Easy Speed PC und VuuPC
Hallo,
bei der Instalation des google chrome browsers haben sich 2 Schädlige mit auf dem PC eingenistet.
VuuPC
Easy Speed PC
Der 1. wurde nach Internetanleitung mit AdwCleaner und Malwarebytes Anti-Malware entfernt.
Der 2. ist immernoch deutlich in der Softwareliste zu sehen.
Beim Scan von GMER kam es zu mehren Fehlermeldungen.
"C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen prozess verwendet wird."
"C:\Users\*****\ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen prozess verwendet wird."
Beide Meldungen auch beim Scan im Abgesicherten Modus.
Hier die Logs
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by **** (administrator) on SCHATTENFELL on 28-07-2014 17:13:22
Running from C:\Users\****\Desktop
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Probit Software LTD) C:\Program Files (x86)\Probit Software\Easy Speed PC\ESPCSmartScan.exe
(Probit Software LTD) C:\Program Files (x86)\Easy Speed Check\easyspeedcheck.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxcr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1641648 2014-06-17] (Bitdefender)
HKU\S-1-5-21-3244183677-1939876774-2963879272-1001\...\Run: [Easy Speed PC] => C:\Program Files (x86)\Probit Software\Easy Speed PC\ESPCLauncher.exe [148272 2013-03-18] (Probit Software LTD)
HKU\S-1-5-21-3244183677-1939876774-2963879272-1001\...\Run: [EasySpeedCheck] => C:\Program Files (x86)\Easy Speed Check\easyspeedcheck.exe [194200 2014-05-12] (Probit Software LTD)
HKU\S-1-5-21-3244183677-1939876774-2963879272-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [881032 2014-06-18] (Bitdefender)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: http=127.0.0.1:14172;https=127.0.0.1:14172
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAB6EC0DE66AACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 80.69.100.214 80.69.100.110
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 - D:\Programme\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-07-28]
FF HKCU\...\Firefox\Extensions: [{CE7F9FB7-CB37-E178-D9A8-28F502937EEA}] - C:\Program Files (x86)\ver6Re-Markable\175.xpi
Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-28]
CHR Extension: (Google Drive) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-28]
CHR Extension: (Pop Block Pro - The Ultimate Popup Blocker) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjmjkdknjeokcmgjmdpkccpmahfmiib [2014-07-28]
CHR Extension: (YouTube) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-28]
CHR Extension: (Adblock Plus) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-28]
CHR Extension: (Google Search) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-28]
CHR Extension: (Bitdefender Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2014-07-28]
CHR Extension: (AdBlock Plus) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\niimplkdaapagimjmmcdmbjlcdddfcgj [2014-07-28]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-28]
CHR Extension: (Block Alert Popups) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjjanaennfbgpccfpbghnmblpdblbef [2014-07-28]
CHR Extension: (Gmail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-28]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-06-12] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1512392 2014-06-13] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2013-07-17] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-28 17:13 - 2014-07-28 17:13 - 00009633 _____ () C:\Users\****\Desktop\FRST.txt
2014-07-28 17:13 - 2014-07-28 17:13 - 00000000 ____D () C:\FRST
2014-07-28 17:12 - 2014-07-28 17:12 - 00000476 _____ () C:\Users\****\Desktop\defogger_disable.log
2014-07-28 17:12 - 2014-07-28 17:12 - 00000000 _____ () C:\Users\****\defogger_reenable
2014-07-28 17:10 - 2014-07-28 17:10 - 02093568 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2014-07-28 17:10 - 2014-07-28 17:10 - 00380416 _____ () C:\Users\****\Desktop\Gmer-19357.exe
2014-07-28 17:09 - 2014-07-28 17:09 - 00050477 _____ () C:\Users\****\Desktop\Defogger.exe
2014-07-28 17:01 - 2014-07-28 17:01 - 00000628 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-28 17:01 - 2014-07-28 17:01 - 00000000 ____D () C:\Users\****\AppData\Roaming\vlc
2014-07-28 17:01 - 2014-07-28 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-28 16:58 - 2014-07-28 17:00 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-07-28 16:46 - 2014-07-28 16:46 - 00000144 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-07-28 16:35 - 2014-07-28 16:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 16:35 - 2014-07-28 16:35 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-28 16:35 - 2014-07-28 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-28 16:35 - 2014-07-28 16:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-28 16:35 - 2014-07-28 16:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-28 16:35 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-28 16:35 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-28 16:35 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-28 16:33 - 2014-07-28 16:33 - 00000451 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-07-28 16:33 - 2014-07-28 16:33 - 00000000 ____D () C:\Users\****\AppData\Roaming\Probit Software
2014-07-28 16:33 - 2014-07-28 16:33 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-28 16:27 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-28 16:26 - 2014-07-28 16:28 - 00000000 ____D () C:\AdwCleaner
2014-07-28 16:23 - 2014-07-28 16:23 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-28 16:23 - 2014-07-28 16:23 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-28 16:23 - 2014-07-28 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-28 16:23 - 2014-07-28 16:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-28 16:19 - 2014-07-28 16:19 - 00504643 _____ () C:\ProgramData\1406556816.bdinstall.bin
2014-07-28 16:18 - 2014-07-28 16:18 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-07-28 16:18 - 2014-07-28 16:18 - 00000385 _____ () C:\Users\****\AppData\Roaminguser_gensett.xml
2014-07-28 16:17 - 2014-07-28 16:17 - 00002217 _____ () C:\Users\Public\Desktop\Bitdefender Antivirus Plus.lnk
2014-07-28 16:17 - 2014-07-28 16:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-07-28 16:17 - 2014-07-28 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2014-07-28 16:17 - 2014-07-28 16:17 - 00000000 ____D () C:\ProgramData\BDLogging
2014-07-28 16:17 - 2013-12-02 12:58 - 00635392 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-07-28 16:17 - 2013-12-02 12:56 - 00893440 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-07-28 16:17 - 2013-11-04 16:47 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2014-07-28 16:17 - 2013-11-04 16:47 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-07-28 16:17 - 2013-09-08 20:04 - 00023568 _____ (Bitdefender) C:\Windows\system32\Drivers\bdelam.sys
2014-07-28 16:17 - 2013-07-17 19:31 - 00261496 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-07-28 16:17 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-07-28 16:16 - 2014-07-28 16:16 - 00000000 ____D () C:\Users\****\AppData\Roaming\Bitdefender
2014-07-28 16:13 - 2014-07-28 16:17 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-07-28 16:13 - 2014-07-28 16:13 - 00000000 ____D () C:\Users\****\AppData\Roaming\QuickScan
2014-07-28 16:13 - 2014-07-28 16:13 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-07-28 16:13 - 2014-07-28 16:13 - 00000000 ____D () C:\Program Files\Bitdefender
2014-07-28 16:13 - 2014-07-28 16:13 - 00000000 _____ () C:\Windows\system32\BDSandBoxUISkin32.dll
2014-07-28 16:13 - 2013-11-04 16:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2014-07-28 16:13 - 2013-11-04 16:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2014-07-28 16:13 - 2013-08-23 13:48 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-07-28 16:13 - 2013-08-07 13:46 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-07-28 16:02 - 2014-07-28 16:48 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-28 16:02 - 2014-07-28 16:28 - 00000000 ____D () C:\Program Files (x86)\Easy Speed Check
2014-07-28 16:02 - 2014-07-28 16:02 - 00001358 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
2014-07-28 16:02 - 2014-07-28 16:02 - 00001323 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hilfe.lnk
2014-07-28 16:02 - 2014-07-28 16:02 - 00001323 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Speed PC.lnk
2014-07-28 16:02 - 2014-07-28 16:02 - 00001308 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Speed PC on the Web.lnk
2014-07-28 16:02 - 2014-07-28 16:02 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-07-28 16:02 - 2014-07-28 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-28 16:01 - 2014-07-28 17:11 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-28 16:01 - 2014-07-28 16:46 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-28 16:01 - 2014-07-28 16:06 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-28 16:01 - 2014-07-28 16:06 - 00003874 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-28 16:01 - 2014-07-28 16:02 - 00000000 ____D () C:\Users\****\AppData\Local\Google
2014-07-28 16:01 - 2014-07-28 16:02 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-28 16:01 - 2014-07-28 16:01 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-07-28 16:00 - 2014-07-28 17:05 - 00000000 ____D () C:\Windows\Panther
2014-07-28 15:23 - 2014-07-28 17:05 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3244183677-1939876774-2963879272-1001
2014-07-28 15:23 - 2014-07-28 15:23 - 00000000 __SHD () C:\Users\****\AppData\Local\EmieUserList
2014-07-28 15:23 - 2014-07-28 15:23 - 00000000 __SHD () C:\Users\****\AppData\Local\EmieSiteList
2014-07-28 15:23 - 2014-07-28 15:23 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-07-28 15:23 - 2014-07-28 15:23 - 00000000 ____D () C:\Program Files\Intel
2014-07-28 15:23 - 2014-07-28 15:23 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-07-28 15:23 - 2014-07-28 15:23 - 00000000 ____D () C:\Intel
2014-07-28 15:23 - 2014-05-21 00:33 - 00064000 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2014-07-28 15:23 - 2014-05-21 00:33 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2014-07-28 15:21 - 2014-07-28 15:21 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{88AEB5DF-1273-43CD-A505-A7A5A437D860}
2014-07-28 15:21 - 2014-07-28 15:21 - 00000000 ____D () C:\Users\****\AppData\Roaming\Macromedia
2014-07-28 15:20 - 2014-07-28 16:46 - 00000000 __RDO () C:\Users\****\OneDrive
2014-07-28 15:18 - 2014-07-28 15:19 - 00000000 ____D () C:\Users\****\AppData\Local\Packages
2014-07-28 15:18 - 2014-07-28 15:18 - 00001454 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-28 15:18 - 2014-07-28 15:18 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-07-28 15:18 - 2014-07-28 15:18 - 00000000 ____D () C:\Users\****\AppData\Roaming\Adobe
2014-07-28 15:18 - 2014-07-28 15:18 - 00000000 ____D () C:\Users\****\AppData\Local\VirtualStore
2014-07-28 15:17 - 2014-07-28 17:12 - 00000000 ____D () C:\Users\****
2014-07-28 15:17 - 2014-07-28 15:17 - 00000020 ___SH () C:\Users\****\ntuser.ini
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\Vorlagen
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\Startmenü
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\Netzwerkumgebung
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\Lokale Einstellungen
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\Eigene Dateien
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\Druckumgebung
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\Documents\Eigene Musik
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\Documents\Eigene Bilder
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\AppData\Local\Verlauf
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\AppData\Local\Anwendungsdaten
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\Anwendungsdaten
2014-07-28 15:17 - 2014-03-18 12:32 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-28 15:17 - 2014-03-18 12:32 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-28 15:17 - 2014-03-18 12:12 - 00000369 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-28 15:17 - 2014-03-18 12:12 - 00000369 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-28 15:17 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-28 15:17 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-28 15:08 - 2014-07-28 17:06 - 00227365 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 15:08 - 2014-07-28 15:08 - 00000000 ____D () C:\Windows\CSC
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Programme
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Dokumente und Einstellungen
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-28 17:13 - 2014-07-28 17:13 - 00009633 _____ () C:\Users\****\Desktop\FRST.txt
2014-07-28 17:13 - 2014-07-28 17:13 - 00000000 ____D () C:\FRST
2014-07-28 17:12 - 2014-07-28 17:12 - 00000476 _____ () C:\Users\****\Desktop\defogger_disable.log
2014-07-28 17:12 - 2014-07-28 17:12 - 00000000 _____ () C:\Users\****\defogger_reenable
2014-07-28 17:12 - 2014-07-28 15:17 - 00000000 ____D () C:\Users\****
2014-07-28 17:11 - 2014-07-28 16:01 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-28 17:10 - 2014-07-28 17:10 - 02093568 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2014-07-28 17:10 - 2014-07-28 17:10 - 00380416 _____ () C:\Users\****\Desktop\Gmer-19357.exe
2014-07-28 17:09 - 2014-07-28 17:09 - 00050477 _____ () C:\Users\****\Desktop\Defogger.exe
2014-07-28 17:06 - 2014-07-28 15:08 - 00227365 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 17:05 - 2014-07-28 16:00 - 00000000 ____D () C:\Windows\Panther
2014-07-28 17:05 - 2014-07-28 15:23 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3244183677-1939876774-2963879272-1001
2014-07-28 17:01 - 2014-07-28 17:01 - 00000628 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-28 17:01 - 2014-07-28 17:01 - 00000000 ____D () C:\Users\****\AppData\Roaming\vlc
2014-07-28 17:01 - 2014-07-28 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-28 17:00 - 2014-07-28 16:58 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-07-28 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-07-28 16:50 - 2014-03-18 12:04 - 01686150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-28 16:50 - 2014-03-18 11:25 - 00727930 _____ () C:\Windows\system32\perfh007.dat
2014-07-28 16:50 - 2014-03-18 11:25 - 00151586 _____ () C:\Windows\system32\perfc007.dat
2014-07-28 16:48 - 2014-07-28 16:02 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-28 16:46 - 2014-07-28 16:46 - 00000144 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-07-28 16:46 - 2014-07-28 16:01 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-28 16:46 - 2014-07-28 15:20 - 00000000 __RDO () C:\Users\****\OneDrive
2014-07-28 16:45 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-28 16:45 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-28 16:36 - 2014-07-28 16:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 16:35 - 2014-07-28 16:35 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-28 16:35 - 2014-07-28 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-28 16:35 - 2014-07-28 16:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-28 16:35 - 2014-07-28 16:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-28 16:33 - 2014-07-28 16:33 - 00000451 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-07-28 16:33 - 2014-07-28 16:33 - 00000000 ____D () C:\Users\****\AppData\Roaming\Probit Software
2014-07-28 16:33 - 2014-07-28 16:33 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-28 16:29 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-28 16:28 - 2014-07-28 16:26 - 00000000 ____D () C:\AdwCleaner
2014-07-28 16:28 - 2014-07-28 16:02 - 00000000 ____D () C:\Program Files (x86)\Easy Speed Check
2014-07-28 16:23 - 2014-07-28 16:23 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-28 16:23 - 2014-07-28 16:23 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-28 16:23 - 2014-07-28 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-28 16:23 - 2014-07-28 16:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-28 16:19 - 2014-07-28 16:19 - 00504643 _____ () C:\ProgramData\1406556816.bdinstall.bin
2014-07-28 16:18 - 2014-07-28 16:18 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-07-28 16:18 - 2014-07-28 16:18 - 00000385 _____ () C:\Users\****\AppData\Roaminguser_gensett.xml
2014-07-28 16:17 - 2014-07-28 16:17 - 00002217 _____ () C:\Users\Public\Desktop\Bitdefender Antivirus Plus.lnk
2014-07-28 16:17 - 2014-07-28 16:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-07-28 16:17 - 2014-07-28 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2014-07-28 16:17 - 2014-07-28 16:17 - 00000000 ____D () C:\ProgramData\BDLogging
2014-07-28 16:17 - 2014-07-28 16:13 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-07-28 16:17 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-28 16:16 - 2014-07-28 16:16 - 00000000 ____D () C:\Users\****\AppData\Roaming\Bitdefender
2014-07-28 16:13 - 2014-07-28 16:13 - 00000000 ____D () C:\Users\****\AppData\Roaming\QuickScan
2014-07-28 16:13 - 2014-07-28 16:13 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-07-28 16:13 - 2014-07-28 16:13 - 00000000 ____D () C:\Program Files\Bitdefender
2014-07-28 16:13 - 2014-07-28 16:13 - 00000000 _____ () C:\Windows\system32\BDSandBoxUISkin32.dll
2014-07-28 16:06 - 2014-07-28 16:01 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-28 16:06 - 2014-07-28 16:01 - 00003874 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-28 16:02 - 2014-07-28 16:02 - 00001358 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
2014-07-28 16:02 - 2014-07-28 16:02 - 00001323 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hilfe.lnk
2014-07-28 16:02 - 2014-07-28 16:02 - 00001323 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Speed PC.lnk
2014-07-28 16:02 - 2014-07-28 16:02 - 00001308 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Speed PC on the Web.lnk
2014-07-28 16:02 - 2014-07-28 16:02 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-07-28 16:02 - 2014-07-28 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-28 16:02 - 2014-07-28 16:01 - 00000000 ____D () C:\Users\****\AppData\Local\Google
2014-07-28 16:02 - 2014-07-28 16:01 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-28 16:01 - 2014-07-28 16:01 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-07-28 16:01 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-28 16:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-28 16:00 - 2013-08-22 17:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2014-07-28 15:25 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-28 15:23 - 2014-07-28 15:23 - 00000000 __SHD () C:\Users\****\AppData\Local\EmieUserList
2014-07-28 15:23 - 2014-07-28 15:23 - 00000000 __SHD () C:\Users\****\AppData\Local\EmieSiteList
2014-07-28 15:23 - 2014-07-28 15:23 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-07-28 15:23 - 2014-07-28 15:23 - 00000000 ____D () C:\Program Files\Intel
2014-07-28 15:23 - 2014-07-28 15:23 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-07-28 15:23 - 2014-07-28 15:23 - 00000000 ____D () C:\Intel
2014-07-28 15:21 - 2014-07-28 15:21 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{88AEB5DF-1273-43CD-A505-A7A5A437D860}
2014-07-28 15:21 - 2014-07-28 15:21 - 00000000 ____D () C:\Users\****\AppData\Roaming\Macromedia
2014-07-28 15:19 - 2014-07-28 15:18 - 00000000 ____D () C:\Users\****\AppData\Local\Packages
2014-07-28 15:18 - 2014-07-28 15:18 - 00001454 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-28 15:18 - 2014-07-28 15:18 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-07-28 15:18 - 2014-07-28 15:18 - 00000000 ____D () C:\Users\****\AppData\Roaming\Adobe
2014-07-28 15:18 - 2014-07-28 15:18 - 00000000 ____D () C:\Users\****\AppData\Local\VirtualStore
2014-07-28 15:17 - 2014-07-28 15:17 - 00000020 ___SH () C:\Users\****\ntuser.ini
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\Vorlagen
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\Startmenü
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\Netzwerkumgebung
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\Lokale Einstellungen
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\Eigene Dateien
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\Druckumgebung
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\Documents\Eigene Musik
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\Documents\Eigene Bilder
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\AppData\Local\Verlauf
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\AppData\Local\Anwendungsdaten
2014-07-28 15:17 - 2014-07-28 15:17 - 00000000 _SHDL () C:\Users\****\Anwendungsdaten
2014-07-28 15:08 - 2014-07-28 15:08 - 00000000 ____D () C:\Windows\CSC
2014-07-28 15:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Programme
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-07-28 15:04 - 2014-07-28 15:04 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-07-28 15:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT
2014-07-28 15:04 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default
2014-07-28 15:03 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\Recovery
2014-06-30 13:37 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\ELAMBKUP
Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-28 15:01
==================== End Of Log ============================
--- --- --- Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by ***** at 2014-07-28 17:14:08
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Bitdefender Antivirus Plus 2015 (HKLM\...\Bitdefender) (Version: 18.11.0.872 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Easy Speed PC (HKLM-x32\...\Easy Speed PC) (Version: 7.0.2 - Probit Software LTD)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3244183677-1939876774-2963879272-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {035792A1-D4EF-4A78-BF9A-AA9628C281A3} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0BC32B2D-93F4-45F4-B338-9BC59A6EB744} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {1F2D7BAE-62D4-4467-A97F-CD9E86C0B564} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {52E53810-4A5F-43A4-AC44-59E7780F8DA2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E527372-76C8-4AA6-9B74-BEFEB6608D5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-28] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A9B946C6-71F6-4504-A414-449D3B0347DF} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCE3D606-9E17-4E65-B72D-0EF3F4603DE5} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {ECDA73F3-8CE0-4C26-BBD9-805CE4E67017} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-28] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-07-28 16:17 - 2014-06-06 15:11 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-07-28 16:17 - 2014-06-30 13:26 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-07-28 16:23 - 2014-07-28 16:23 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpbr.mdl
2014-07-28 16:23 - 2014-07-28 16:23 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpdsp.mdl
2014-07-28 16:23 - 2014-07-28 16:23 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpph.mdl
2014-07-28 16:23 - 2014-07-28 16:23 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttprbl.mdl
2014-07-28 16:02 - 2014-01-28 12:04 - 00112142 _____ () C:\Program Files (x86)\Easy Speed Check\libgcc_s_dw2-1.dll
2014-07-28 16:02 - 2014-01-28 12:04 - 01000974 _____ () C:\Program Files (x86)\Easy Speed Check\libstdc++-6.dll
2014-07-28 16:02 - 2014-01-28 12:04 - 00279955 _____ () C:\Program Files (x86)\Easy Speed Check\libidn-11.dll
2014-07-28 16:02 - 2013-08-26 02:02 - 00131598 _____ () C:\Program Files (x86)\Easy Speed Check\zlib1.dll
2014-07-28 16:02 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-28 16:02 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-28 16:02 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-28 16:02 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-28 16:02 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\*****\OneDrive:ms-properties
AlternateDataStreams: C:\Users\*****\Desktop\Defogger.exe:BDU
AlternateDataStreams: C:\Users\*****\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\*****\Desktop\Gmer-19357.exe:BDU
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/28/2014 04:34:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 36.0.1985.125, Zeitstempel: 0x53c4dbee
Name des fehlerhaften Moduls: chrome.dll, Version: 36.0.1985.125, Zeitstempel: 0x53c4d8ad
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00e9d833
ID des fehlerhaften Prozesses: 0xdf4
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5
Error: (07/28/2014 04:28:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCHATTENFELL)
Description: Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (07/28/2014 04:28:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCHATTENFELL)
Description: Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (07/28/2014 04:28:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCHATTENFELL)
Description: Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (07/28/2014 04:02:23 PM) (Source: MsiInstaller) (EventID: 11309) (User: SCHATTENFELL)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.
Error: (07/28/2014 03:18:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004E028
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8da2dfae-e4f5-4e6a-9272-96f8470e033e;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
System errors:
=============
Error: (07/28/2014 04:28:36 PM) (Source: DCOM) (EventID: 10010) (User: SCHATTENFELL)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (07/28/2014 03:01:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Netzwerklistendienst" wurde mit folgendem Fehler beendet:
%%21
Error: (07/28/2014 03:01:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet:
%%1058
Error: (07/28/2014 03:00:53 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Microsoft Office Sessions:
=========================
Error: (07/28/2014 04:34:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe36.0.1985.12553c4dbeechrome.dll36.0.1985.12553c4d8adc000000500e9d833df401cfaa710c2b5d44C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\chrome.dll4e300a92-1664-11e4-8251-f8a963236cd3
Error: (07/28/2014 04:28:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCHATTENFELL)
Description: DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default-2144927148
Error: (07/28/2014 04:28:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCHATTENFELL)
Description: DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default-2144927148
Error: (07/28/2014 04:28:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCHATTENFELL)
Description: DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default-2144927148
Error: (07/28/2014 04:02:23 PM) (Source: MsiInstaller) (EventID: 11309) (User: SCHATTENFELL)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/28/2014 03:18:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004E028RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8da2dfae-e4f5-4e6a-9272-96f8470e033e;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
==================== Memory info ===========================
Percentage of memory in use: 35%
Total physical RAM: 3993.77 MB
Available physical RAM: 2561.01 MB
Total Pagefile: 5401.77 MB
Available Pagefile: 3697.86 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:160.62 GB) (Free:145.69 GB) NTFS
Drive d: (Volume) (Fixed) (Total:304.63 GB) (Free:304.37 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: D9FA2484)
Partition: GPT Partition Type.
==================== End Of Log ============================
| GMER Logfile: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-28 17:30:07
Windows 6.3.9600 x64 \Device\Harddisk0\DR0 -> \Device\0000002a HGST_HTS545050A7E380 rev.GG2ZBD90 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\*****\AppData\Local\Temp\fgdyaaod.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\system32\ntoskrnl.exe!NtCallbackReturn + 960 fffff80155375d00 40 bytes [C0, 52, AC, FF, 02, AC, 4E, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[956] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 714 00007fffc3fa154a 4 bytes [FA, C3, FF, 7F]
.text C:\Windows\Explorer.EXE[956] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 722 00007fffc3fa1552 4 bytes [FA, C3, FF, 7F]
.text C:\Windows\Explorer.EXE[956] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 98 00007fffc3fa162a 4 bytes [FA, C3, FF, 7F]
.text C:\Windows\Explorer.EXE[956] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 122 00007fffc3fa1642 4 bytes [FA, C3, FF, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007fffc9a7ae40 6 bytes [48, B8, 30, 08, A0, 02]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00007fffc9a7ae48 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[1400] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 1 00007fffc96dd3f9 5 bytes [B8, 30, 08, B0, 02]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[1400] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 7 00007fffc96dd3ff 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[1400] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffc97f169a 4 bytes [7F, C9, FF, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[1400] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffc97f16a2 4 bytes [7F, C9, FF, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[1400] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffc97f181a 4 bytes [7F, C9, FF, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[1400] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffc97f1832 4 bytes [7F, C9, FF, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[1400] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 714 00007fffc3fa154a 4 bytes [FA, C3, FF, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[1400] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 722 00007fffc3fa1552 4 bytes [FA, C3, FF, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[1400] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 98 00007fffc3fa162a 4 bytes [FA, C3, FF, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[1400] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 122 00007fffc3fa1642 4 bytes [FA, C3, FF, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007fffc9a7ae40 6 bytes [48, B8, 30, 08, 9C, 02]
.text C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00007fffc9a7ae48 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe[1424] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 1 00007fffc96dd3f9 5 bytes [B8, 30, 08, F5, 02]
.text C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe[1424] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 7 00007fffc96dd3ff 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe[1424] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 714 00007fffc3fa154a 4 bytes [FA, C3, FF, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe[1424] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 722 00007fffc3fa1552 4 bytes [FA, C3, FF, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe[1424] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 98 00007fffc3fa162a 4 bytes [FA, C3, FF, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe[1424] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 122 00007fffc3fa1642 4 bytes [FA, C3, FF, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe[1424] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffc97f169a 4 bytes [7F, C9, FF, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe[1424] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffc97f16a2 4 bytes [7F, C9, FF, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe[1424] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffc97f181a 4 bytes [7F, C9, FF, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe[1424] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffc97f1832 4 bytes [7F, C9, FF, 7F]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [396:408] fffff96000982b90
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
--- --- --- |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
