Firefox wird nicht richtig dargestellt !
Hallo!!
Mein Firefox funktionitert nicht mehr richtig!!
Zum Beispiel sind die 3 Icons oben links ganz anders dargestellt wie bei anderen Programmen.
Außerdem geht die Google Suche nicht, sodass ich auf andere Seiten verlinkt werde.
Defogger: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:19 on 12/01/2015 (Beba)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015
Ran by Beba (administrator) on BEBA-PC on 12-01-2015 16:21:26
Running from C:\Users\Beba\Downloads
Loaded Profiles: Beba & Gast (Available profiles: Beba & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Users\Beba\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Dropbox, Inc.) C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Beba\Downloads\Defogger.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-22] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-10-22] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2898263896-181445029-135052198-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Beba\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2898263896-181445029-135052198-1000\...\Run: [GoogleChromeAutoLaunch_D3EED3F9C51F42E522E349101962AC6D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Beba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2898263896-181445029-135052198-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2898263896-181445029-135052198-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.search.yahoo.com/?type=523482&fr=spigot-yhp-ie
HKU\S-1-5-21-2898263896-181445029-135052198-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2898263896-181445029-135052198-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKU\S-1-5-21-2898263896-181445029-135052198-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {014E5DA1-9181-4C26-A525-51365F560AE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {014E5DA1-9181-4C26-A525-51365F560AE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {014E5DA1-9181-4C26-A525-51365F560AE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2898263896-181445029-135052198-1000 -> DefaultScope {F3748DD3-71BF-40E1-849F-301C96B5D78B} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2898263896-181445029-135052198-1000 -> {014E5DA1-9181-4C26-A525-51365F560AE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2898263896-181445029-135052198-1000 -> {04F8C74D-903E-47B6-95EE-7E547BD1582A} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2898263896-181445029-135052198-1000 -> {435DA03D-E58F-4C00-A435-366BE6C61702} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2898263896-181445029-135052198-1000 -> {79929177-464B-404E-898E-3550A2F3C97E} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2898263896-181445029-135052198-1000 -> {EF564D54-5DD7-4D64-B8BA-C3C3C38F9DBD} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2898263896-181445029-135052198-1000 -> {F3748DD3-71BF-40E1-849F-301C96B5D78B} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2898263896-181445029-135052198-501 -> DefaultScope {014E5DA1-9181-4C26-A525-51365F560AE5} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
Toolbar: HKU\S-1-5-21-2898263896-181445029-135052198-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Beba\AppData\Roaming\Mozilla\Firefox\Profiles\91c4a8kz.default
FF Homepage: https://de.search.yahoo.com/?type=937811&fr=spigot-yhp-ff
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.12.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.12.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF SearchPlugin: C:\Users\Beba\AppData\Roaming\Mozilla\Firefox\Profiles\91c4a8kz.default\searchplugins\yahoo_ff.xml
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-22]
FF HKLM-x32\...\Firefox\Extensions: [{7C9C2591-51ED-44FA-8D03-450B92643F95}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: No Name - C:\Users\Beba\AppData\Roaming\Mozilla\Firefox\Profiles\91c4a8kz.default\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [Not Found]
FF Extension: No Name - C:\Users\Beba\AppData\Roaming\Mozilla\Firefox\Profiles\91c4a8kz.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC} [Not Found]
FF Extension: No Name - C:\Users\Beba\AppData\Roaming\Mozilla\Firefox\Profiles\91c4a8kz.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7} [Not Found]
FF Extension: No Name - C:\Users\Beba\AppData\Roaming\Mozilla\Firefox\Profiles\91c4a8kz.default\extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4} [Not Found]
FF Extension: No Name - C:\Users\Beba\AppData\Roaming\Mozilla\Firefox\Profiles\91c4a8kz.default\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR Profile: C:\Users\Beba\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Beba\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-12]
CHR Extension: (Avira Browserschutz) - C:\Users\Beba\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-14]
CHR Extension: (Google Wallet) - C:\Users\Beba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-21]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-19] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-22] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-22] (IDT, Inc.)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-05] (Avira Operations GmbH & Co. KG)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-12 16:21 - 2015-01-12 16:22 - 00023487 _____ () C:\Users\Beba\Downloads\FRST.txt
2015-01-12 16:20 - 2015-01-12 16:20 - 02124288 _____ (Farbar) C:\Users\Beba\Downloads\FRST64.exe
2015-01-12 16:19 - 2015-01-12 16:19 - 00000470 _____ () C:\Users\Beba\Downloads\defogger_disable.log
2015-01-12 16:17 - 2015-01-12 16:17 - 00050477 _____ () C:\Users\Beba\Downloads\Defogger.exe
2015-01-12 16:16 - 2015-01-12 16:17 - 181892299 _____ () C:\Users\Beba\Desktop\Die Mitose.mp4
2015-01-09 22:16 - 2015-01-09 22:16 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2898263896-181445029-135052198-1000
2015-01-04 22:04 - 2015-01-04 22:04 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-04 00:37 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-04 00:37 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-04 00:20 - 2015-01-04 00:20 - 00376782 _____ () C:\Users\Beba\Downloads\FRITZ.Box 6360 Cable 85.06.20_04.01.15_0020.export
2015-01-04 00:19 - 2015-01-04 00:19 - 00376782 _____ () C:\Users\Beba\Downloads\FRITZ.Box 6360 Cable 85.06.20_04.01.15_0019.export
2015-01-04 00:19 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-04 00:19 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-04 00:19 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-04 00:19 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-04 00:19 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-04 00:19 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-04 00:19 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-04 00:19 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-04 00:19 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-04 00:19 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-19 12:55 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-19 12:55 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-19 12:55 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-19 12:55 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-19 12:55 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-19 12:55 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-19 12:55 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-19 12:55 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-19 12:55 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-19 12:55 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-19 12:55 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-19 12:55 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-19 12:55 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-19 12:55 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-19 12:55 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-19 12:55 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-19 12:55 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-19 12:55 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-19 12:55 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-19 12:55 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-19 12:55 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-19 12:55 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-19 12:55 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-19 12:55 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-19 12:55 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-19 12:55 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-19 12:55 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-19 12:55 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-19 12:55 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-19 12:55 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-19 12:55 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-19 12:55 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-19 12:55 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-19 12:55 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-19 12:55 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-19 12:55 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-19 12:55 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-19 12:55 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-19 12:55 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-19 12:55 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-19 12:55 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-19 12:55 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-19 12:55 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-19 12:55 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-19 12:55 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-19 12:55 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-19 12:55 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-19 12:55 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-19 12:55 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-19 12:55 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-19 12:55 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-19 12:55 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-19 12:55 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-19 12:55 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-19 12:55 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-19 12:55 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-19 12:55 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-19 12:55 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-19 12:55 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-19 12:55 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-19 12:55 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-19 12:55 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-19 12:55 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-19 12:55 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-19 12:55 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-19 12:55 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-19 12:55 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-19 12:54 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-19 12:54 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-19 12:54 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-19 12:54 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-19 12:54 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-19 12:54 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-19 12:54 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-19 12:54 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-19 12:54 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-19 12:54 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-19 12:54 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-19 12:54 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-19 12:42 - 2015-01-09 17:13 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2898263896-181445029-135052198-1000
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-12 16:21 - 2013-10-20 12:33 - 00000000 ____D () C:\FRST
2015-01-12 16:20 - 2014-11-29 11:36 - 00004984 _____ () C:\Windows\setupact.log
2015-01-12 16:16 - 2009-07-14 05:45 - 00025968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-12 16:16 - 2009-07-14 05:45 - 00025968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-12 16:12 - 2010-03-19 00:57 - 01918054 _____ () C:\Windows\WindowsUpdate.log
2015-01-12 16:04 - 2014-12-05 06:27 - 00000000 ____D () C:\Users\Beba\AppData\Roaming\FileAdvisor
2015-01-12 16:01 - 2011-12-29 19:28 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-09 22:17 - 2014-11-29 15:55 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2015-01-07 23:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-06 04:36 - 2011-12-30 18:46 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 22:13 - 2014-11-29 09:01 - 00000000 ____D () C:\Users\Beba\AppData\Local\AviraSpeedup
2015-01-04 22:13 - 2011-12-29 18:53 - 00100312 _____ () C:\Users\Beba\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-04 22:12 - 2014-11-25 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-01-04 22:11 - 2014-12-05 06:26 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2898263896-181445029-135052198-1000
2015-01-04 22:11 - 2014-11-25 07:57 - 00003320 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2015-01-04 22:11 - 2014-08-28 17:13 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2898263896-181445029-135052198-1000
2015-01-04 22:09 - 2013-02-09 22:16 - 00000000 ___RD () C:\Users\Beba\Dropbox
2015-01-04 22:09 - 2013-02-09 22:12 - 00000000 ____D () C:\Users\Beba\AppData\Roaming\Dropbox
2015-01-04 22:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-04 22:05 - 2014-11-29 11:55 - 00005006 _____ () C:\Windows\PFRO.log
2015-01-04 22:05 - 2014-05-19 17:14 - 00000000 ____D () C:\Program Files (x86)\epson
2015-01-04 22:04 - 2014-11-29 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
2015-01-04 22:04 - 2014-05-21 17:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-04 22:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-04 22:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-04 00:31 - 2009-11-13 16:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-04 00:29 - 2013-08-15 17:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-04 00:22 - 2012-02-18 14:50 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-04 00:16 - 2013-02-09 22:13 - 00000000 ____D () C:\Users\Beba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-19 13:11 - 2013-07-26 19:16 - 00023040 ___SH () C:\Users\Beba\Thumbs.db
2014-12-19 13:10 - 2014-11-29 14:04 - 00000000 ____D () C:\Users\Beba\Desktop\Umgewandelte Mukke
2014-12-19 12:43 - 2014-08-25 22:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-19 12:43 - 2013-08-13 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-19 12:43 - 2013-08-13 22:42 - 00000000 ____D () C:\Program Files (x86)\Avira
Some content of TEMP:
====================
C:\Users\Beba\AppData\Local\Temp\avgnt.exe
C:\Users\Beba\AppData\Local\Temp\AviraSetup375619.exe
C:\Users\Beba\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv16dl8.dll
C:\Users\Beba\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Beba\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Beba\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Beba\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Beba\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Beba\AppData\Local\Temp\System.Data.SQLite54d7d57b-9dfb-4d85-87f0-6a3071aec04f.dll
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-07 23:14
==================== End Of Log ============================
FRST Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015
Ran by Beba at 2015-01-12 16:22:53
Running from C:\Users\Beba\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
AMD USB Filter Driver (HKLM-x32\...\{5271C0D4-24E4-4C3D-A782-C012033FD3CF}) (Version: 1.0.10.84 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira System Speedup 1.5 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.5 - 2000 - 2014 Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2009.0804.2223.38385 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2111 - CyberLink Corp.)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2898263896-181445029-135052198-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
File Type Advisor 1.6 (HKLM-x32\...\File Type Advisor_is1) (Version: - )
Free M4a to MP3 Converter 8.3 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
HP 3D DriveGuard (HKLM\...\{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3402 - Hewlett-Packard)
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.1.2125 - Hewlett-Packard)
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.1.2206 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.2207 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) SE Development Kit 6 Update 15 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160150}) (Version: 1.6.0.150 - Sun Microsystems, Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2111 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2111 - CyberLink Corp.) Hidden
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3311 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3311 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3311 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3311 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.12 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.12 - RealNetworks)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.2202 - CyberLink Corp.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2898263896-181445029-135052198-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2898263896-181445029-135052198-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beba\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2898263896-181445029-135052198-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beba\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2898263896-181445029-135052198-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beba\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2898263896-181445029-135052198-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beba\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2898263896-181445029-135052198-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beba\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2898263896-181445029-135052198-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beba\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2898263896-181445029-135052198-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beba\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2898263896-181445029-135052198-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beba\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
29-11-2014 11:45:22 Konfiguriert MediaSmart DVD
29-11-2014 12:17:36 Konfiguriert MediaSmart DVD
05-12-2014 06:36:37 Windows Update
19-12-2014 12:48:57 Windows Update
04-01-2015 00:15:57 Windows Update
04-01-2015 22:02:46 Windows Update
04-01-2015 22:11:54 Avira System Speedup 1.5
09-01-2015 22:27:54 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {069A02DA-D441-4E53-B3E8-56B239E7718A} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {19FB9FEA-0BC6-49AC-BBF4-E265B4F4A859} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2898263896-181445029-135052198-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {1ABFB929-3F90-483C-BEA6-348D13BB17BF} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2898263896-181445029-135052198-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-24] (RealNetworks, Inc.)
Task: {1B092E9F-4445-47D6-910E-1A68BF5D97C2} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2014-02-24] (File Type Advisor)
Task: {2545F82D-F092-44B8-A10B-957F2F68E210} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2898263896-181445029-135052198-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {2D75011E-5883-473A-A755-AA9B8D2D212F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2898263896-181445029-135052198-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {30E717DE-7D3F-4BBA-A62B-88CE8F1A00AB} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {388197EE-DB7F-4408-9EE0-36AD491D2C0B} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {49713B71-6897-480E-8300-153645C01D58} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-10-06] (CL)
Task: {584D529B-ED72-44DB-B97E-25600FFA1420} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()
Task: {61BC5D4F-7461-4D45-9627-EFC6C501F5FD} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-10-06] (CL)
Task: {63A0F884-7617-4270-B03A-128757717598} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {6B3EE1CB-4F9B-4040-B71D-1E633DE72E09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {94CF87C1-9A9F-47B7-B745-2F01C939EE95} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2898263896-181445029-135052198-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {AC8788DF-CE15-4EA1-AEE3-DD859B60F2C1} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-10-06] (CyberLink Corp.)
Task: {C5C444F2-6184-4266-A016-288CC9EA8204} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2898263896-181445029-135052198-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {CDE7E074-5F5F-4275-B066-A10F8A4B8EFA} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2898263896-181445029-135052198-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {D6BC9CAE-767A-48F5-B0AD-4E72C01DF9B2} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-10-06] (CL)
Task: {D6F513CA-8DE7-4303-A657-3ADE55D9CA62} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DB9EF4BA-9968-4349-AB9D-707320E64E02} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2014-12-11] (Avira Operations GmbH & Co. KG)
Task: {DF055E9D-24C5-4A35-9C30-08FC1507D17E} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2014-02-24] ( )
Task: {FEDAC00A-EBA3-4943-931C-889BFADC10A3} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-07-24 11:47 - 2014-07-24 11:47 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-24 14:06 - 2014-07-24 14:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2009-11-13 17:47 - 2009-07-06 20:20 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-01-29 15:17 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2013-05-22 19:50 - 2013-05-22 19:50 - 00400704 _____ () C:\Users\Beba\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2013-08-29 01:23 - 2013-08-29 01:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2009-10-02 15:46 - 2009-10-02 15:46 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-03-19 00:55 - 2010-03-19 00:55 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2015-01-12 16:17 - 2015-01-12 16:17 - 00050477 _____ () C:\Users\Beba\Downloads\Defogger.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-22 20:26 - 2014-10-22 20:26 - 00861784 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2013-08-29 01:25 - 2013-08-29 01:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Beba\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-04 22:08 - 2015-01-04 22:08 - 00043008 _____ () c:\users\beba\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv16dl8.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Beba\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Beba\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Beba\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-19 13:03 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-19 13:03 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-19 13:03 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-19 13:03 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-19 13:03 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Beba\Desktop\Everythings Right.wav:com.dropbox.attributes
AlternateDataStreams: C:\Users\Beba\Desktop\Hope.wav:com.dropbox.attributes
AlternateDataStreams: C:\Users\Beba\Desktop\Optimus Prime.wav:com.dropbox.attributes
AlternateDataStreams: C:\Users\Beba\Desktop\You never know.wav:com.dropbox.attributes
AlternateDataStreams: C:\Users\Gast\Desktop\Absorbtion des Chlorophylls.jpg:�3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Gast\Desktop\Absorbtion des Chlorophylls.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Gast\Desktop\Absorbtionsspektrum.jpg:�3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Gast\Desktop\Absorbtionsspektrum.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Gast\Desktop\biene überträgt pollen.jpg:�3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Gast\Desktop\biene überträgt pollen.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Gast\Desktop\biene.jpg:�3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Gast\Desktop\biene.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Gast\Desktop\bio.jpeg:�3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Gast\Desktop\bio.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Gast\Desktop\blüte mit pollen.jpg:�3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Gast\Desktop\blüte mit pollen.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Gast\Desktop\fruchtbildung.jpeg:�3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Gast\Desktop\fruchtbildung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Gast\Desktop\kirsche entwickelt sich.jpg:�3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Gast\Desktop\kirsche entwickelt sich.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Gast\Desktop\kirsche.jpeg:�3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Gast\Desktop\kirsche.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Gast\Desktop\kirscheblüte p.jpg:�3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Gast\Desktop\kirscheblüte p.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Gast\Desktop\kirscheblüte 1.jpg:�3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Gast\Desktop\kirscheblüte 1.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Gast\Desktop\stempel.jpg:�3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Gast\Desktop\stempel.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Gast\Desktop\verblüte blüte.jpg:�3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Gast\Desktop\verblüte blüte.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Gast\Desktop\voll entwickelte kirschfrucht ohne Beschriftung.jpg:�3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Gast\Desktop\voll entwickelte kirschfrucht ohne Beschriftung.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Gast\Desktop\voll entwickelte kirschfrucht.jpg:�3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Gast\Desktop\voll entwickelte kirschfrucht.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Gast\Desktop\Wirkungsspektrum.jpg:�3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Gast\Desktop\Wirkungsspektrum.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-2898263896-181445029-135052198-500 - Administrator - Disabled)
Beba (S-1-5-21-2898263896-181445029-135052198-1000 - Administrator - Enabled) => C:\Users\Beba
Gast (S-1-5-21-2898263896-181445029-135052198-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2898263896-181445029-135052198-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/10/2015 05:18:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12667
Error: (01/10/2015 05:18:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12667
Error: (01/10/2015 05:18:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/10/2015 05:18:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11528
Error: (01/10/2015 05:18:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11528
Error: (01/10/2015 05:18:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/10/2015 05:18:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10483
Error: (01/10/2015 05:18:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10483
Error: (01/10/2015 05:18:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/10/2015 05:18:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9454
System errors:
=============
Error: (01/09/2015 10:16:34 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.36
registriert werden. Der Computer mit IP-Adresse 192.168.178.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (01/08/2015 09:39:46 PM) (Source: atikmdag) (EventID: 19461) (User: )
Description: CPLIB :: Command – Failed to set protection
Error: (01/04/2015 10:11:44 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (01/04/2015 10:06:03 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (01/04/2015 00:33:47 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (11/29/2014 00:59:33 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (11/29/2014 00:57:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {16D99191-6280-4B33-A2F5-04805A0FC582}
Error: (11/29/2014 00:46:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {2692A9D5-61DF-46D5-A5A1-A6CCA921D578}
Error: (11/29/2014 00:02:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (11/29/2014 11:56:17 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: AMD Turion(tm) II Dual-Core Mobile M520
Percentage of memory in use: 45%
Total physical RAM: 4092.2 MB
Available physical RAM: 2244.52 MB
Total Pagefile: 8182.58 MB
Available Pagefile: 5160.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
GMER: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-12 16:43:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK5056GSY rev.LH003C 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Beba\AppData\Local\Temp\kxldqpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002dbe000 27 bytes [BA, F4, FF, 48, 8B, C1, 48, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 556 fffff80002dbe01c 18 bytes {OR AL, 0x48; MOV EDX, EAX; MOV RCX, RSI; CALL 0x8354}
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\kernel32.dll!FindResourceW 0000000076bf5939 5 bytes JMP 0000000100440980
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\kernel32.dll!FindResourceA 0000000076c0e98b 5 bytes JMP 0000000100440930
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\user32.DLL!LoadStringW 0000000074d28eb9 5 bytes JMP 0000000100440fd0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\user32.DLL!LoadStringA 0000000074d2db21 5 bytes JMP 0000000100441110
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\user32.DLL!LoadMenuW 0000000074d34391 5 bytes JMP 0000000100440b40
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\user32.DLL!LoadMenuA 0000000074d44eef 5 bytes JMP 0000000100440ad0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\user32.DLL!CreateDialogParamA 0000000074d45246 5 bytes JMP 00000001004409d0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\user32.DLL!CreateDialogParamW 0000000074d510dc 5 bytes JMP 0000000100440a50
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[6040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075841465 2 bytes [84, 75]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[6040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758414bb 2 bytes [84, 75]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\Users\Beba\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 000000005e4f0000
Library C:\Users\Beba\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000005e1f0000
Library C:\Users\Beba\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956](2014-10-22 00:22:50) 000000006bc30000
Library C:\Users\Beba\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000005de00000
Library C:\Users\Beba\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956] (ICU I18N DLL/The ICU Project)(2014-10-22 00:22:50) 000000004a900000
Library C:\Users\Beba\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956] (ICU Common DLL/The ICU Project)(2014-10-22 00:22:50) 0000000004140000
Library C:\Users\Beba\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956] (ICU Data DLL/The ICU Project)(2014-10-22 00:22:50) 000000004ad00000
Library c:\users\beba\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv16dl8.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956](2015-01-04 21:08:20) 0000000003a00000
Library C:\Users\Beba\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 00000000657e0000
Library C:\Users\Beba\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 000000005c100000
Library C:\Users\Beba\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 00000000628c0000
Library C:\Users\Beba\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 000000005b9d0000
Library C:\Users\Beba\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 000000006c060000
Library C:\Users\Beba\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956](2014-10-22 00:22:50) 000000006c050000
Library C:\Users\Beba\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 000000006b6c0000
Library C:\Users\Beba\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000006b680000
Library C:\Users\Beba\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000006b340000
Library C:\Users\Beba\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956](2014-10-22 00:22:48) 0000000061a80000
Library C:\Users\Beba\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Beba\AppData\Roaming\Dropbox\bin\Dropbox.exe [3956](2014-10-22 00:22:46) 0000000061800000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
