-10-31 10:55 - 00005120 _____ () C:\Program Files\EXPERTool\TBManage.dll
2008-06-13 15:24 - 2008-06-13 15:24 - 02109440 _____ () C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
2014-02-19 17:58 - 2014-02-19 17:58 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-21 12:16 - 2014-03-10 09:49 - 16265096 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/08/2014 09:01:14 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (03/08/2014 09:01:14 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{e5c71451-3e62-11de-8519-806e6f6e6963} - 0000010C,0x0053c010,002CC3B8,0,002CD3C0,4096,[0]).
Vorgang:
Schattenkopien werden übertragen
Kontext:
Ausführungskontext: System Provider
Error: (03/07/2014 08:35:53 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 27.0.1.5156, Zeitstempel: 0x52fc0faa
Name des fehlerhaften Moduls: xul.dll, Version: 27.0.1.5156, Zeitstempel: 0x52fc0f79
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001560c7
ID des fehlerhaften Prozesses: 0x11ac
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (02/22/2014 11:33:17 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 27.0.1.5156, Zeitstempel: 0x52fc0faa
Name des fehlerhaften Moduls: xul.dll, Version: 27.0.1.5156, Zeitstempel: 0x52fc0f79
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001560c7
ID des fehlerhaften Prozesses: 0x7c4
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (02/21/2014 02:39:25 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/18/2014 08:04:01 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/17/2014 08:37:26 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/19/2014 05:43:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014e1a8
ID des fehlerhaften Prozesses: 0x53c
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (01/17/2014 09:09:43 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014e1a8
ID des fehlerhaften Prozesses: 0x458
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (01/12/2014 06:12:58 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: anstoss3.exe, Version: 1.1.0.0, Zeitstempel: 0x3f02fbca
Name des fehlerhaften Moduls: anstoss3.exe, Version: 1.1.0.0, Zeitstempel: 0x3f02fbca
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00236641
ID des fehlerhaften Prozesses: 0x11b0
Startzeit der fehlerhaften Anwendung: 0xanstoss3.exe0
Pfad der fehlerhaften Anwendung: anstoss3.exe1
Pfad des fehlerhaften Moduls: anstoss3.exe2
Berichtskennung: anstoss3.exe3
System errors:
=============
Error: (03/11/2014 09:34:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (03/11/2014 09:34:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (03/11/2014 08:17:51 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (03/11/2014 08:17:51 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (03/10/2014 08:16:24 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (03/10/2014 08:16:24 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (03/09/2014 09:53:01 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (03/09/2014 09:53:01 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (03/08/2014 08:35:39 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (03/08/2014 08:35:39 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Microsoft Office Sessions:
=========================
Error: (03/27/2011 10:03:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/27/2011 09:49:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/27/2011 08:33:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/27/2011 08:33:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/04/2011 03:57:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/04/2011 03:57:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/04/2011 03:57:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/04/2011 03:26:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/04/2011 03:18:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (02/14/2011 01:44:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 39%
Total physical RAM: 3327.05 MB
Available physical RAM: 2023.55 MB
Total Pagefile: 6652.4 MB
Available Pagefile: 5155.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.21 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.39 GB) (Free:50.63 GB) NTFS
Drive d: () (Fixed) (Total:159.64 GB) (Free:132.88 GB) NTFS
Drive e: () (Fixed) (Total:159.64 GB) (Free:104.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 13712AFD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=160 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=160 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-11 10:53:16
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD502HI rev.1AG01118 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Jessy\AppData\Local\Temp\fgloypoc.sys
---- System - GMER 2.1 ----
SSDT 9809E92E ZwCreateSection
SSDT 9809E938 ZwRequestWaitReplyPort
SSDT 9809E933 ZwSetContextThread
SSDT 9809E93D ZwSetSecurityObject
SSDT 9809E942 ZwSystemDebugControl
SSDT 9809E8CF ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82E75A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EAF212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82EB658C 4 Bytes [2E, E9, 09, 98]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82EB68E8 4 Bytes JMP D2AA00F6
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82EB692C 4 Bytes [33, E9, 09, 98]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82EB69A8 4 Bytes [3D, E9, 09, 98]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82EB69FC 4 Bytes [42, E9, 09, 98]
.text ...
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0x9E02769D]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9F822300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9F865300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] ntdll.dll!NtCreateDirectoryObject 77B055C8 5 Bytes JMP 73201700 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] ntdll.dll!NtCreateFile 77B05608 5 Bytes JMP 73201600 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] ntdll.dll!NtDeleteFile 77B05848 5 Bytes JMP 73201680 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] ntdll.dll!NtOpenDirectoryObject 77B05CD8 5 Bytes JMP 73201740 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] ntdll.dll!NtOpenFile 77B05D18 5 Bytes JMP 732016B0 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] ntdll.dll!NtSetInformationFile 77B06678 5 Bytes JMP 73201780 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] ntdll.dll!NtTerminateProcess 77B06908 5 Bytes JMP 73202AD0 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WININET.dll!InternetOpenW 77942991 3 Bytes JMP 73202010 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WININET.dll!InternetOpenW + 4 77942995 1 Byte [FB]
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WININET.dll!InternetAttemptConnect 779DD4A3 5 Bytes JMP 73202030 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WININET.dll!InternetCheckConnectionW 779DE615 5 Bytes JMP 73202020 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WININET.dll!InternetGoOnlineW 779E19A6 5 Bytes JMP 73202020 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] advapi32.DLL!RegDeleteKeyTransactedW 75E3A88A 5 Bytes JMP 73203AF0 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] advapi32.DLL!RegDeleteKeyExW 75E3A965 5 Bytes JMP 73203AB0 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] advapi32.DLL!RegDeleteValueW 75E3CED1 5 Bytes JMP 73203A10 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] advapi32.DLL!RegDeleteKeyW 75E411F2 7 Bytes JMP 73203A70 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] advapi32.DLL!RegSetValueExW 75E41456 5 Bytes JMP 732034B0 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] advapi32.DLL!RegSetKeyValueW 75E57118 5 Bytes JMP 732037F0 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] advapi32.DLL!RegSetValueW 75E5A622 5 Bytes JMP 73203660 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] advapi32.DLL!RegDeleteTreeW 75E735AF 5 Bytes JMP 73203B40 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] advapi32.DLL!RegDeleteKeyValueW 75E8FA2F 5 Bytes JMP 732039A0 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WS2_32.dll!WSAStartup 766C3AB2 7 Bytes JMP 732020B0 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WS2_32.dll!WSASocketW 766C3CD3 7 Bytes JMP 732020A0 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WS2_32.dll!socket 766C3EB8 5 Bytes JMP 73202040 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WS2_32.dll!bind 766C4582 5 Bytes JMP 73202040 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WS2_32.dll!connect 766C6BDD 5 Bytes JMP 73202040 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WS2_32.dll!listen 766CB001 5 Bytes JMP 73202060 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WS2_32.dll!WSAConnect 766CCC3F 5 Bytes JMP 73202070 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WS2_32.dll!WSAConnectByList 766DBFDD 5 Bytes JMP 73202080 C:\PROGRA~2\Wincert\win32prop.dll
.text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3608] WS2_32.dll!WSAConnectByNameW 766DC52F 5 Bytes JMP 73202090 C:\PROGRA~2\Wincert\win32prop.dll
---- EOF - GMER 2.1 ----
|
| Themen zu Win 7: Bei Facebook-Spiel Weiterleitung auf Website zur Aktualisierung des Flash Players und unerwünschte Werbung |
| antivir, ausgelastet, avira, bingbar, email, error, fehler, firefox, flash player, google, homepage, launch, mozilla, ntdll.dll, officejet, pup.optional.bandoo.a, pup.optional.datamngr.a, pup.optional.moviestoolbar.a, pup.optional.searchqu, pup.optional.searchqu.a, pup.optional.sweetim, pup.optional.sweetim.a, registry, security, software, system, unerwünschte werbung, usb, werbung, windows |
Baum-Darstellung