Mozilla Survey 2013 PopUp
Liste der Anhänge anzeigen (Anzahl: 1) Hallo,
beim starten von firefox öffnet sich immer automatisch ein neues Fenster "survey 2013". Ich habe einen Screenshot in den Anhang gepackt.
Zuerst habe ich einen Scan mit Malwarebytes gemacht. Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.08.11.05
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16635
Jenny :: KESSY [Administrator]
11.08.2013 22:03:44
mbam-log-2013-08-11 (22-03-44).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 244704
Laufzeit: 5 Minute(n), 53 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 5
C:\Users\Jenny\AppData\Local\Temp\KMP_3.6.0.87.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jenny\AppData\Local\Temp\PIPInstaller_PTV_.exe (PUP.Optional.BundledToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-1066593655-757596564-631574098-1001\$R0YNXCE.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jenny\AppData\Local\Temp\ir_ext_temp_4\AutoPlay\Docs\xf-mccs6.exe (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jenny\AppData\Local\Temp\ir_ext_temp_5\AutoPlay\Docs\xf-mccs6.exe (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
Hier sind die logfiles fon FRST Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-08-2013 02
Ran by Jenny (administrator) on 12-08-2013 10:21:43
Running from C:\Users\Jenny\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\DGS\dgsnetd.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
(TomTom) D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\PLFSetI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Spotify Ltd) C:\Users\Jenny\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() D:\Programme\RocketDock\RocketDock.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(TomTom) D:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
() C:\Program Files (x86)\DGS\dgsnetd.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-31] (Realtek Semiconductor)
HKLM\...\Run: [Acer Empowering Technology Monitor] - C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [319488 2008-08-19] ()
HKLM\...\Run: [EmpoweringTechnology] - C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe [323584 2008-08-19] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464984 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2075288 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-28] (Synaptics Incorporated)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Jenny\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-12] (Spotify Ltd)
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [x]
HKCU\...\Run: [RocketDock] - D:\Programme\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [TomTomHOME.exe] - D:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247768 2012-12-05] (TomTom)
MountPoints2: F - "F:\AutoRun.exe"
MountPoints2: {0529d204-a592-11e2-be81-002269ddee37} - "F:\AutoRun.exe"
MountPoints2: {46f83358-cbad-11e2-be90-00238b1c35d8} - "F:\AutoRun.exe"
MountPoints2: {53f6974d-84f7-11e2-be77-00238b1c35d8} - "H:\autorun.exe"
MountPoints2: {b46c73d7-9a45-11e2-be7e-00238b1c35d8} - "F:\AutoRun.exe"
MountPoints2: {b46c845b-9a45-11e2-be7e-00238b1c35d8} - "G:\AutoRun.exe"
MountPoints2: {b58337ba-bd4c-11e2-be86-00238b1c35d8} - "F:\AutoRun.exe"
MountPoints2: {e796bb4d-95e6-11e2-be7a-00238b1c35d8} - "F:\AutoRun.exe"
MountPoints2: {e796bb82-95e6-11e2-be7a-00238b1c35d8} - "F:\AutoRun.exe"
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [StartDGSnetd] - C:\Program Files (x86)\DGS\dgsnetd.exe [453120 2011-04-04] ()
HKLM-x32\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [781824 2008-09-11] (Acer Incorporated)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1190920 2009-08-24] (Dritek System Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [825560 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WinampAgent] - D:\Programme\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> D:\Program Files (x86)\openoffice\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\55a9c4dq.default
FF user.js: detected! => C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\55a9c4dq.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "backup.ftp", "proxy.t-online.de"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.socks", "proxy.t-online.de"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "proxy.t-online.de"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "ftp", "www-proxy.t-online.de"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "www-proxy.t-online.de"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "www-proxy.t-online.de"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\55a9c4dq.default\searchplugins\icqplugin.xml
FF Extension: No Name - C:\Users\Jenny\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
FF Extension: TinEye Reverse Image Search - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\55a9c4dq.default\Extensions\tineye@ideeinc.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\55a9c4dq.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: WOT - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\55a9c4dq.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\55a9c4dq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: DownloadHelper - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\55a9c4dq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(147)
FF Extension: Adblock Plus - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\55a9c4dq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(148)
FF Extension: OneClickDownload - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\55a9c4dq.default\Extensions\OneClickDownload@OneClickDownload.com.xpi
FF Extension: uriloader - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\55a9c4dq.default\Extensions\uriloader@pdf.js.xpi
FF Extension: No Name - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\55a9c4dq.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\55a9c4dq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\55a9c4dq.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\55a9c4dq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\55a9c4dq.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: No Name - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\55a9c4dq.default\Extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 DGSnetd; C:\Program Files (x86)\DGS\dgsnetd.exe [453120 2011-04-04] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] ()
R2 HPSLPSVC; C:\Users\Jenny\AppData\Local\Temp\7zS1C85\hpslpsvc64.dll [1039360 2012-11-14] (Hewlett-Packard Co.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
R2 TomTomHOMEService; D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92632 2012-12-05] (TomTom)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [17952 2008-08-19] (Acer, Inc.)
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [17952 2008-08-19] (Acer, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-28] (Synaptics Incorporated)
S3 SmbDrvIntel; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-28] (Synaptics Incorporated)
S3 winbondcir; C:\Windows\system32\DRIVERS\winbondcir.sys [46592 2007-03-28] (Winbond Electronics Corporation)
S1 DritekPortIO; \??\C:\Program Files (x86)\Launch Manager\DPortIO.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-12 10:18 - 2013-08-12 10:18 - 00000000 ____D C:\FRST
2013-08-12 10:15 - 2013-08-12 10:15 - 01575246 _____ (Farbar) C:\Users\Jenny\Desktop\FRST64.exe
2013-08-11 21:51 - 2013-08-11 21:51 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-11 21:51 - 2013-08-11 21:51 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Malwarebytes
2013-08-11 21:51 - 2013-08-11 21:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-11 21:51 - 2013-08-11 21:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-11 21:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-11 16:47 - 2013-08-11 16:47 - 04960391 _____ C:\Users\Jenny\Desktop\I know.zip
2013-08-10 14:34 - 2013-08-09 22:12 - 00000000 ____D C:\Users\Jenny\Desktop\18-07 number one
2013-08-06 18:02 - 2013-08-06 18:03 - 05602912 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-06 09:15 - 2013-06-28 00:04 - 00693112 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-06 09:15 - 2013-06-28 00:04 - 00078200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-05 21:50 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-08-05 21:50 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-08-05 21:50 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-08-05 21:50 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-08-05 21:50 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-05 21:50 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-08-05 21:50 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-08-05 21:50 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-05 21:50 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-08-05 21:50 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-08-05 21:50 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-05 21:50 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-08-05 21:50 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-08-05 21:50 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-08-05 21:50 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-08-05 21:50 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-08-05 21:50 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-08-05 21:50 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-05 21:50 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-05 21:50 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-08-05 21:50 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2013-08-05 21:50 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-08-05 21:50 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-08-05 21:50 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-08-05 21:50 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2013-08-05 21:50 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-08-05 21:50 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-08-05 21:50 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-08-05 21:50 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2013-08-05 21:50 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-08-05 21:50 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-08-05 21:50 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-08-05 21:50 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-08-05 21:50 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-08-05 21:50 - 2013-05-20 02:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml
2013-08-05 21:49 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-05 21:49 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-05 21:49 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-05 21:49 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-05 21:49 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-05 21:49 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-05 21:49 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-05 21:49 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-05 21:49 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-05 21:49 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-05 21:49 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-05 21:49 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-05 21:49 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-05 21:49 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-05 21:49 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-05 21:49 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-05 21:49 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-05 21:49 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-05 21:49 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-05 21:49 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-05 21:49 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-05 21:49 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-05 21:48 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-05 21:48 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-18 22:10 - 2013-07-18 22:10 - 00000000 ____D C:\ProgramData\APN
2013-07-18 22:10 - 2013-06-06 22:41 - 00489392 _____ (Ask Partner Network) C:\Users\Jenny\Documents\APNSetup.exe
==================== One Month Modified Files and Folders =======
2013-08-12 10:19 - 2013-08-12 10:19 - 00032968 _____ C:\Users\Jenny\Desktop\Addition.txt
2013-08-12 10:18 - 2013-08-12 10:18 - 00000000 ____D C:\FRST
2013-08-12 10:15 - 2013-08-12 10:15 - 01575246 _____ (Farbar) C:\Users\Jenny\Desktop\FRST64.exe
2013-08-12 10:05 - 2013-02-07 12:18 - 01094650 _____ C:\Windows\WindowsUpdate.log
2013-08-12 10:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-08-12 09:52 - 2013-02-07 21:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-12 09:48 - 2013-02-07 16:07 - 00000000 ____D C:\Users\Jenny\AppData\Local\Windows Live
2013-08-11 22:31 - 2013-05-01 09:52 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Skype
2013-08-11 21:51 - 2013-08-11 21:51 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-11 21:51 - 2013-08-11 21:51 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Malwarebytes
2013-08-11 21:51 - 2013-08-11 21:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-11 21:51 - 2013-08-11 21:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-11 19:45 - 2013-02-07 13:47 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Spotify
2013-08-11 16:47 - 2013-08-11 16:47 - 04960391 _____ C:\Users\Jenny\Desktop\I know.zip
2013-08-11 16:30 - 2013-02-07 14:10 - 00000000 ____D C:\Users\Jenny\AppData\Local\Adobe
2013-08-10 14:39 - 2013-02-23 21:35 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\vlc
2013-08-09 22:42 - 2012-07-26 12:27 - 00754172 _____ C:\Windows\system32\perfh007.dat
2013-08-09 22:42 - 2012-07-26 12:27 - 00156362 _____ C:\Windows\system32\perfc007.dat
2013-08-09 22:42 - 2012-07-26 09:28 - 01748838 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-09 22:35 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-09 22:12 - 2013-08-10 14:34 - 00000000 ____D C:\Users\Jenny\Desktop\18-07 number one
2013-08-07 14:44 - 2013-02-07 21:24 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-07 14:43 - 2013-02-13 14:31 - 00000000 ____D C:\Users\Jenny\Desktop\aufräumen
2013-08-07 13:16 - 2013-02-11 00:52 - 00000132 _____ C:\Users\Jenny\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-08-07 11:55 - 2013-02-07 13:48 - 00000000 ____D C:\Users\Jenny\AppData\Local\Spotify
2013-08-07 10:50 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-06 18:03 - 2013-08-06 18:02 - 05602912 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-06 09:12 - 2013-04-03 19:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-06 09:12 - 2013-04-03 19:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-06 09:12 - 2012-07-26 07:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-08-06 09:10 - 2012-07-26 12:29 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-06 09:10 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-08-05 21:58 - 2013-02-09 18:31 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-04 21:45 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-07-20 10:47 - 2012-07-26 09:21 - 00045936 _____ C:\Windows\setupact.log
2013-07-18 23:38 - 2013-05-10 15:19 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2013-07-18 22:10 - 2013-07-18 22:10 - 00000000 ____D C:\ProgramData\APN
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-10 13:13
==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2013 02
Ran by Jenny at 2013-08-12 10:22:23
Running from C:\Users\Jenny\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
[translation missing: EVERemoveOnly] (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acer Crystal Eye Webcam (x32 Version: 5.2.7.1)
Acer Crystal Eye Webcam 2.0.8 (x32 Version: 2.0.8)
Acer eAudio Management (x32 Version: 3.0.3009)
Acer Empowering Technology (x32 Version: 3.0.3010)
Acer eSettings Management (x32 Version: 3.0.3007)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.5)
Adobe AIR (x32 Version: 3.5.0.1060)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Download Assistant (x32 Version: 1.2.5)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
ASGvis Material Studio (x32 Version: 1.00.0000)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Bamboo Dock (x32 Version: 4.1)
Bamboo Dock (x32 Version: 4.1.0)
bl (x32 Version: 1.0.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Flamingo 1.1 (x32 Version: 1.1 Release 20051111)
Flamingo 1.1 for Rhino 4.0 (x32 Version: 1.1.4 Release 2007-01-16)
Fotogalerie (x32 Version: 16.4.3505.0912)
Intel PROSet Wireless
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.2.0.0284)
Intel(R) Rapid Storage Technology (x32 Version: 11.7.0.1013)
Intel® PROSet/Wireless WiFi-Software (Version: 15.02.0000.1258)
IrfanView (remove only) (x32 Version: 4.35)
Junk Mail filter update (x32 Version: 16.4.3505.0912)
Launch Manager (x32 Version: 3.0.03)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mouse and Keyboard Center (Version: 2.0.161.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft VC80 Support DLLs (x32 Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
No23 Recorder (x32 Version: 2.1.0.3)
NVIDIA Grafiktreiber 314.22 (Version: 314.22)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.115.743)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Systemsteuerung 314.22 (Version: 314.22)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Pandora Service (x32)
PDF Settings CS6 (x32 Version: 11.0)
ph (x32 Version: 1.0.0)
Photo Gallery (x32 Version: 16.4.3505.0912)
Ramsete III (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6690)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30102)
Rhino RDK (x32)
Rhinoceros 3.0 (x32 Version: 3.0 Release)
Rhinoceros 4.0 (x32 Version: 4.0.20206)
Rhinoceros 4.0 SR3 (x32 Version: 4.0.30222)
Rhinoceros 4.0 SR4 (x32 Version: 4.0.30807)
Rhinoceros 4.0 SR4b (x32 Version: 4.0.30827)
RocketDock 1.3.5 (x32)
Roll (x32)
R-Studio 6.1 (x32 Version: 6.1.152035)
Skype™ 6.5 (x32 Version: 6.5.158)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Streaming Audio Recorder V2.7.3 (x32 Version: 2.7.3)
Surf & E-Mail-Stick (x32 Version: 16.001.06.02.35)
Synaptics Pointing Device Driver (Version: 16.2.10.12)
The KMPlayer (remove only) (x32 Version: 3.6.0.87)
Tomb Raider - The Last Revelation (x32)
TomTom HOME (x32 Version: 2.9.3)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2)
T-Splines for Rhino (x32 Version: 1.2)
Tyre (x32 Version: 6.1.3.7)
verEasy 4.5.0 (Version: 4.5.0.0)
VLC media player 2.0.5 (Version: 2.0.5)
V-Ray for Rhinoceros (x32 Version: 01.01.71)
Wacom (Version: 5.3.2-1)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.2)
WebTablet FB Plugin 64 bit (Version: 2.1.0.2)
Winamp (x32 Version: 5.63 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 16.4.3505.0912)
Windows Live Messenger (x32 Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
YP-U1 (x32 Version: )
Zoo Tycoon 2 - Marine Mania (x32 Version: 1.00.0000)
==================== Restore Points =========================
16-07-2013 10:02:08 Geplanter Prüfpunkt
05-08-2013 11:04:34 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2012-07-26 07:26 - 2013-02-10 17:49 - 00000915 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1C9EAC4B-EAE1-486A-A0FB-9E7226281AB4} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {5D3FE9CA-BA06-4718-BC76-CBD688750A4F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {83A01C76-A00C-4130-8598-8685AD268279} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-07] (Adobe Systems Incorporated)
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {89FE7760-F48E-4260-BE7D-DD72B4A318AC} - System32\Tasks\AdobeAAMUpdater-1.0-Kessy-Jenny => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {900F542F-3B53-4BB8-A5F4-56CA872C68F8} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {9E6239E3-F56E-4DEE-990E-4792D0756066} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-10-12] (Microsoft Corporation)
Task: {A217E13F-AC6E-47A7-AC3B-41BE6C1E002E} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2013-03-21] (Easeware)
Task: {A282C9AF-DC8F-4842-AF84-B64E320487B3} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C394EC3D-BF97-4EF0-9415-D81A6ED47D17} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-10-12] (Microsoft Corporation)
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {C8D15A41-E6E0-4D57-B454-80173F69688D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E0B920FE-8AC0-4355-BA8E-26BCD0B8C276} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {E248222A-CF89-4C56-9B59-A5D552E630A1} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1066593655-757596564-631574098-1001
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {E9898BE8-0421-4529-B45A-0B5EBE683773} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-10-12] (Microsoft)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {FFE3FD50-646E-4A64-913B-23C4187E6025} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
==================== Faulty Device Manager Devices =============
Name: Winbond CIR Transceiver
Description: Winbond CIR Transceiver
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Winbond Electronics Corporation
Service: winbondcir
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/12/2013 00:00:33 AM) (Source: Winlogon) (User: )
Description: Der Windows-Anmeldeprozess wurde unerwartet beendet.
Error: (08/11/2013 10:31:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0x1760
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Vollständiger Name des fehlerhaften Pakets: firefox.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: firefox.exe5
Error: (08/11/2013 09:49:25 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (08/11/2013 09:49:21 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (08/11/2013 09:49:18 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (08/11/2013 09:49:18 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (08/11/2013 09:49:14 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (08/10/2013 04:19:28 PM) (Source: Winlogon) (User: )
Description: Der Windows-Anmeldeprozess wurde unerwartet beendet.
Error: (08/10/2013 00:54:46 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LiveComm.exe, Version: 16.4.4406.1205, Zeitstempel: 0x50bfdb8c
Name des fehlerhaften Moduls: MSVCR110.dll, Version: 11.0.51106.1, Zeitstempel: 0x5098826e
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00000000000740c4
ID des fehlerhaften Prozesses: 0x1108
Startzeit der fehlerhaften Anwendung: 0xLiveComm.exe0
Pfad der fehlerhaften Anwendung: LiveComm.exe1
Pfad des fehlerhaften Moduls: LiveComm.exe2
Berichtskennung: LiveComm.exe3
Vollständiger Name des fehlerhaften Pakets: LiveComm.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LiveComm.exe5
Error: (08/09/2013 09:17:57 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LiveComm.exe, Version: 16.4.4406.1205, Zeitstempel: 0x50bfdb8c
Name des fehlerhaften Moduls: MSVCR110.dll, Version: 11.0.51106.1, Zeitstempel: 0x5098826e
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00000000000740c4
ID des fehlerhaften Prozesses: 0x2b74
Startzeit der fehlerhaften Anwendung: 0xLiveComm.exe0
Pfad der fehlerhaften Anwendung: LiveComm.exe1
Pfad des fehlerhaften Moduls: LiveComm.exe2
Berichtskennung: LiveComm.exe3
Vollständiger Name des fehlerhaften Pakets: LiveComm.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LiveComm.exe5
System errors:
=============
Error: (08/11/2013 08:22:13 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
Error: (08/11/2013 06:41:02 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
Error: (08/11/2013 05:12:03 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (08/10/2013 03:14:02 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
Error: (08/10/2013 02:42:01 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
Error: (08/09/2013 10:36:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hardlock" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (08/09/2013 10:35:55 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 09.08.2013 um 22:33:29 unerwartet heruntergefahren.
Error: (08/09/2013 09:39:06 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
Error: (08/09/2013 03:12:29 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
Error: (08/09/2013 02:23:29 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
Microsoft Office Sessions:
=========================
Error: (08/12/2013 00:00:33 AM) (Source: Winlogon)(User: )
Description:
Error: (08/11/2013 10:31:01 PM) (Source: Application Error)(User: )
Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc000000500173668176001ce96d10af4be72C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dllef71bff8-02c4-11e3-bea6-00238b1c35d8
Error: (08/11/2013 09:49:25 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Jenny\Desktop\COMPUTER_BILD_Download_Manager_fuer_malwarebytes-anti-malware.exe
Error: (08/11/2013 09:49:21 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Jenny\Desktop\COMPUTER_BILD_Download_Manager_fuer_malwarebytes-anti-malware.exe
Error: (08/11/2013 09:49:18 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Jenny\Desktop\COMPUTER_BILD_Download_Manager_fuer_malwarebytes-anti-malware.exe
Error: (08/11/2013 09:49:18 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Jenny\Desktop\COMPUTER_BILD_Download_Manager_fuer_malwarebytes-anti-malware.exe
Error: (08/11/2013 09:49:14 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Jenny\Desktop\COMPUTER_BILD_Download_Manager_fuer_malwarebytes-anti-malware.exe
Error: (08/10/2013 04:19:28 PM) (Source: Winlogon)(User: )
Description:
Error: (08/10/2013 00:54:46 PM) (Source: Application Error)(User: )
Description: LiveComm.exe16.4.4406.120550bfdb8cMSVCR110.dll11.0.51106.15098826ec000040900000000000740c4110801ce954c1b0c3175C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exeC:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.51106.1_x64__8wekyb3d8bbwe\MSVCR110.dll44ee2e35-01ab-11e3-bea6-00238b1c35d8microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail
Error: (08/09/2013 09:17:57 AM) (Source: Application Error)(User: )
Description: LiveComm.exe16.4.4406.120550bfdb8cMSVCR110.dll11.0.51106.15098826ec000040900000000000740c42b7401ce947f19b61187C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exeC:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.51106.1_x64__8wekyb3d8bbwe\MSVCR110.dlld09daeb5-00c3-11e3-bea5-00238b1c35d8microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail
CodeIntegrity Errors:
===================================
Date: 2013-08-11 16:30:59.215
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-10 13:14:22.640
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-09 22:38:52.924
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-09 22:36:18.490
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-08-09 20:40:08.208
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-08 21:20:08.299
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-07 20:32:17.455
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-06 21:36:43.177
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-06 18:03:44.488
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-08-06 09:15:06.222
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 4090.86 MB
Available physical RAM: 2159.93 MB
Total Pagefile: 7034.86 MB
Available Pagefile: 4842.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:52.69 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:140.5 GB) (Free:7.33 GB) NTFS (Disk=0 Partition=3)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 722C67E8)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=141 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=12)
==================== End Of Log ============================
und der Gmer scan Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-12 10:53:09
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000037 ST9320320AS rev.0303 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Jenny\AppData\Local\Temp\fgtoqpoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\WLANExt.exe[1348] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fed819177a 4 bytes [19, D8, FE, 07]
.text C:\Windows\system32\WLANExt.exe[1348] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fed8191782 4 bytes [19, D8, FE, 07]
.text C:\Windows\system32\WLANExt.exe[1348] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fed1f81532 4 bytes [F8, D1, FE, 07]
.text C:\Windows\system32\WLANExt.exe[1348] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fed1f8153a 4 bytes [F8, D1, FE, 07]
.text C:\Windows\system32\WLANExt.exe[1348] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fed1f8165a 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1952] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fed1f81532 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1952] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fed1f8153a 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1952] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fed1f8165a 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1952] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fed819177a 4 bytes [19, D8, FE, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1952] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fed8191782 4 bytes [19, D8, FE, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1952] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007feca561b32 4 bytes [56, CA, FE, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1952] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007feca561b3a 4 bytes [56, CA, FE, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1860] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fed819177a 4 bytes [19, D8, FE, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1860] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fed8191782 4 bytes [19, D8, FE, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1860] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fed1f81532 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1860] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fed1f8153a 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1860] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fed1f8165a 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2672] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fed1f81532 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2672] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fed1f8153a 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2672] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fed1f8165a 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2672] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fed819177a 4 bytes [19, D8, FE, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2672] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fed8191782 4 bytes [19, D8, FE, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fed819177a 4 bytes [19, D8, FE, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fed8191782 4 bytes [19, D8, FE, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fed1f81532 4 bytes [F8, D1, FE, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fed1f8153a 4 bytes [F8, D1, FE, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fed1f8165a 4 bytes [F8, D1, FE, 07]
.text C:\Windows\System32\dwm.exe[3928] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fed819177a 4 bytes [19, D8, FE, 07]
.text C:\Windows\System32\dwm.exe[3928] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fed8191782 4 bytes [19, D8, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[48] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fed1f81532 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[48] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fed1f8153a 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[48] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fed1f8165a 4 bytes [F8, D1, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fed1f81532 4 bytes [F8, D1, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fed1f8153a 4 bytes [F8, D1, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fed1f8165a 4 bytes [F8, D1, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fed819177a 4 bytes [19, D8, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fed8191782 4 bytes [19, D8, FE, 07]
.text C:\Windows\Explorer.EXE[5960] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fed819177a 4 bytes [19, D8, FE, 07]
.text C:\Windows\Explorer.EXE[5960] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fed8191782 4 bytes [19, D8, FE, 07]
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[5648] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fed819177a 4 bytes [19, D8, FE, 07]
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[5648] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fed8191782 4 bytes [19, D8, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[636] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fed1f81532 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[636] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fed1f8153a 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[636] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fed1f8165a 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5728] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fed1f81532 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5728] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fed1f8153a 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5728] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fed1f8165a 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[900] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fed819177a 4 bytes [19, D8, FE, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[900] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fed8191782 4 bytes [19, D8, FE, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[900] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007feca561b32 4 bytes [56, CA, FE, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[900] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007feca561b3a 4 bytes [56, CA, FE, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[900] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fed1f81532 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[900] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fed1f8153a 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[900] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fed1f8165a 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4396] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fed819177a 4 bytes [19, D8, FE, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4396] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fed8191782 4 bytes [19, D8, FE, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4396] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fed1f81532 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4396] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fed1f8153a 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4396] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fed1f8165a 4 bytes [F8, D1, FE, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4396] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007feca561b32 4 bytes [56, CA, FE, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4396] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007feca561b3a 4 bytes [56, CA, FE, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2980] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fed819177a 4 bytes [19, D8, FE, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2980] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fed8191782 4 bytes [19, D8, FE, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4228] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fed819177a 4 bytes [19, D8, FE, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4228] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fed8191782 4 bytes [19, D8, FE, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [3264:4492] fffff960007215e8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1407009582
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269ddee37
---- EOF - GMER 2.1 ----
Ich habe den defogger Abschnitt übersprungen. Ist das ok, oder soll ich das noch nachholen?
Lieben Dank, Linya |
AdwCleaner auf deinen Desktop.
SecurityCheck und:
