| |
| |||||||
Log-Analyse und Auswertung: Blauer Slider, der sich nicht schließen lässt und abnormales VerhaltenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.11.2014, 10:57
| #1 |
 |  Blauer Slider, der sich nicht schließen lässt und abnormales Verhalten Hallo, ich beobachte unregelmäßig folgendes abnormales Verhalten:
Anbei die LOGs: defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:37 on 27/11/2014 (xxxxxx)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by xxxxxx (administrator) on CM2012 on 27-11-2014 09:38:22
Running from D:\download
Loaded Profile: xxxxxx (Available profiles: xxxxxx & zzzzzz & yyyyyy)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Secure Banking) C:\Program Files (x86)\Secure Banking\SecureBanking.exe
() C:\Program Files (x86)\Secure Banking\sbservice.exe
(Spotify Ltd) C:\Users\xxxxxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Acresso Software Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Bernhard Fomm, Munich) C:\Program Files (x86)\AutoRunnerX\arxsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
() D:\download\Defogger.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD64.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry] => C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2774936 2014-05-14] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3683704 2014-11-12] (Crawler.com)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [AutoRunnerX] => C:\Program Files (x86)\AutoRunnerX\arxsrv.exe [123392 2013-04-22] (Bernhard Fomm, Munich)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-2322124623-168391288-3357487613-1001\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-04-24] (TrueCrypt Foundation)
HKU\S-1-5-21-2322124623-168391288-3357487613-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2322124623-168391288-3357487613-1001\...\Run: [Plextool] => C:\Program Files (x86)\Plextool\Plextool.exe [13469696 2014-04-17] ()
HKU\S-1-5-21-2322124623-168391288-3357487613-1001\...\Run: [SecureBanking] => C:\Program Files (x86)\Secure Banking\SecureBanking.exe [507904 2013-06-30] (Secure Banking)
HKU\S-1-5-21-2322124623-168391288-3357487613-1001\...\Run: [Spotify Web Helper] => C:\Users\xxxxxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-13] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\zzzzzz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator-cbfs4 - {CD1A4529-9B23-4CC8-9640-03679812FEC7} - C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {CD1A4529-9B23-4CC8-9640-03679812FEC7} - C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {56925967-B82C-4364-90B8-0B08FB6496D5} => C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {56925967-B82C-4364-90B8-0B08FB6496D5} => C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicyUsers\S-1-5-21-2322124623-168391288-3357487613-1001\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2322124623-168391288-3357487613-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2322124623-168391288-3357487613-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKU\S-1-5-21-2322124623-168391288-3357487613-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: AusweisApp 1.12.0.0 -> {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} -> C:\Program Files (x86)\AusweisApp\siqeCardClientIE64.ols (OpenLimit SignCubes AG)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: AusweisApp 1.12.0.0 -> {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} -> C:\Program Files (x86)\AusweisApp\siqeCardClientIE32.ols (OpenLimit SignCubes AG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: M:\Mozilla Firefox
FF Homepage: https://duckduckgo.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: M:\Mozilla Firefox\searchplugins\11-suche.xml
FF SearchPlugin: M:\Mozilla Firefox\searchplugins\duckduckgo.xml
FF SearchPlugin: M:\Mozilla Firefox\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: M:\Mozilla Firefox\searchplugins\gmx-suche.xml
FF SearchPlugin: M:\Mozilla Firefox\searchplugins\lastminute.xml
FF SearchPlugin: M:\Mozilla Firefox\searchplugins\webde-suche.xml
FF Extension: KeeFox - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\k9opuk4q.default\Extensions\keefox@chris.tomlinson [2014-11-04]
FF Extension: WOT - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\k9opuk4q.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-27]
FF Extension: Ghostery - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\k9opuk4q.default\Extensions\firefox@ghostery.com.xpi [2014-04-27]
FF Extension: KeeFox - M:\Mozilla Firefox\Extensions\keefox@chris.tomlinson [2014-11-03]
FF Extension: WOT - M:\Mozilla Firefox\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Ghostery - M:\Mozilla Firefox\Extensions\firefox@ghostery.com.xpi [2014-02-16]
FF Extension: ZenMate Security & Privacy VPN - M:\Mozilla Firefox\Extensions\firefox@zenmate.com.xpi [2014-09-14]
FF Extension: Dolphin Connect - M:\Mozilla Firefox\Extensions\jid1-79nQAfjhUybb3A@jetpack.xpi [2014-04-05]
FF Extension: Lightbeam - M:\Mozilla Firefox\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-02-16]
FF Extension: 1-Click YouTube Video Downloader - M:\Mozilla Firefox\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-02-23]
FF Extension: NoScript - M:\Mozilla Firefox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-05]
FF Extension: Adblock Plus - M:\Mozilla Firefox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-05]
FF Extension: BetterPrivacy - M:\Mozilla Firefox\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF Extension: AusweisApp - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientExt_FFxx_Win [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF Extension: AusweisApp - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [2014-04-29]
FF Extension: No Name - {4F0963A3-1658-4fde-9585-23A25CC288BF} [Not Found]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Berlin)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-04-26] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-04-26] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-12-28] (Creative Technology Ltd) [File not signed]
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577536 2012-05-21] (Hauppauge Computer Works) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Berlin)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1146304 2014-05-14] (Crawler.com)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-02-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-07] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 cbfs4; C:\WINDOWS\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)
R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2012-11-20] (Hauppauge Computer Works, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NWIM; C:\Windows\system32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin)
S3 PSMounterEx; C:\WINDOWS\system32\drivers\psmounterex.sys [166384 2014-10-30] (Windows (R) Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)
R1 RrNetCapFilterDriver; C:\Windows\system32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-04-28] (Audials AG)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2014-06-20] (Windows (R) Win 7 DDK provider)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2013-11-15] (EldoS Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-27 09:37 - 2014-11-27 09:37 - 00000000 _____ () C:\Users\xxxxxx\defogger_reenable
2014-11-27 09:35 - 2014-11-27 09:35 - 00000531 _____ () C:\Users\xxxxxx\Desktop\(M) Daten xxxxxx.lnk
2014-11-27 07:32 - 2014-11-27 09:38 - 00000000 ____D () C:\FRST
2014-11-27 07:14 - 2014-11-27 07:14 - 00001499 _____ () C:\s.txt
2014-11-21 21:15 - 2014-11-21 21:15 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-11-21 19:30 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-21 19:30 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-21 19:30 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-21 19:30 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-20 14:29 - 2014-11-20 14:29 - 00000000 ____D () C:\Users\yyyyyy\AppData\Roaming\vlc
2014-11-18 14:26 - 2014-11-18 14:27 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-18 14:26 - 2014-11-18 14:26 - 00000000 ____D () C:\Users\yyyyyy\AppData\Local\Apple Computer
2014-11-16 20:49 - 2014-11-16 20:50 - 00001750 _____ () C:\Users\xxxxxx\Desktop\Onlinespeicher.lnk
2014-11-16 20:27 - 2014-11-16 20:28 - 00001268 _____ () C:\Users\xxxxxx\Desktop\Tischtennis.lnk
2014-11-14 22:03 - 2014-11-14 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-11-14 22:02 - 2014-11-14 22:02 - 00001860 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-14 22:02 - 2014-11-14 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-14 22:02 - 2014-11-14 22:02 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-14 22:01 - 2014-11-14 22:01 - 00001798 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-14 22:01 - 2014-11-14 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-14 22:01 - 2014-11-14 22:01 - 00000000 ____D () C:\Program Files\iTunes
2014-11-14 22:01 - 2014-11-14 22:01 - 00000000 ____D () C:\Program Files\iPod
2014-11-14 22:01 - 2014-11-14 22:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-14 18:27 - 2014-11-14 18:27 - 00000000 __SHD () C:\Users\yyyyyy\AppData\Local\EmieBrowserModeList
2014-11-13 23:19 - 2014-11-21 17:12 - 00000000 ____D () C:\Users\xxxxxx\AppData\Local\Spotify
2014-11-13 23:19 - 2014-11-13 23:19 - 00001858 _____ () C:\Users\xxxxxx\Desktop\Spotify.lnk
2014-11-13 23:19 - 2014-11-13 23:19 - 00001844 _____ () C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-11-13 23:17 - 2014-11-23 23:15 - 00000000 ____D () C:\Users\xxxxxx\AppData\Roaming\Spotify
2014-11-12 11:56 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-12 11:56 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-12 11:56 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-12 11:56 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-12 11:56 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-12 11:56 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-12 11:56 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-12 11:56 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-12 11:56 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-12 11:56 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-12 11:56 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-12 11:55 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-12 11:55 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-12 11:55 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-12 11:55 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-12 11:55 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-12 11:55 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-12 11:55 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-12 07:30 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-12 07:30 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-12 07:30 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-12 07:30 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-12 07:30 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-12 07:30 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-12 07:30 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-12 07:30 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-12 07:30 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-12 07:30 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-12 07:30 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-12 07:30 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-12 07:30 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-12 07:30 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-12 07:30 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-12 07:30 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-12 07:30 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-12 07:30 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-12 07:30 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-12 07:30 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-12 07:30 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-12 07:30 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-12 07:30 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-12 07:30 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-12 07:30 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-12 07:30 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-12 07:29 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-12 07:29 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-12 07:29 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-12 07:29 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-12 07:29 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-12 07:29 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-12 07:29 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-12 07:28 - 2014-10-31 06:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-12 07:28 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-12 07:28 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-12 07:28 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-12 07:28 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-12 07:28 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-12 07:28 - 2014-10-31 06:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-12 07:28 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-12 07:28 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-12 07:28 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-12 07:28 - 2014-10-31 06:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-12 07:28 - 2014-10-31 06:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-12 07:28 - 2014-10-31 06:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-12 07:28 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-12 07:28 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-12 07:28 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-12 07:28 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-12 07:28 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-12 07:28 - 2014-10-31 05:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-12 07:28 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-12 07:28 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-12 07:28 - 2014-10-31 05:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-12 07:28 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-12 07:28 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-12 07:28 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-12 07:28 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-12 07:28 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-12 07:28 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-12 07:28 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-12 07:28 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-12 07:28 - 2014-10-31 05:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-12 07:28 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-12 07:28 - 2014-10-31 05:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-12 07:28 - 2014-10-31 05:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-12 07:28 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-12 07:28 - 2014-10-31 05:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-12 07:28 - 2014-10-31 05:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-12 07:28 - 2014-10-31 05:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-12 07:28 - 2014-10-31 05:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-12 07:28 - 2014-10-31 05:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-12 07:28 - 2014-10-31 05:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-12 07:28 - 2014-10-31 04:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-12 07:28 - 2014-10-31 04:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-12 07:28 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-12 07:28 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-12 07:28 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-12 07:28 - 2014-10-31 04:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-12 07:28 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-12 07:28 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-12 07:28 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-12 07:28 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-12 07:28 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-12 07:28 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-12 07:28 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-12 07:28 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-12 07:28 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-12 07:28 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-12 07:28 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-12 07:28 - 2014-10-31 04:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-12 07:28 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-12 07:28 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-12 07:28 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-12 07:28 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-12 07:28 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-12 07:28 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-12 07:28 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-12 07:28 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-12 07:28 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-12 07:28 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-12 07:28 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-12 07:28 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 07:28 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-12 07:28 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-12 07:28 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-12 07:28 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-12 07:28 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-12 07:28 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-12 07:28 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-12 07:28 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-12 07:28 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-12 07:28 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-12 07:28 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-12 07:28 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-12 07:28 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-12 07:28 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-12 07:28 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-12 07:28 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-12 07:28 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-12 07:28 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-12 07:28 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-12 07:28 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-12 07:28 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-12 07:27 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-12 07:27 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-12 07:27 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-12 07:27 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-12 07:27 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-12 07:27 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-12 07:27 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-12 07:27 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-12 07:27 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-12 07:27 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-12 07:27 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-12 07:27 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-12 07:27 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-12 07:27 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-12 07:27 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-11 22:20 - 2014-11-11 22:20 - 00000656 _____ () C:\Users\zzzzzz\Desktop\Gescannte Dokumente.lnk
2014-11-11 22:14 - 2014-11-11 22:15 - 00000000 ____D () C:\Users\zzzzzz\AppData\Roaming\VMware
2014-11-11 22:14 - 2014-11-11 22:15 - 00000000 ____D () C:\Users\zzzzzz\AppData\Local\VMware
2014-11-11 22:10 - 2014-11-11 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-11 22:09 - 2014-11-11 22:10 - 00000000 ____D () C:\Users\zzzzzz\Desktop\Deutsch
2014-11-11 22:09 - 2014-11-11 22:09 - 00000000 ____D () C:\Users\zzzzzz\AppData\Roaming\Cornelsen
2014-11-11 21:54 - 2014-11-11 21:54 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{72EC7BA7-218E-4FCC-9DD8-AFD66E9A93BE}
2014-11-08 21:14 - 2014-11-11 22:04 - 00000000 ____D () C:\Program Files\FRITZ!Fernzugang
2014-11-08 21:14 - 2014-11-08 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang
2014-11-08 21:14 - 2014-11-08 21:14 - 00000000 ____D () C:\ProgramData\AVM
2014-11-08 17:15 - 2014-11-08 17:15 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{34D60692-7191-4FCC-91B6-088838179611}
2014-11-08 16:46 - 2014-11-08 16:46 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C1CB9962-8063-476E-B3A7-F516FFFEA08A}
2014-11-08 11:51 - 2014-11-11 22:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-07 20:24 - 2014-11-07 20:27 - 00000000 ____D () C:\Users\yyyyyy\AppData\Roaming\VMware
2014-11-07 20:24 - 2014-11-07 20:27 - 00000000 ____D () C:\Users\yyyyyy\AppData\Local\VMware
2014-11-06 19:52 - 2014-11-06 19:52 - 00002133 _____ () C:\Users\Public\Desktop\English G 21 e-Workbook A3.lnk
2014-11-05 18:06 - 2014-11-05 18:08 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2014-11-04 12:52 - 2014-11-04 12:52 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2014-11-04 12:51 - 2012-09-20 05:00 - 00393728 _____ (CANON INC.) C:\WINDOWS\system32\CNMXLMBL.DLL
2014-11-04 12:50 - 2014-11-04 12:50 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-11-04 12:50 - 2012-09-21 09:33 - 00321024 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_BLL.dll
2014-11-04 12:50 - 2012-05-25 09:21 - 00103936 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_BLU.dll
2014-11-04 12:50 - 2012-05-15 15:58 - 00098048 _____ () C:\WINDOWS\SysWOW64\CNC176BD.TBL
2014-11-04 12:50 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2014-11-04 12:17 - 2014-11-04 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX920 series Benutzerregistrierung
2014-11-04 12:03 - 2014-11-04 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-11-04 12:03 - 2014-11-04 12:03 - 00002375 _____ () C:\Users\Public\Desktop\Canon MX920 series On-Screen-Handbuch.lnk
2014-11-04 12:03 - 2014-11-04 12:03 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-11-04 12:03 - 2014-11-04 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX920 series Manual
2014-11-04 12:02 - 2014-11-04 18:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-11-04 12:02 - 2014-11-04 12:02 - 00000000 ____D () C:\WINDOWS\system32\STRING
2014-11-04 12:02 - 2012-07-31 09:48 - 00359936 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6PPM.DLL
2014-11-04 12:02 - 2012-07-31 09:48 - 00039424 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6UI.DLL
2014-11-04 12:02 - 2012-07-31 09:47 - 00366592 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNMNPPM.DLL
2014-11-04 12:01 - 2014-11-04 12:01 - 00000000 ___HD () C:\ProgramData\CanonIJETV
2014-11-04 11:43 - 2012-09-21 09:34 - 00366080 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BLL.dll
2014-11-04 11:43 - 2012-09-21 05:00 - 00303104 _____ (CANON INC.) C:\WINDOWS\system32\CNCALBL.DLL
2014-11-04 11:43 - 2012-05-25 09:21 - 00282624 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BLC.dll
2014-11-04 11:43 - 2012-05-25 09:20 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BLI.dll
2014-11-04 11:43 - 2012-05-15 15:58 - 00098048 _____ () C:\WINDOWS\system32\CNC176BD.TBL
2014-11-04 11:42 - 2012-09-20 05:00 - 00390656 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMBL.DLL
2014-10-31 23:19 - 2014-10-29 15:01 - 00064728 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys
2014-10-31 23:19 - 2014-10-29 15:00 - 00033496 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\VMkbd.sys
2014-10-31 23:19 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys
2014-10-31 23:19 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll
2014-10-31 23:19 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll
2014-10-31 23:18 - 2014-10-31 23:18 - 00002139 _____ () C:\Users\Public\Desktop\VMware Player.lnk
2014-10-31 23:18 - 2014-10-31 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-10-31 23:18 - 2014-10-31 23:18 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-10-31 23:18 - 2014-10-31 23:18 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-10-31 23:18 - 2014-10-29 15:01 - 00931032 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
2014-10-31 23:18 - 2014-10-29 15:01 - 00437976 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
2014-10-31 23:18 - 2014-10-29 15:01 - 00359128 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
2014-10-31 23:18 - 2014-10-29 15:01 - 00031448 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys
2014-10-31 23:18 - 2014-02-27 18:40 - 00054464 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys
2014-10-31 14:01 - 2014-10-31 14:01 - 00000000 ____D () C:\ProgramData\Western Digital
2014-10-30 12:18 - 2014-10-30 11:44 - 00166384 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\psmounterex.sys
2014-10-29 23:42 - 2014-11-01 00:08 - 00000000 ____D () C:\Ubuntu_14_10
2014-10-29 15:00 - 2014-10-29 15:00 - 00080464 _____ (VMware, Inc.) C:\WINDOWS\system32\vmnetbridge.dll
2014-10-29 15:00 - 2014-10-29 15:00 - 00049232 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetinst.dll
2014-10-29 15:00 - 2014-10-29 15:00 - 00046160 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetbridge.sys
2014-10-29 15:00 - 2014-10-29 15:00 - 00024656 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnet.sys
2014-10-29 15:00 - 2014-10-29 15:00 - 00020560 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetadapter.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-27 09:38 - 2014-03-18 11:03 - 01968534 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-27 09:38 - 2014-03-18 10:24 - 00832542 _____ () C:\WINDOWS\system32\perfh007.dat
2014-11-27 09:38 - 2014-03-18 10:24 - 00184978 _____ () C:\WINDOWS\system32\perfc007.dat
2014-11-27 09:37 - 2014-04-24 23:05 - 00000000 ____D () C:\Users\xxxxxx
2014-11-27 09:37 - 2014-04-22 21:56 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2322124623-168391288-3357487613-1001
2014-11-27 09:33 - 2014-06-20 10:06 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-11-27 09:32 - 2014-10-16 17:00 - 00002332 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-11-27 09:32 - 2014-04-26 07:14 - 00000000 ____D () C:\Users\xxxxxx\AppData\Roaming\ClassicShell
2014-11-27 09:32 - 2014-04-24 23:42 - 00000000 ____D () C:\ProgramData\VMware
2014-11-27 09:32 - 2014-04-24 23:07 - 01889426 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-27 09:32 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-27 09:32 - 2013-08-22 14:25 - 01572864 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-27 09:17 - 2014-04-24 23:22 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-27 08:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-27 07:04 - 2014-10-22 06:45 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-27 07:04 - 2014-10-22 06:45 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-27 07:04 - 2014-10-22 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-27 07:04 - 2014-10-22 06:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-27 06:55 - 2014-04-25 05:15 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{346778AB-2B94-4A63-BD62-B8729EE354D0}
2014-11-27 06:52 - 2014-04-24 23:12 - 00000000 __RDO () C:\Users\xxxxxx\OneDrive
2014-11-26 17:50 - 2014-08-13 20:19 - 00000000 ____D () C:\Users\zzzzzz\AppData\Roaming\ClassicShell
2014-11-26 16:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-25 23:58 - 2014-04-24 23:26 - 00000000 ____D () C:\Users\xxxxxx\AppData\Roaming\KeePass
2014-11-25 22:50 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-25 22:31 - 2014-04-24 23:42 - 00000000 ____D () C:\Users\xxxxxx\AppData\Local\VMware
2014-11-25 22:31 - 2014-04-24 23:41 - 00000000 ____D () C:\Ubuntu_14_04
2014-11-25 22:07 - 2014-04-24 23:42 - 00000000 ____D () C:\Users\xxxxxx\AppData\Roaming\VMware
2014-11-25 21:17 - 2014-04-24 23:22 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-11-24 16:43 - 2014-08-13 20:42 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2322124623-168391288-3357487613-1023
2014-11-23 22:08 - 2013-08-22 15:46 - 00414272 _____ () C:\WINDOWS\setupact.log
2014-11-23 21:22 - 2014-04-29 22:09 - 00000000 ____D () C:\Users\xxxxxx\AppData\Roaming\Audacity
2014-11-23 16:52 - 2014-04-26 23:13 - 00000000 ____D () C:\Users\xxxxxx\AppData\Local\CrashDumps
2014-11-21 17:08 - 2014-04-27 09:21 - 00000000 ____D () C:\Users\xxxxxx\AppData\Local\CyberGhost
2014-11-21 17:07 - 2014-04-27 09:21 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-11-21 14:29 - 2014-04-26 23:56 - 00001788 _____ () C:\WINDOWS\Sandboxie.ini
2014-11-20 21:51 - 2013-08-22 16:38 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-20 21:51 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-20 14:29 - 2014-09-21 11:19 - 00000000 ____D () C:\Users\yyyyyy\AppData\Roaming\ClassicShell
2014-11-20 13:47 - 2014-09-21 11:18 - 00000000 ____D () C:\Users\yyyyyy\AppData\Roaming\Apple Computer
2014-11-20 12:54 - 2014-09-21 12:22 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2322124623-168391288-3357487613-1024
2014-11-18 15:15 - 2014-09-21 12:21 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F0B9CBBD-79EA-42B3-B32B-58E78A08360D}
2014-11-18 14:26 - 2014-09-27 09:20 - 00000000 ____D () C:\Users\yyyyyy\AppData\Roaming\Cornelsen
2014-11-18 14:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-16 21:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-16 20:50 - 2014-09-25 23:34 - 00102912 ___SH () C:\Users\xxxxxx\Desktop\Thumbs.db
2014-11-16 17:40 - 2014-08-13 20:49 - 00169984 ___SH () C:\Users\zzzzzz\Desktop\Thumbs.db
2014-11-16 17:40 - 2014-08-13 20:48 - 00001731 _____ () C:\Users\zzzzzz\Desktop\FritzBox (fritz.box).lnk
2014-11-16 13:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-11-14 22:01 - 2014-09-09 19:10 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-14 22:01 - 2014-04-27 12:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-13 00:17 - 2014-06-20 10:06 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-11-13 00:15 - 2013-08-22 15:44 - 00503936 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-12 13:56 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 13:56 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 13:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-12 13:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-12 12:34 - 2014-04-26 06:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 12:33 - 2014-04-22 22:47 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 12:31 - 2014-04-22 22:47 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-11 22:24 - 2014-09-21 11:18 - 00000000 ____D () C:\Users\yyyyyy\AppData\Roaming\Canon
2014-11-11 22:19 - 2014-08-13 20:17 - 00000000 ____D () C:\Users\zzzzzz\AppData\Local\Adobe
2014-11-11 22:19 - 2014-08-13 20:15 - 00000000 ____D () C:\Users\zzzzzz\AppData\Roaming\Adobe
2014-11-11 22:10 - 2014-04-22 23:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-11 22:10 - 2014-04-22 23:12 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-11 22:07 - 2014-08-13 20:17 - 00000000 ____D () C:\Users\zzzzzz\AppData\Roaming\Canon
2014-11-11 22:06 - 2014-08-13 21:14 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EE9F80F4-8984-441E-9160-433F7DB9DE2E}
2014-11-11 22:04 - 2014-04-22 22:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 22:04 - 2014-03-18 02:49 - 00055852 _____ () C:\WINDOWS\PFRO.log
2014-11-11 10:03 - 2014-04-26 23:41 - 00000000 ____D () C:\Users\xxxxxx\AppData\Local\FRITZ!
2014-11-06 19:52 - 2014-09-26 21:52 - 00000000 ____D () C:\Users\xxxxxx\AppData\Roaming\Cornelsen
2014-11-06 19:50 - 2014-09-27 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cornelsen
2014-11-06 19:50 - 2014-09-27 09:17 - 00000000 ____D () C:\Program Files (x86)\Cornelsen
2014-11-06 19:50 - 2014-04-24 22:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-04 13:08 - 2014-04-26 22:47 - 00000000 ____D () C:\Users\xxxxxx\AppData\Roaming\Canon
2014-11-04 13:00 - 2014-04-22 21:48 - 00000000 ____D () C:\Users\xxxxxx\AppData\Local\Packages
2014-11-04 12:59 - 2014-04-26 22:58 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-11-04 12:50 - 2014-04-26 22:44 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-11-04 12:50 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-11-04 12:08 - 2014-04-26 22:45 - 00000000 ____D () C:\Program Files\Canon
2014-11-04 12:07 - 2014-04-26 22:47 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2014-11-04 12:03 - 2014-04-26 22:42 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-11-04 11:43 - 2014-04-24 21:48 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
2014-11-01 17:45 - 2014-09-21 11:16 - 00000000 ____D () C:\Users\yyyyyy\AppData\Roaming\Adobe
2014-10-31 23:18 - 2014-04-24 23:42 - 01988426 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\yyyyyy\AppData\Local\Temp\avgnt.exe
C:\Users\zzzzzz\AppData\Local\Temp\avgnt.exe
C:\Users\xxxxxx\AppData\Local\Temp\avgnt.exe
C:\Users\xxxxxx\AppData\Local\Temp\MSETUP4.EXE
C:\Users\xxxxxx\AppData\Local\Temp\reflectPatch.exe
C:\Users\xxxxxx\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\xxxxxx\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-20 12:54
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-27 10:21:58
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000043 PLEXTOR_PX-256M3P rev.1.06 238,47GB
Running: Gmer-19357.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\pftdqpog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff960000df200 15 bytes [00, 28, F6, 01, 80, 1C, 6C, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff960000df210 11 bytes [00, 0E, FC, FF, 00, 05, C4, ...]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\spoolsv.exe[1516] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffac31a169a 4 bytes [1A, C3, FA, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1516] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffac31a16a2 4 bytes [1A, C3, FA, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1516] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffac31a181a 4 bytes [1A, C3, FA, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1516] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffac31a1832 4 bytes [1A, C3, FA, 7F]
.text C:\Program Files\FRITZ!Fernzugang\avmike.exe[1604] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffaba971f6a 4 bytes [97, BA, FA, 7F]
.text C:\Program Files\FRITZ!Fernzugang\avmike.exe[1604] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffaba971f82 4 bytes [97, BA, FA, 7F]
.text C:\Program Files\FRITZ!Fernzugang\certsrv.exe[2056] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffaba971f6a 4 bytes [97, BA, FA, 7F]
.text C:\Program Files\FRITZ!Fernzugang\certsrv.exe[2056] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffaba971f82 4 bytes [97, BA, FA, 7F]
.text C:\PROGRAM FILES\FRITZ!FERNZUGANG\NWTSRV.EXE[2436] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffaba971f6a 4 bytes [97, BA, FA, 7F]
.text C:\PROGRAM FILES\FRITZ!FERNZUGANG\NWTSRV.EXE[2436] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffaba971f82 4 bytes [97, BA, FA, 7F]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2872] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffac31a169a 4 bytes [1A, C3, FA, 7F]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2872] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffac31a16a2 4 bytes [1A, C3, FA, 7F]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2872] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffac31a181a 4 bytes [1A, C3, FA, 7F]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2872] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffac31a1832 4 bytes [1A, C3, FA, 7F]
.text C:\PROGRAM FILES (X86)\BLUETOOTH SUITE\BTVSTACK.EXE[4016] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffaba971f6a 4 bytes [97, BA, FA, 7F]
.text C:\PROGRAM FILES (X86)\BLUETOOTH SUITE\BTVSTACK.EXE[4016] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffaba971f82 4 bytes [97, BA, FA, 7F]
.text C:\Windows\System32\igfxpers.exe[6240] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffac31a169a 4 bytes [1A, C3, FA, 7F]
.text C:\Windows\System32\igfxpers.exe[6240] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffac31a16a2 4 bytes [1A, C3, FA, 7F]
.text C:\Windows\System32\igfxpers.exe[6240] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffac31a181a 4 bytes [1A, C3, FA, 7F]
.text C:\Windows\System32\igfxpers.exe[6240] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffac31a1832 4 bytes [1A, C3, FA, 7F]
.text C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE[5176] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffaba971f6a 4 bytes [97, BA, FA, 7F]
.text C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE[5176] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffaba971f82 4 bytes [97, BA, FA, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [664:688] fffff96000869b90
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2500] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2512] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2520] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2540] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2544] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2548] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2552] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2556] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2560] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2576] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2580] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2596] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2600] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2616] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2620] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2644] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2648] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2652] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2656] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2660] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2664] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2668] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2672] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2676] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2680] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2684] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2688] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2692] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2696] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2700] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2704] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2712] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2768] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2780] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2784] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2788] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2792] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2796] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2800] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2804] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2808] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2812] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:5268] 0000000052033810
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{F5859835-7A40-431D-B905-0EA5E6817747}\Connection@Name isatap.fritz.box
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -646930721
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\9cb70dc8261d
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\9cb70dc8261d@00219e8bdc27 0x88 0x6C 0xD2 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{F5859835-7A40-431D-B905-0EA5E6817747}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{F5859835-7A40-431D-B905-0EA5E6817747}@DefunctTimestamp 0xB5 0xE1 0x76 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 13397
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 2662
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E41AAFE8-1653-420F-8552-BEF8BA69315F}@LeaseObtainedTime 1417077192
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E41AAFE8-1653-420F-8552-BEF8BA69315F}@T1 1417509192
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E41AAFE8-1653-420F-8552-BEF8BA69315F}@T2 1417833192
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E41AAFE8-1653-420F-8552-BEF8BA69315F}@LeaseTerminatesTime 1417941192
Reg HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters\Interfaces\{E41AAFE8-1653-420F-8552-BEF8BA69315F}@Dhcpv6InformationObtainedTime 1417077187
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\iexplore@Count 66
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\iexplore@Count 446
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{553891B7-A0D5-4526-BE18-D3CE461D6310}\iexplore@Count 446
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0xBF 0x8A 0xCB 0x80 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0xBF 0x8A 0xCB 0x80 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0xBF 0x8A 0xCB 0x80 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0xBF 0x8A 0xCB 0x80 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63552664872327%3bID%3dA09EBB5F1A14EB85!102%3bLR%3d63552674346127%3bEP%3d4%3bTD%3dTrue%3bSO%3d0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@CloudSettingsDirtyMarks 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@CloudUsertileDirtyMarks 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xD9 0xAB 0x16 0x34 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SkyDrive\Subscriptions@Scenario-1-A09EBB5F1A14EB85!107 WLS_SubscriptionId_132B3DBB-5E2C-4279-B8EC-6D74F915AF34
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SkyDrive\Subscriptions@Scenario-2-A09EBB5F1A14EB85!107 WLS_SubscriptionId_6AC70BD8-934F-42EB-8F15-001BBBED4974
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting@LastRateLimitedDumpGenerationTime 0x6D 0xCB 0x06 0xD1 ...
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Gmer-19357.exe_d0d3955a196d9f2ab4b8ad4ff555b78d2c0b7_69ff3d88_228b4f95
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0x02 0x05 0x1B 0x00 ...
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CloseDialog 0xAC 0x06 0x01 0x00 ...
---- EOF - GMER 2.1 ----
|
| Themen zu Blauer Slider, der sich nicht schließen lässt und abnormales Verhalten |
| ad-aware, antivir, antivirus, autorun, bonjour, computer, cyberghost, downloader, fehlercode 0xc0000005, fehlercode 22, fehlercode 43, fehlercode windows, flash player, homepage, installation, mozilla, registry, rundll, security, software, spyware, svchost.exe, synology, system, this device is disabled. (code 22), windows, windowsapps |
Baum-Darstellung