![]() |
|
Log-Analyse und Auswertung: Keylogger? Passwort ausgespäht!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Keylogger? Passwort ausgespäht! Guten Abend! jemand hat sich mit meinem Passwort bei meinem Webhoster eingeloggt und Mist gebaut. Der Hoster-Support tippt auf einen Keylogger auf meinem Rechner - ich halte das für eher unwahrscheinlich - aber dass jemand mein Passwort errät oder (über die Schulter) ausspäht, kann ich ausschließen. Hat mein Rechner also doch was? Wäre für einen Check dankbar! Es läuft: Windows 8, Kaspersky Internet Security und (hin und wieder mal) Spybot S&D Sonstige Symptome: Keine, außer, dass der Rechner zunehmend langsam ist.... Frst.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated) Ran by ***** (administrator) on VAIO on 09-04-2014 19:11:37 Running from C:\Users\*****\Desktop Windows 8 Pro with Media Center (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHVE.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe () C:\Program Files (x86)\Opera\20.0.1387.91\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [TuneClone] - C:\Program Files\TuneClone\TuneClone.exe [4550656 2012-02-24] (TuneClone.COM) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.) HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.) HKLM-x32\...\Run: [MMReminderService] - C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe [38280 2012-07-17] (Mindjet) HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-04-21] (RealNetworks, Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\Run: [F.lux] - "C:\Users\*****\Local Settings\Apps\F.lux\flux.exe" /noshow HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\Run: [PC Suite Tray] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\Run: [EPLTarget\P0000000000000000] - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.) HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\MountPoints2: {3f4965ee-e733-11e2-be8c-0024bebc453e} - "F:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\MountPoints2: {922798df-699d-11e2-be6d-506313e0d7de} - "F:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\MountPoints2: {b09f5f90-dcd6-11e2-be87-506313e0d7de} - "F:\EasySuite .exe" bootup HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\MountPoints2: {d623b469-70a2-11e2-be6d-506313e0d7de} - "F:\EasySuite .exe" bootup HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\MountPoints2: {e7380093-64c9-11e2-be6d-506313e0d7de} - "G:\WD SmartWare.exe" autoplay=true Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\WINDOWS\system32\SSCbFsMntNtf3.dll (EldoS Corporation) SSODL: EldosMountNotificator-cbfs4 - {9F0AB6D8-E919-4EE5-866B-5B9A3449D285} - C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\WINDOWS\SysWow64\SSCbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator-cbfs4 - {9F0AB6D8-E919-4EE5-866B-5B9A3449D285} - C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7D7913AA4CF7CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Alive Text to Speech - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\Program Files (x86)\AliveMedia\Text to Speech\IEToolbar.dll () Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Chrome: ======= CHR HomePage: chrome://newtab CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-20] CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-20] CHR Extension: (Kaspersky Protection) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-25] CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-20] CHR Extension: (Auf den Amazon-Wunschzettel) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-01-25] CHR Extension: (Google-Suche) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-20] CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-02-18] CHR Extension: (Print Using Google Cloud Print™) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffaifmgpcdjedlffbhenaloimajbdkfg [2013-01-24] CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-02-18] CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-02-18] CHR Extension: (RealDownloader) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-21] CHR Extension: (Virtual Keyboard) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-02-18] CHR Extension: (Gestures for Google Chrome™) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2013-01-23] CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-01-23] CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24] CHR Extension: (Evernote Web Clipper) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-01-21] CHR Extension: (Google Mail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-20] CHR Extension: (Anti-Banner) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-02-18] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2013-02-18] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17] ==================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2246184 2011-12-15] (Broadcom Corporation.) R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-03-19] (Stardock Software, Inc) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.) ==================== Drivers (Whitelisted) ==================== R1 cbfs4; C:\WINDOWS\system32\drivers\cbfs4.sys [385216 2013-04-24] (EldoS Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-10] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-03-10] (Kaspersky Lab) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-24] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-03-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-24] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-03-10] (Kaspersky Lab ZAO) S3 RRNetCap; C:\Windows\system32\DRIVERS\rrnetcap.sys [37480 2013-02-05] (RapidSolution Software AG) R3 RRNetCapMP; C:\Windows\system32\DRIVERS\rrnetcap.sys [37480 2013-02-05] (RapidSolution Software AG) R3 SSCBFS3; C:\Windows\System32\drivers\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation) R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2012-02-24] (TuneClone Software) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit? R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [295792 2012-10-02] (Marvell) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-09 19:00 - 2014-04-09 19:11 - 00022585 _____ () C:\Users\*****\Desktop\FRST.txt 2014-04-09 19:00 - 2014-04-09 19:00 - 02157056 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe 2014-04-09 19:00 - 2014-04-09 19:00 - 00380416 _____ () C:\Users\*****\Desktop\3fk5ydh8.exe 2014-04-09 18:58 - 2014-04-09 18:58 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log 2014-04-09 18:57 - 2014-04-09 18:57 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe 2014-04-08 20:26 - 2014-04-09 19:11 - 00000000 ____D () C:\FRST 2014-04-08 20:24 - 2014-04-08 20:24 - 00000000 _____ () C:\Users\*****\defogger_reenable 2014-04-08 19:50 - 2014-04-09 18:39 - 00003334 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2936259450-3521671367-2592787203-1001 2014-04-08 19:50 - 2014-04-09 18:39 - 00003202 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2936259450-3521671367-2592787203-1001 2014-04-08 17:01 - 2014-04-08 19:53 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-04-08 17:01 - 2014-04-08 17:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-08 17:01 - 2014-04-08 17:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-08 17:01 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-04-08 17:01 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-04-08 17:01 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-03-22 23:12 - 2014-03-22 23:13 - 05752608 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-22 21:25 - 2014-03-22 23:10 - 01572864 _____ () C:\WINDOWS\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯慤 2014-03-18 22:43 - 2014-03-18 22:43 - 00003605 _____ () C:\Users\*****\.ganttproject 2014-03-18 22:43 - 2014-03-18 22:43 - 00000225 _____ () C:\Users\*****\java0.log 2014-03-18 22:09 - 2014-03-18 22:43 - 00001619 _____ () C:\Users\*****\ganttproject.log 2014-03-18 22:09 - 2014-03-18 22:09 - 00000000 ____D () C:\Program Files (x86)\GanttProject-2.6 2014-03-12 23:50 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2014-03-12 23:50 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2014-03-12 23:49 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-03-12 23:49 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-03-12 23:49 - 2014-02-23 10:13 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2014-03-12 23:49 - 2014-02-23 10:13 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2014-03-12 23:49 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-03-12 23:49 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-03-12 23:49 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-03-12 23:49 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-03-12 23:49 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-03-12 23:49 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-03-12 23:49 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-03-12 23:49 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-03-12 23:49 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2014-03-12 23:49 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-03-12 23:49 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-03-12 23:49 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-03-12 23:49 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-03-12 23:49 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-03-12 23:49 - 2014-02-23 08:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2014-03-12 23:49 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-03-12 23:49 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-03-12 23:49 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-03-12 23:49 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-03-12 23:49 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-03-12 23:49 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-03-12 23:49 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-03-12 23:49 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2014-03-12 23:49 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-03-12 23:49 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-03-12 23:49 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-03-12 23:49 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-03-12 23:49 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-03-12 23:49 - 2014-02-23 06:06 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2014-03-12 23:49 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-03-12 23:49 - 2013-12-07 08:36 - 19751936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-03-12 23:49 - 2013-12-07 07:15 - 17560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-03-12 23:48 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2014-03-12 23:48 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2014-03-12 23:48 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-03-12 23:48 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-03-10 13:31 - 2014-03-10 13:31 - 00001329 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk ==================== One Month Modified Files and Folders ======= 2014-04-09 19:11 - 2014-04-09 19:00 - 00022585 _____ () C:\Users\*****\Desktop\FRST.txt 2014-04-09 19:11 - 2014-04-08 20:26 - 00000000 ____D () C:\FRST 2014-04-09 19:08 - 2013-01-20 23:20 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-09 19:00 - 2014-04-09 19:00 - 02157056 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe 2014-04-09 19:00 - 2014-04-09 19:00 - 00380416 _____ () C:\Users\*****\Desktop\3fk5ydh8.exe 2014-04-09 19:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-04-09 18:58 - 2014-04-09 18:58 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log 2014-04-09 18:58 - 2013-02-18 21:38 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-04-09 18:57 - 2014-04-09 18:57 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe 2014-04-09 18:45 - 2012-07-26 12:27 - 00753134 _____ () C:\WINDOWS\system32\perfh007.dat 2014-04-09 18:45 - 2012-07-26 12:27 - 00155826 _____ () C:\WINDOWS\system32\perfc007.dat 2014-04-09 18:45 - 2012-07-26 09:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-04-09 18:39 - 2014-04-08 19:50 - 00003334 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2936259450-3521671367-2592787203-1001 2014-04-09 18:39 - 2014-04-08 19:50 - 00003202 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2936259450-3521671367-2592787203-1001 2014-04-09 18:39 - 2013-01-20 23:20 - 00001116 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-09 18:38 - 2013-04-09 18:26 - 00021946 _____ () C:\WINDOWS\PFRO.log 2014-04-09 18:38 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-04-09 18:37 - 2012-07-26 07:26 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI 2014-04-09 18:21 - 2013-01-22 02:34 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-04-09 18:18 - 2013-01-23 01:07 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-04-09 18:09 - 2013-01-20 22:25 - 00000000 ____D () C:\Users\***** 2014-04-09 17:52 - 2013-01-22 16:36 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-04-09 15:04 - 2013-01-22 15:54 - 16459776 ___SH () C:\Users\*****\Desktop\Thumbs.db 2014-04-09 14:35 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp 2014-04-08 20:24 - 2014-04-08 20:24 - 00000000 _____ () C:\Users\*****\defogger_reenable 2014-04-08 19:53 - 2014-04-08 17:01 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-04-08 17:08 - 2013-05-30 14:46 - 00000000 ____D () C:\WINDOWS\Minidump 2014-04-08 17:08 - 2013-05-30 14:45 - 556752336 _____ () C:\WINDOWS\MEMORY.DMP 2014-04-08 17:01 - 2014-04-08 17:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-08 17:01 - 2014-04-08 17:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-08 16:57 - 2013-01-22 15:50 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype 2014-04-08 12:04 - 2013-02-08 00:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\FileZilla 2014-04-04 09:31 - 2013-01-20 23:25 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-03 12:10 - 2013-09-06 23:36 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc 2014-04-03 09:51 - 2014-04-08 17:01 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-08 17:01 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-08 17:01 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-03-31 18:55 - 2013-01-20 22:26 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Adobe 2014-03-29 22:03 - 2013-01-20 23:20 - 00004092 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-29 22:03 - 2013-01-20 23:20 - 00003856 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-28 17:02 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache 2014-03-26 12:14 - 2013-01-20 22:32 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2936259450-3521671367-2592787203-1001 2014-03-26 01:06 - 2013-09-25 00:41 - 00000132 _____ () C:\Users\*****\AppData\Roaming\Adobe PNG Format CS5 Prefs 2014-03-24 09:54 - 2013-10-17 16:47 - 00625760 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys 2014-03-24 09:54 - 2013-06-08 21:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys 2014-03-24 09:54 - 2013-05-07 18:56 - 00065120 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys 2014-03-22 23:13 - 2014-03-22 23:12 - 05752608 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-22 23:12 - 2013-03-29 22:23 - 02004890 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-22 23:10 - 2014-03-22 21:25 - 01572864 _____ () C:\WINDOWS\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯慤 2014-03-19 19:55 - 2013-07-15 22:56 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-03-19 19:52 - 2013-01-22 01:32 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-03-19 19:52 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-03-18 22:43 - 2014-03-18 22:43 - 00003605 _____ () C:\Users\*****\.ganttproject 2014-03-18 22:43 - 2014-03-18 22:43 - 00000225 _____ () C:\Users\*****\java0.log 2014-03-18 22:43 - 2014-03-18 22:09 - 00001619 _____ () C:\Users\*****\ganttproject.log 2014-03-18 22:09 - 2014-03-18 22:09 - 00000000 ____D () C:\Program Files (x86)\GanttProject-2.6 2014-03-18 21:45 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2014-03-17 11:31 - 2013-01-20 22:26 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-17 11:31 - 2013-01-20 22:26 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-17 11:29 - 2013-03-13 18:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-17 11:29 - 2013-03-13 18:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-17 11:27 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-17 11:27 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-17 11:27 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-03-17 11:26 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-03-17 11:26 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-03-13 02:28 - 2013-01-21 01:48 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-11 20:23 - 2013-01-22 02:34 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-03-10 13:38 - 2013-10-17 16:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys 2014-03-10 13:38 - 2013-10-17 16:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klkbdflt.sys 2014-03-10 13:38 - 2013-06-06 18:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys 2014-03-10 13:38 - 2012-07-27 19:38 - 00029792 _____ (Kaspersky Lab) C:\WINDOWS\system32\Drivers\klelam.sys 2014-03-10 13:31 - 2014-03-10 13:31 - 00001329 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk 2014-03-10 11:27 - 2013-02-18 21:38 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-03-10 00:33 - 2013-08-03 23:49 - 00000000 ____D () C:\My Kindle Content ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-07 12:42 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by ***** at 2014-04-09 19:12:21 Running from C:\Users\*****\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== 7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov) AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems) Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 5 Design Standard (HKLM-x32\...\{49DC7D87-B9F9-4782-9386-B7F13BC75E48}) (Version: 5.0 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.) Aiseesoft Total Video Converter 6.2.66 (HKLM-x32\...\{E09CEBAA-4435-4404-8D82-4C029F6391E4}_is1) (Version: 6.2.66 - Aiseesoft Studio) Alive Text to Speech v6.1.0.2 (HKLM-x32\...\Alive Text to Speech_is1) (Version: - AliveMedia, Inc.) Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ashampoo Burning Studio 2013 v.11.0.5 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.5 - Ashampoo GmbH & Co. KG) Ashampoo Photo Commander 9 v.9.4.3 (HKLM-x32\...\Ashampoo Photo Commander 9_is1) (Version: 9.4.3 - Ashampoo GmbH & Co. KG) Audials (HKLM-x32\...\{30819B2C-C281-4D17-B4D4-ADC7D42BDB19}) (Version: 10.1.6207.700 - Audials AG) Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.) Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber) Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG) Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BoxCryptor 1.5 (HKLM-x32\...\BoxCryptor) (Version: 1.5.413.155 - Secomba GmbH) calibre 64bit (HKLM\...\{96AC0686-B9D4-4D85-A1ED-E1AA8550C15A}) (Version: 1.9.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft) Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.) EBookToMP3 (HKLM-x32\...\EBookToMP3_is1) (Version: Aktuelle Version - IN MEDIA KG) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen) EPSON BX635FWD Series Printer Uninstall (HKLM\...\EPSON BX635FWD Series) (Version: - SEIKO EPSON Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Evernote v. 5.2.1 (HKLM-x32\...\{5E6D0ABA-ABDE-11E3-9AED-00163E98E7D6}) (Version: 5.2.1.3108 - Evernote Corp.) F.lux (HKCU\...\Flux) (Version: - ) FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse) Fotobuchexpress24 Bestellsoftware (HKLM-x32\...\Fotobuchexpress24) (Version: 3.1.26 - SSW Software GmbH) Fotobuchexpress24 Bestellsoftware (x32 Version: 3.1.26 - SSW Software GmbH) Hidden GanttProject (HKLM-x32\...\GanttProject) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google SketchUp 8 (HKLM-x32\...\{4BA6784F-3B10-473A-B9F5-33A36AC354D5}) (Version: 3.0.14358 - Google, Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - ) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan) iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle) Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) maxdome - Online Videothek (HKLM\...\maxdome - Online Videothek) (Version: 1.0 - maxdome GmbH und Co. KG) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Mindjet MindManager 2012 (HKLM-x32\...\{2DD3FE18-F257-484C-8543-3793F14D999F}) (Version: 10.2.404 - Mindjet) MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden NaturalReaderFree (HKLM-x32\...\{C5E7BF75-007E-44AD-8962-627ED44CB63B}) (Version: 11.9 - NaturalSoft) Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia) Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia) Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA) PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Rossmann Fotowelt Software 4.12.1 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.12.1 - ORWO Net) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.) Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.31 - Stardock Software, Inc.) Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH) SteuerSparErklärung Selbstständige 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.07.73 - Akademische Arbeitsgemeinschaft) Storybook4 (HKLM-x32\...\Storybook4) (Version: 4.0.9 - Intertec) SugarSync (HKLM-x32\...\SugarSync) (Version: 2.0.44.122879 - SugarSync, Inc.) SUPER © v2012.build.54 (Nov 18, 2012) Version v2012.build.54 (HKLM-x32\...\{8F311E92-C29F-4DF9-8259-B739A1831669}_is1) (Version: v2012.build.54 - eRightSoft) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Timeline 0.10.2 (HKLM-x32\...\Timeline_is1) (Version: - Rickard Lindberg <ricli85@gmail.com>) TogglDesktop (HKLM-x32\...\{901ACF4B-7DDB-4DE2-A9D7-6C1DA40671EE}) (Version: 4.94.0 - Toggl) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) TTS (HKLM-x32\...\{62AAFC0A-00B8-4663-98D8-96AE9F3BA058}) (Version: 1.0.0.0 - ZoomCommerce Co., Ltd.) TuneClone 2.20 (HKLM\...\TuneClone_is1) (Version: - TuneClone.com) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.) Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia) Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Your Software Deals (HKLM-x32\...\Your Software Deals_is1) (Version: - Ashampoo GmbH & Co. KG) yWriter5 (HKLM-x32\...\yWriter5_is1) (Version: - Spacejock Software) ZDFmediathek Version 2.1.6 (HKLM\...\ZDFmediathek_is1) (Version: - ZDF) ==================== Restore Points ========================= 24-03-2014 13:51:34 Installed Evernote v. 5.2.1 04-04-2014 08:40:21 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {03AEA02F-F327-44C2-A3EB-128992CAAFB9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {4ADBFEAF-85BD-4B88-8CA4-873019AF1CCB} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2936259450-3521671367-2592787203-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {7538BC4C-FF28-41D0-A5BF-6CFA719CC6DB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {82CD85AB-C8AB-4ABF-AF3B-0CDFA85559C3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated) Task: {85577CCA-1E43-4AD8-950D-A21AC130F708} - System32\Tasks\AdobeAAMUpdater-1.0-Vaio-***** => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated) Task: {9BBED98F-08AA-4588-8654-CE0A17ACD722} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-20] (Google Inc.) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {A861DDF7-467F-4BBB-AE04-A0F2894E2CCE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {B610BAEE-4DA5-4707-92D3-1B3265C4F67D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {BDFBD245-FDA4-4EA7-B220-337318DC16E8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2936259450-3521671367-2592787203-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {D2A91522-43A0-4C58-8827-6F2CA2D90D3B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-20] (Google Inc.) Task: {DDC83C61-9FA3-4013-92ED-07F5A9FEC666} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe 2013-03-06 02:21 - 2013-03-06 02:21 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2013-10-11 07:31 - 2014-01-23 01:11 - 00301920 _____ () C:\Program Files (x86)\SugarSync\x64\SugarSyncVFSNamespace64.dll 2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2013-03-13 16:41 - 2012-12-11 14:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll 2013-06-01 11:16 - 2013-06-01 11:17 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2014-04-04 09:31 - 2014-04-02 13:19 - 01380704 _____ () C:\Program Files (x86)\Opera\20.0.1387.91\opera_crashreporter.exe 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll 2013-01-22 16:36 - 2012-11-13 15:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-01-22 16:36 - 2012-11-13 15:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-01-22 16:36 - 2012-11-13 15:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2013-01-22 16:36 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2013-01-22 16:36 - 2012-11-13 15:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl 2013-01-22 16:36 - 2012-11-13 15:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2014-03-17 12:05 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-02-11 21:29 - 2014-02-11 21:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2014-03-17 12:05 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll 2014-03-17 12:05 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll 2014-03-17 12:05 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-17 12:05 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-17 12:05 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll 2014-04-04 09:31 - 2014-04-02 13:19 - 00908640 _____ () C:\Program Files (x86)\Opera\20.0.1387.91\libglesv2.dll 2014-04-04 09:31 - 2014-04-02 13:19 - 00108896 _____ () C:\Program Files (x86)\Opera\20.0.1387.91\libegl.dll 2014-04-04 09:31 - 2014-04-02 13:19 - 00895328 _____ () C:\Program Files (x86)\Opera\20.0.1387.91\ffmpegsumo.dll 2014-03-14 17:56 - 2014-03-14 17:56 - 21115392 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll 2014-03-14 17:50 - 2014-03-14 17:50 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll 2014-03-14 17:50 - 2014-03-14 17:50 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2014-03-14 17:56 - 2014-03-14 17:56 - 00983054 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll 2014-03-14 17:56 - 2014-03-14 17:56 - 00133134 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll 2014-03-14 17:56 - 2014-03-14 17:56 - 00189454 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: WD SES Device USB Device Description: WD SES Device USB Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: High Definition Audio-Gerät Description: High Definition Audio-Gerät Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HdAudAddService Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: FOXCONN-T77H114-BCM2070 Description: FOXCONN-T77H114-BCM2070 Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Broadcom Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (04/09/2014 05:11:30 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5484 Error: (04/09/2014 05:11:30 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5484 Error: (04/09/2014 05:11:30 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/09/2014 05:11:28 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4109 Error: (04/09/2014 05:11:28 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4109 Error: (04/09/2014 05:11:28 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/09/2014 05:11:27 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1343 Error: (04/09/2014 05:11:27 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1343 Error: (04/09/2014 05:11:27 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 08:37:19 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 19859 System errors: ============= Error: (04/08/2014 05:11:47 PM) (Source: DCOM) (User: Vaio) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (04/08/2014 05:11:47 PM) (Source: DCOM) (User: Vaio) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (04/08/2014 05:11:47 PM) (Source: DCOM) (User: Vaio) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (04/08/2014 05:11:47 PM) (Source: DCOM) (User: Vaio) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (04/08/2014 05:09:28 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0x8000002a64\??\C:\Users\*****\AppData\Local\Microsoft\Windows\UsrClass.dat Error: (04/08/2014 05:08:39 PM) (Source: BugCheck) (User: ) Description: 0x0000000a (0x0000000000000203, 0x0000000000000002, 0x0000000000000000, 0xfffff800db8addb3)C:\WINDOWS\MEMORY.DMP Error: (04/08/2014 05:08:39 PM) (Source: BugCheck) (User: ) Description: Error: (04/08/2014 05:08:34 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 08.04.2014 um 13:22:40 unerwartet heruntergefahren. Error: (04/08/2014 04:57:06 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst iphlpsvc erreicht. Error: (04/07/2014 01:17:50 AM) (Source: Ntfs) (User: ) Description: Auf dem Volume "X:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Microsoft Office Sessions: ========================= Error: (04/09/2014 05:11:30 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5484 Error: (04/09/2014 05:11:30 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5484 Error: (04/09/2014 05:11:30 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/09/2014 05:11:28 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4109 Error: (04/09/2014 05:11:28 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4109 Error: (04/09/2014 05:11:28 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/09/2014 05:11:27 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1343 Error: (04/09/2014 05:11:27 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1343 Error: (04/09/2014 05:11:27 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 08:37:19 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 19859 ==================== Memory info =========================== Percentage of memory in use: 58% Total physical RAM: 3950.09 MB Available physical RAM: 1640.91 MB Total Pagefile: 7918.09 MB Available Pagefile: 4702.54 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:108.46 GB) NTFS Drive f: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF Drive g: (Elements) (Fixed) (Total:2794.52 GB) (Free:1648.9 GB) NTFS Drive m: (My Passport) (Fixed) (Total:465.11 GB) (Free:20.67 GB) NTFS Drive x: () (Fixed) (Total:55 GB) (Free:0.37 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9E7464BD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 465 GB) (Disk ID: 00021968) Partition 1: (Not Active) - (Size=465 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 2. ==================== End Of Log ============================ gmer.txt Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-04-09 20:02:34 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000046 TOSHIBA_MK5055GSX rev.FG001A 465,76GB Running: 3fk5ydh8.exe; Driver: C:\Users\*****\AppData\Local\Temp\pxloypog.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\BtwRSupportService.exe[1808] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007fb5b061532 4 bytes [06, 5B, FB, 07] .text C:\WINDOWS\system32\BtwRSupportService.exe[1808] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007fb5b06153a 4 bytes [06, 5B, FB, 07] .text C:\WINDOWS\system32\BtwRSupportService.exe[1808] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007fb5b06165a 4 bytes [06, 5B, FB, 07] .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb5b061532 4 bytes [06, 5B, FB, 07] .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb5b06153a 4 bytes [06, 5B, FB, 07] .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb5b06165a 4 bytes [06, 5B, FB, 07] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fb6423104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007fb64231087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007fb642310dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 128 000007fb64231110 48 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fb64231174 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!memcmp + 199 000007fb64231257 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 144 000007fb64231300 16 bytes {JMP 0xffffffffffffff8c} .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fb642313d7 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!strlen + 168 000007fb64231578 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 405 000007fb64231725 32 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!strncmp + 181 000007fb64231805 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!strncpy + 354 000007fb64231982 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007fb64231a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007fb64231dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007fb64231e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007fb64232096 48 bytes {JMP 0xffffffffffffffc0} .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007fb642325b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!__chkstk + 77 000007fb6423261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!_setjmp + 160 000007fb642326f0 16 bytes {JMP RAX} .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!longjmp + 236 000007fb6423289c 32 bytes {JMP 0xffffffffffffffb9} .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fb64232cb0 8 bytes {JMP QWORD [RIP-0x402]} .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fb64232e30 8 bytes {JMP QWORD [RIP-0x51b]} .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fb64232e60 8 bytes {JMP QWORD [RIP-0x5ca]} .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb64232f80 8 bytes {JMP QWORD [RIP-0x6da]} .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fb64233030 8 bytes {JMP QWORD [RIP-0x792]} .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb642336f1 8 bytes {JMP QWORD [RIP-0xca0]} .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fb642339d1 8 bytes {JMP QWORD [RIP-0x1018]} .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb64234251 8 bytes {JMP QWORD [RIP-0x18a0]} .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000775f15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000775f15fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000775f17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000775f18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000775f18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000775f1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000775f1923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000775f195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000775f196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000775f1977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2128] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fb6327177a 4 bytes [27, 63, FB, 07] .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2128] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fb63271782 4 bytes [27, 63, FB, 07] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fb6423104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007fb64231087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007fb642310dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 128 000007fb64231110 48 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fb64231174 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!memcmp + 199 000007fb64231257 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 144 000007fb64231300 16 bytes {JMP 0xffffffffffffff8c} .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fb642313d7 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!strlen + 168 000007fb64231578 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 405 000007fb64231725 32 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!strncmp + 181 000007fb64231805 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!strncpy + 354 000007fb64231982 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007fb64231a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007fb64231dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007fb64231e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007fb64232096 48 bytes {JMP 0xffffffffffffffc0} .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007fb642325b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!__chkstk + 77 000007fb6423261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!_setjmp + 160 000007fb642326f0 16 bytes {JMP RAX} .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!longjmp + 236 000007fb6423289c 32 bytes {JMP 0xffffffffffffffb9} .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fb64232cb0 8 bytes {JMP QWORD [RIP-0x402]} .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fb64232e30 8 bytes {JMP QWORD [RIP-0x51b]} .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fb64232e60 8 bytes {JMP QWORD [RIP-0x5ca]} .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb64232f80 8 bytes {JMP QWORD [RIP-0x6da]} .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fb64233030 8 bytes {JMP QWORD [RIP-0x792]} .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb642336f1 8 bytes {JMP QWORD [RIP-0xca0]} .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fb642339d1 8 bytes {JMP QWORD [RIP-0x1018]} .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb64234251 8 bytes {JMP QWORD [RIP-0x18a0]} .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000775f15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000775f15fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000775f17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000775f18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000775f18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000775f1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000775f1923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000775f195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000775f196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000775f1977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fb6423104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007fb64231087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007fb642310dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 128 000007fb64231110 48 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fb64231174 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!memcmp + 199 000007fb64231257 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 144 000007fb64231300 16 bytes {JMP 0xffffffffffffff8c} .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fb642313d7 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!strlen + 168 000007fb64231578 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 405 000007fb64231725 32 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!strncmp + 181 000007fb64231805 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!strncpy + 354 000007fb64231982 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007fb64231a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007fb64231dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007fb64231e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007fb64232096 48 bytes {JMP 0xffffffffffffffc0} .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007fb642325b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!__chkstk + 77 000007fb6423261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!_setjmp + 160 000007fb642326f0 16 bytes {JMP RAX} .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!longjmp + 236 000007fb6423289c 32 bytes {JMP 0xffffffffffffffb9} .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fb64232cb0 8 bytes {JMP QWORD [RIP-0x402]} .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fb64232e30 8 bytes {JMP QWORD [RIP-0x51b]} .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fb64232e60 8 bytes {JMP QWORD [RIP-0x5ca]} .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb64232f80 8 bytes {JMP QWORD [RIP-0x6da]} .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fb64233030 8 bytes {JMP QWORD [RIP-0x792]} .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb642336f1 8 bytes {JMP QWORD [RIP-0xca0]} .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fb642339d1 8 bytes {JMP QWORD [RIP-0x1018]} .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb64234251 8 bytes {JMP QWORD [RIP-0x18a0]} .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000775f15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000775f15fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000775f17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000775f18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000775f18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000775f1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000775f1923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000775f195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000775f196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000775f1977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [676:708] fffff9600094f5e8 Thread C:\WINDOWS\system32\csrss.exe [676:712] fffff9600094f5e8 Thread [3724:3880] 0000000072267950 Thread [3724:3884] 000000007240c59c Thread [3724:3892] 000000007240c59c Thread [3724:3292] 000000007240c59c Thread [3724:4056] 000000007240c59c Thread [3724:3692] 00000000564c0dc7 Thread [3724:4064] 00000000565736af Thread [3724:2004] 00000000565736af Thread [3724:3500] 000000005367d80c Thread [3724:416] 0000000075d64f62 Thread [3724:2844] 00000000565736af Thread [3724:4612] 000000007240c59c Thread [3724:3528] 00000000776750a7 Thread [3724:6880] 00000000776750a7 Thread [3724:7008] 00000000776750a7 Thread [3724:5456] 00000000776750a7 Thread [3724:1936] 00000000776750a7 Thread [3724:6048] 00000000776750a7 Thread [3724:5072] 00000000776750a7 Thread [3724:6632] 0000000075d64f62 Thread [3724:188] 0000000075d64f62 Thread [3724:6676] 00000000746624c6 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -688039526 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\506313e0d7de Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\506313e0d7de@d8b3770b0e76 0xA6 0x1B 0x63 0x3A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\KLIF\Parameters@LastProcessedRevision 7157049 ---- EOF - GMER 2.1 ---- Besten Dank für die Hilfe! |
Themen zu Keylogger? Passwort ausgespäht! |
bonjour, browser, converter, defender, ebanking, excel, explorer, flash player, format, ftp, google, homepage, internet, kaspersky, langsam, ntdll.dll, registry, rootkit, rundll, scan, security, services.exe, sketchup, software, svchost.exe, system, tablet, tracker, usb, windows xp, windowsapps |