| |
| |||||||
Log-Analyse und Auswertung: Blauer Slider, der sich nicht schließen lässt und abnormales VerhaltenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.11.2014, 10:57
| #1 |
 |  Blauer Slider, der sich nicht schließen lässt und abnormales Verhalten Hallo, ich beobachte unregelmäßig folgendes abnormales Verhalten:
Anbei die LOGs: defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:37 on 27/11/2014 (xxxxxx)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by xxxxxx (administrator) on CM2012 on 27-11-2014 09:38:22
Running from D:\download
Loaded Profile: xxxxxx (Available profiles: xxxxxx & zzzzzz & yyyyyy)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Secure Banking) C:\Program Files (x86)\Secure Banking\SecureBanking.exe
() C:\Program Files (x86)\Secure Banking\sbservice.exe
(Spotify Ltd) C:\Users\xxxxxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Acresso Software Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Bernhard Fomm, Munich) C:\Program Files (x86)\AutoRunnerX\arxsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
() D:\download\Defogger.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD64.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry] => C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2774936 2014-05-14] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3683704 2014-11-12] (Crawler.com)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [AutoRunnerX] => C:\Program Files (x86)\AutoRunnerX\arxsrv.exe [123392 2013-04-22] (Bernhard Fomm, Munich)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-2322124623-168391288-3357487613-1001\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-04-24] (TrueCrypt Foundation)
HKU\S-1-5-21-2322124623-168391288-3357487613-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2322124623-168391288-3357487613-1001\...\Run: [Plextool] => C:\Program Files (x86)\Plextool\Plextool.exe [13469696 2014-04-17] ()
HKU\S-1-5-21-2322124623-168391288-3357487613-1001\...\Run: [SecureBanking] => C:\Program Files (x86)\Secure Banking\SecureBanking.exe [507904 2013-06-30] (Secure Banking)
HKU\S-1-5-21-2322124623-168391288-3357487613-1001\...\Run: [Spotify Web Helper] => C:\Users\xxxxxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-13] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\zzzzzz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator-cbfs4 - {CD1A4529-9B23-4CC8-9640-03679812FEC7} - C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {CD1A4529-9B23-4CC8-9640-03679812FEC7} - C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {56925967-B82C-4364-90B8-0B08FB6496D5} => C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {56925967-B82C-4364-90B8-0B08FB6496D5} => C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicyUsers\S-1-5-21-2322124623-168391288-3357487613-1001\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2322124623-168391288-3357487613-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2322124623-168391288-3357487613-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKU\S-1-5-21-2322124623-168391288-3357487613-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: AusweisApp 1.12.0.0 -> {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} -> C:\Program Files (x86)\AusweisApp\siqeCardClientIE64.ols (OpenLimit SignCubes AG)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: AusweisApp 1.12.0.0 -> {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} -> C:\Program Files (x86)\AusweisApp\siqeCardClientIE32.ols (OpenLimit SignCubes AG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: M:\Mozilla Firefox
FF Homepage: https://duckduckgo.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: M:\Mozilla Firefox\searchplugins\11-suche.xml
FF SearchPlugin: M:\Mozilla Firefox\searchplugins\duckduckgo.xml
FF SearchPlugin: M:\Mozilla Firefox\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: M:\Mozilla Firefox\searchplugins\gmx-suche.xml
FF SearchPlugin: M:\Mozilla Firefox\searchplugins\lastminute.xml
FF SearchPlugin: M:\Mozilla Firefox\searchplugins\webde-suche.xml
FF Extension: KeeFox - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\k9opuk4q.default\Extensions\keefox@chris.tomlinson [2014-11-04]
FF Extension: WOT - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\k9opuk4q.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-27]
FF Extension: Ghostery - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\k9opuk4q.default\Extensions\firefox@ghostery.com.xpi [2014-04-27]
FF Extension: KeeFox - M:\Mozilla Firefox\Extensions\keefox@chris.tomlinson [2014-11-03]
FF Extension: WOT - M:\Mozilla Firefox\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Ghostery - M:\Mozilla Firefox\Extensions\firefox@ghostery.com.xpi [2014-02-16]
FF Extension: ZenMate Security & Privacy VPN - M:\Mozilla Firefox\Extensions\firefox@zenmate.com.xpi [2014-09-14]
FF Extension: Dolphin Connect - M:\Mozilla Firefox\Extensions\jid1-79nQAfjhUybb3A@jetpack.xpi [2014-04-05]
FF Extension: Lightbeam - M:\Mozilla Firefox\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-02-16]
FF Extension: 1-Click YouTube Video Downloader - M:\Mozilla Firefox\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-02-23]
FF Extension: NoScript - M:\Mozilla Firefox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-05]
FF Extension: Adblock Plus - M:\Mozilla Firefox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-05]
FF Extension: BetterPrivacy - M:\Mozilla Firefox\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF Extension: AusweisApp - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientExt_FFxx_Win [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF Extension: AusweisApp - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [2014-04-29]
FF Extension: No Name - {4F0963A3-1658-4fde-9585-23A25CC288BF} [Not Found]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Berlin)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-04-26] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-04-26] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-12-28] (Creative Technology Ltd) [File not signed]
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577536 2012-05-21] (Hauppauge Computer Works) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Berlin)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1146304 2014-05-14] (Crawler.com)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-02-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-07] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 cbfs4; C:\WINDOWS\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)
R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2012-11-20] (Hauppauge Computer Works, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NWIM; C:\Windows\system32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin)
S3 PSMounterEx; C:\WINDOWS\system32\drivers\psmounterex.sys [166384 2014-10-30] (Windows (R) Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)
R1 RrNetCapFilterDriver; C:\Windows\system32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-04-28] (Audials AG)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2014-06-20] (Windows (R) Win 7 DDK provider)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2013-11-15] (EldoS Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-27 09:37 - 2014-11-27 09:37 - 00000000 _____ () C:\Users\xxxxxx\defogger_reenable
2014-11-27 09:35 - 2014-11-27 09:35 - 00000531 _____ () C:\Users\xxxxxx\Desktop\(M) Daten xxxxxx.lnk
2014-11-27 07:32 - 2014-11-27 09:38 - 00000000 ____D () C:\FRST
2014-11-27 07:14 - 2014-11-27 07:14 - 00001499 _____ () C:\s.txt
2014-11-21 21:15 - 2014-11-21 21:15 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-11-21 19:30 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-21 19:30 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-21 19:30 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-21 19:30 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-20 14:29 - 2014-11-20 14:29 - 00000000 ____D () C:\Users\yyyyyy\AppData\Roaming\vlc
2014-11-18 14:26 - 2014-11-18 14:27 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-18 14:26 - 2014-11-18 14:26 - 00000000 ____D () C:\Users\yyyyyy\AppData\Local\Apple Computer
2014-11-16 20:49 - 2014-11-16 20:50 - 00001750 _____ () C:\Users\xxxxxx\Desktop\Onlinespeicher.lnk
2014-11-16 20:27 - 2014-11-16 20:28 - 00001268 _____ () C:\Users\xxxxxx\Desktop\Tischtennis.lnk
2014-11-14 22:03 - 2014-11-14 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-11-14 22:02 - 2014-11-14 22:02 - 00001860 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-14 22:02 - 2014-11-14 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-14 22:02 - 2014-11-14 22:02 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-14 22:01 - 2014-11-14 22:01 - 00001798 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-14 22:01 - 2014-11-14 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-14 22:01 - 2014-11-14 22:01 - 00000000 ____D () C:\Program Files\iTunes
2014-11-14 22:01 - 2014-11-14 22:01 - 00000000 ____D () C:\Program Files\iPod
2014-11-14 22:01 - 2014-11-14 22:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-14 18:27 - 2014-11-14 18:27 - 00000000 __SHD () C:\Users\yyyyyy\AppData\Local\EmieBrowserModeList
2014-11-13 23:19 - 2014-11-21 17:12 - 00000000 ____D () C:\Users\xxxxxx\AppData\Local\Spotify
2014-11-13 23:19 - 2014-11-13 23:19 - 00001858 _____ () C:\Users\xxxxxx\Desktop\Spotify.lnk
2014-11-13 23:19 - 2014-11-13 23:19 - 00001844 _____ () C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-11-13 23:17 - 2014-11-23 23:15 - 00000000 ____D () C:\Users\xxxxxx\AppData\Roaming\Spotify
2014-11-12 11:56 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-12 11:56 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-12 11:56 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-12 11:56 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-12 11:56 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-12 11:56 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-12 11:56 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-12 11:56 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-12 11:56 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-12 11:56 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-12 11:56 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-12 11:55 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-12 11:55 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-12 11:55 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-12 11:55 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-12 11:55 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-12 11:55 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-12 11:55 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-12 07:30 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-12 07:30 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-12 07:30 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-12 07:30 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-12 07:30 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-12 07:30 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-12 07:30 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-12 07:30 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-12 07:30 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-12 07:30 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-12 07:30 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-12 07:30 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-12 07:30 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-12 07:30 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-12 07:30 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-12 07:30 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-12 07:30 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-12 07:30 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-12 07:30 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-12 07:30 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-12 07:30 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-12 07:30 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-12 07:30 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-12 07:30 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-12 07:30 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-12 07:30 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-12 07:29 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-12 07:29 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-12 07:29 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-12 07:29 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-12 07:29 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-12 07:29 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-12 07:29 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-12 07:28 - 2014-10-31 06:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-12 07:28 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-12 07:28 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-12 07:28 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-12 07:28 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-12 07:28 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-12 07:28 - 2014-10-31 06:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-12 07:28 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-12 07:28 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-12 07:28 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-12 07:28 - 2014-10-31 06:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-12 07:28 - 2014-10-31 06:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-12 07:28 - 2014-10-31 06:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-12 07:28 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-12 07:28 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-12 07:28 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-12 07:28 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-12 07:28 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-12 07:28 - 2014-10-31 05:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-12 07:28 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-12 07:28 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-12 07:28 - 2014-10-31 05:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-12 07:28 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-12 07:28 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-12 07:28 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-12 07:28 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-12 07:28 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-12 07:28 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-12 07:28 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-12 07:28 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-12 07:28 - 2014-10-31 05:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-12 07:28 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-12 07:28 - 2014-10-31 05:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-12 07:28 - 2014-10-31 05:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-12 07:28 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-12 07:28 - 2014-10-31 05:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-12 07:28 - 2014-10-31 05:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-12 07:28 - 2014-10-31 05:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-12 07:28 - 2014-10-31 05:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-12 07:28 - 2014-10-31 05:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-12 07:28 - 2014-10-31 05:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-12 07:28 - 2014-10-31 04:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-12 07:28 - 2014-10-31 04:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-12 07:28 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-12 07:28 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-12 07:28 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-12 07:28 - 2014-10-31 04:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-12 07:28 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-12 07:28 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-12 07:28 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-12 07:28 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-12 07:28 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-12 07:28 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-12 07:28 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-12 07:28 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-12 07:28 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-12 07:28 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-12 07:28 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-12 07:28 - 2014-10-31 04:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-12 07:28 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-12 07:28 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-12 07:28 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-12 07:28 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-12 07:28 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-12 07:28 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-12 07:28 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-12 07:28 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-12 07:28 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-12 07:28 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-12 07:28 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-12 07:28 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 07:28 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-12 07:28 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-12 07:28 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-12 07:28 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-12 07:28 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-12 07:28 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-12 07:28 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-12 07:28 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-12 07:28 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-12 07:28 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-12 07:28 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-12 07:28 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-12 07:28 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-12 07:28 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-12 07:28 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-12 07:28 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-12 07:28 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-12 07:28 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-12 07:28 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-12 07:28 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-12 07:28 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-12 07:27 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-12 07:27 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-12 07:27 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-12 07:27 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-12 07:27 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-12 07:27 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-12 07:27 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-12 07:27 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-12 07:27 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-12 07:27 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-12 07:27 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-12 07:27 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-12 07:27 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-12 07:27 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-12 07:27 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-11 22:20 - 2014-11-11 22:20 - 00000656 _____ () C:\Users\zzzzzz\Desktop\Gescannte Dokumente.lnk
2014-11-11 22:14 - 2014-11-11 22:15 - 00000000 ____D () C:\Users\zzzzzz\AppData\Roaming\VMware
2014-11-11 22:14 - 2014-11-11 22:15 - 00000000 ____D () C:\Users\zzzzzz\AppData\Local\VMware
2014-11-11 22:10 - 2014-11-11 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-11 22:09 - 2014-11-11 22:10 - 00000000 ____D () C:\Users\zzzzzz\Desktop\Deutsch
2014-11-11 22:09 - 2014-11-11 22:09 - 00000000 ____D () C:\Users\zzzzzz\AppData\Roaming\Cornelsen
2014-11-11 21:54 - 2014-11-11 21:54 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{72EC7BA7-218E-4FCC-9DD8-AFD66E9A93BE}
2014-11-08 21:14 - 2014-11-11 22:04 - 00000000 ____D () C:\Program Files\FRITZ!Fernzugang
2014-11-08 21:14 - 2014-11-08 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang
2014-11-08 21:14 - 2014-11-08 21:14 - 00000000 ____D () C:\ProgramData\AVM
2014-11-08 17:15 - 2014-11-08 17:15 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{34D60692-7191-4FCC-91B6-088838179611}
2014-11-08 16:46 - 2014-11-08 16:46 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C1CB9962-8063-476E-B3A7-F516FFFEA08A}
2014-11-08 11:51 - 2014-11-11 22:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-07 20:24 - 2014-11-07 20:27 - 00000000 ____D () C:\Users\yyyyyy\AppData\Roaming\VMware
2014-11-07 20:24 - 2014-11-07 20:27 - 00000000 ____D () C:\Users\yyyyyy\AppData\Local\VMware
2014-11-06 19:52 - 2014-11-06 19:52 - 00002133 _____ () C:\Users\Public\Desktop\English G 21 e-Workbook A3.lnk
2014-11-05 18:06 - 2014-11-05 18:08 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2014-11-04 12:52 - 2014-11-04 12:52 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2014-11-04 12:51 - 2012-09-20 05:00 - 00393728 _____ (CANON INC.) C:\WINDOWS\system32\CNMXLMBL.DLL
2014-11-04 12:50 - 2014-11-04 12:50 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-11-04 12:50 - 2012-09-21 09:33 - 00321024 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_BLL.dll
2014-11-04 12:50 - 2012-05-25 09:21 - 00103936 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_BLU.dll
2014-11-04 12:50 - 2012-05-15 15:58 - 00098048 _____ () C:\WINDOWS\SysWOW64\CNC176BD.TBL
2014-11-04 12:50 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2014-11-04 12:17 - 2014-11-04 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX920 series Benutzerregistrierung
2014-11-04 12:03 - 2014-11-04 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-11-04 12:03 - 2014-11-04 12:03 - 00002375 _____ () C:\Users\Public\Desktop\Canon MX920 series On-Screen-Handbuch.lnk
2014-11-04 12:03 - 2014-11-04 12:03 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-11-04 12:03 - 2014-11-04 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX920 series Manual
2014-11-04 12:02 - 2014-11-04 18:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-11-04 12:02 - 2014-11-04 12:02 - 00000000 ____D () C:\WINDOWS\system32\STRING
2014-11-04 12:02 - 2012-07-31 09:48 - 00359936 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6PPM.DLL
2014-11-04 12:02 - 2012-07-31 09:48 - 00039424 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6UI.DLL
2014-11-04 12:02 - 2012-07-31 09:47 - 00366592 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNMNPPM.DLL
2014-11-04 12:01 - 2014-11-04 12:01 - 00000000 ___HD () C:\ProgramData\CanonIJETV
2014-11-04 11:43 - 2012-09-21 09:34 - 00366080 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BLL.dll
2014-11-04 11:43 - 2012-09-21 05:00 - 00303104 _____ (CANON INC.) C:\WINDOWS\system32\CNCALBL.DLL
2014-11-04 11:43 - 2012-05-25 09:21 - 00282624 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BLC.dll
2014-11-04 11:43 - 2012-05-25 09:20 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BLI.dll
2014-11-04 11:43 - 2012-05-15 15:58 - 00098048 _____ () C:\WINDOWS\system32\CNC176BD.TBL
2014-11-04 11:42 - 2012-09-20 05:00 - 00390656 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMBL.DLL
2014-10-31 23:19 - 2014-10-29 15:01 - 00064728 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys
2014-10-31 23:19 - 2014-10-29 15:00 - 00033496 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\VMkbd.sys
2014-10-31 23:19 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys
2014-10-31 23:19 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll
2014-10-31 23:19 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll
2014-10-31 23:18 - 2014-10-31 23:18 - 00002139 _____ () C:\Users\Public\Desktop\VMware Player.lnk
2014-10-31 23:18 - 2014-10-31 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-10-31 23:18 - 2014-10-31 23:18 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-10-31 23:18 - 2014-10-31 23:18 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-10-31 23:18 - 2014-10-29 15:01 - 00931032 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
2014-10-31 23:18 - 2014-10-29 15:01 - 00437976 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
2014-10-31 23:18 - 2014-10-29 15:01 - 00359128 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
2014-10-31 23:18 - 2014-10-29 15:01 - 00031448 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys
2014-10-31 23:18 - 2014-02-27 18:40 - 00054464 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys
2014-10-31 14:01 - 2014-10-31 14:01 - 00000000 ____D () C:\ProgramData\Western Digital
2014-10-30 12:18 - 2014-10-30 11:44 - 00166384 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\psmounterex.sys
2014-10-29 23:42 - 2014-11-01 00:08 - 00000000 ____D () C:\Ubuntu_14_10
2014-10-29 15:00 - 2014-10-29 15:00 - 00080464 _____ (VMware, Inc.) C:\WINDOWS\system32\vmnetbridge.dll
2014-10-29 15:00 - 2014-10-29 15:00 - 00049232 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetinst.dll
2014-10-29 15:00 - 2014-10-29 15:00 - 00046160 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetbridge.sys
2014-10-29 15:00 - 2014-10-29 15:00 - 00024656 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnet.sys
2014-10-29 15:00 - 2014-10-29 15:00 - 00020560 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetadapter.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-27 09:38 - 2014-03-18 11:03 - 01968534 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-27 09:38 - 2014-03-18 10:24 - 00832542 _____ () C:\WINDOWS\system32\perfh007.dat
2014-11-27 09:38 - 2014-03-18 10:24 - 00184978 _____ () C:\WINDOWS\system32\perfc007.dat
2014-11-27 09:37 - 2014-04-24 23:05 - 00000000 ____D () C:\Users\xxxxxx
2014-11-27 09:37 - 2014-04-22 21:56 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2322124623-168391288-3357487613-1001
2014-11-27 09:33 - 2014-06-20 10:06 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-11-27 09:32 - 2014-10-16 17:00 - 00002332 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-11-27 09:32 - 2014-04-26 07:14 - 00000000 ____D () C:\Users\xxxxxx\AppData\Roaming\ClassicShell
2014-11-27 09:32 - 2014-04-24 23:42 - 00000000 ____D () C:\ProgramData\VMware
2014-11-27 09:32 - 2014-04-24 23:07 - 01889426 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-27 09:32 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-27 09:32 - 2013-08-22 14:25 - 01572864 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-27 09:17 - 2014-04-24 23:22 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-27 08:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-27 07:04 - 2014-10-22 06:45 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-27 07:04 - 2014-10-22 06:45 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-27 07:04 - 2014-10-22 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-27 07:04 - 2014-10-22 06:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-27 06:55 - 2014-04-25 05:15 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{346778AB-2B94-4A63-BD62-B8729EE354D0}
2014-11-27 06:52 - 2014-04-24 23:12 - 00000000 __RDO () C:\Users\xxxxxx\OneDrive
2014-11-26 17:50 - 2014-08-13 20:19 - 00000000 ____D () C:\Users\zzzzzz\AppData\Roaming\ClassicShell
2014-11-26 16:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-25 23:58 - 2014-04-24 23:26 - 00000000 ____D () C:\Users\xxxxxx\AppData\Roaming\KeePass
2014-11-25 22:50 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-25 22:31 - 2014-04-24 23:42 - 00000000 ____D () C:\Users\xxxxxx\AppData\Local\VMware
2014-11-25 22:31 - 2014-04-24 23:41 - 00000000 ____D () C:\Ubuntu_14_04
2014-11-25 22:07 - 2014-04-24 23:42 - 00000000 ____D () C:\Users\xxxxxx\AppData\Roaming\VMware
2014-11-25 21:17 - 2014-04-24 23:22 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-11-24 16:43 - 2014-08-13 20:42 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2322124623-168391288-3357487613-1023
2014-11-23 22:08 - 2013-08-22 15:46 - 00414272 _____ () C:\WINDOWS\setupact.log
2014-11-23 21:22 - 2014-04-29 22:09 - 00000000 ____D () C:\Users\xxxxxx\AppData\Roaming\Audacity
2014-11-23 16:52 - 2014-04-26 23:13 - 00000000 ____D () C:\Users\xxxxxx\AppData\Local\CrashDumps
2014-11-21 17:08 - 2014-04-27 09:21 - 00000000 ____D () C:\Users\xxxxxx\AppData\Local\CyberGhost
2014-11-21 17:07 - 2014-04-27 09:21 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-11-21 14:29 - 2014-04-26 23:56 - 00001788 _____ () C:\WINDOWS\Sandboxie.ini
2014-11-20 21:51 - 2013-08-22 16:38 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-20 21:51 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-20 14:29 - 2014-09-21 11:19 - 00000000 ____D () C:\Users\yyyyyy\AppData\Roaming\ClassicShell
2014-11-20 13:47 - 2014-09-21 11:18 - 00000000 ____D () C:\Users\yyyyyy\AppData\Roaming\Apple Computer
2014-11-20 12:54 - 2014-09-21 12:22 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2322124623-168391288-3357487613-1024
2014-11-18 15:15 - 2014-09-21 12:21 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F0B9CBBD-79EA-42B3-B32B-58E78A08360D}
2014-11-18 14:26 - 2014-09-27 09:20 - 00000000 ____D () C:\Users\yyyyyy\AppData\Roaming\Cornelsen
2014-11-18 14:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-16 21:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-16 20:50 - 2014-09-25 23:34 - 00102912 ___SH () C:\Users\xxxxxx\Desktop\Thumbs.db
2014-11-16 17:40 - 2014-08-13 20:49 - 00169984 ___SH () C:\Users\zzzzzz\Desktop\Thumbs.db
2014-11-16 17:40 - 2014-08-13 20:48 - 00001731 _____ () C:\Users\zzzzzz\Desktop\FritzBox (fritz.box).lnk
2014-11-16 13:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-11-14 22:01 - 2014-09-09 19:10 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-14 22:01 - 2014-04-27 12:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-13 00:17 - 2014-06-20 10:06 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-11-13 00:15 - 2013-08-22 15:44 - 00503936 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-12 13:56 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 13:56 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 13:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-12 13:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-12 12:34 - 2014-04-26 06:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 12:33 - 2014-04-22 22:47 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 12:31 - 2014-04-22 22:47 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-11 22:24 - 2014-09-21 11:18 - 00000000 ____D () C:\Users\yyyyyy\AppData\Roaming\Canon
2014-11-11 22:19 - 2014-08-13 20:17 - 00000000 ____D () C:\Users\zzzzzz\AppData\Local\Adobe
2014-11-11 22:19 - 2014-08-13 20:15 - 00000000 ____D () C:\Users\zzzzzz\AppData\Roaming\Adobe
2014-11-11 22:10 - 2014-04-22 23:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-11 22:10 - 2014-04-22 23:12 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-11 22:07 - 2014-08-13 20:17 - 00000000 ____D () C:\Users\zzzzzz\AppData\Roaming\Canon
2014-11-11 22:06 - 2014-08-13 21:14 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EE9F80F4-8984-441E-9160-433F7DB9DE2E}
2014-11-11 22:04 - 2014-04-22 22:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 22:04 - 2014-03-18 02:49 - 00055852 _____ () C:\WINDOWS\PFRO.log
2014-11-11 10:03 - 2014-04-26 23:41 - 00000000 ____D () C:\Users\xxxxxx\AppData\Local\FRITZ!
2014-11-06 19:52 - 2014-09-26 21:52 - 00000000 ____D () C:\Users\xxxxxx\AppData\Roaming\Cornelsen
2014-11-06 19:50 - 2014-09-27 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cornelsen
2014-11-06 19:50 - 2014-09-27 09:17 - 00000000 ____D () C:\Program Files (x86)\Cornelsen
2014-11-06 19:50 - 2014-04-24 22:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-04 13:08 - 2014-04-26 22:47 - 00000000 ____D () C:\Users\xxxxxx\AppData\Roaming\Canon
2014-11-04 13:00 - 2014-04-22 21:48 - 00000000 ____D () C:\Users\xxxxxx\AppData\Local\Packages
2014-11-04 12:59 - 2014-04-26 22:58 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-11-04 12:50 - 2014-04-26 22:44 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-11-04 12:50 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-11-04 12:08 - 2014-04-26 22:45 - 00000000 ____D () C:\Program Files\Canon
2014-11-04 12:07 - 2014-04-26 22:47 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2014-11-04 12:03 - 2014-04-26 22:42 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-11-04 11:43 - 2014-04-24 21:48 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
2014-11-01 17:45 - 2014-09-21 11:16 - 00000000 ____D () C:\Users\yyyyyy\AppData\Roaming\Adobe
2014-10-31 23:18 - 2014-04-24 23:42 - 01988426 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\yyyyyy\AppData\Local\Temp\avgnt.exe
C:\Users\zzzzzz\AppData\Local\Temp\avgnt.exe
C:\Users\xxxxxx\AppData\Local\Temp\avgnt.exe
C:\Users\xxxxxx\AppData\Local\Temp\MSETUP4.EXE
C:\Users\xxxxxx\AppData\Local\Temp\reflectPatch.exe
C:\Users\xxxxxx\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\xxxxxx\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-20 12:54
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-27 10:21:58
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000043 PLEXTOR_PX-256M3P rev.1.06 238,47GB
Running: Gmer-19357.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\pftdqpog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff960000df200 15 bytes [00, 28, F6, 01, 80, 1C, 6C, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff960000df210 11 bytes [00, 0E, FC, FF, 00, 05, C4, ...]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\spoolsv.exe[1516] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffac31a169a 4 bytes [1A, C3, FA, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1516] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffac31a16a2 4 bytes [1A, C3, FA, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1516] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffac31a181a 4 bytes [1A, C3, FA, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1516] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffac31a1832 4 bytes [1A, C3, FA, 7F]
.text C:\Program Files\FRITZ!Fernzugang\avmike.exe[1604] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffaba971f6a 4 bytes [97, BA, FA, 7F]
.text C:\Program Files\FRITZ!Fernzugang\avmike.exe[1604] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffaba971f82 4 bytes [97, BA, FA, 7F]
.text C:\Program Files\FRITZ!Fernzugang\certsrv.exe[2056] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffaba971f6a 4 bytes [97, BA, FA, 7F]
.text C:\Program Files\FRITZ!Fernzugang\certsrv.exe[2056] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffaba971f82 4 bytes [97, BA, FA, 7F]
.text C:\PROGRAM FILES\FRITZ!FERNZUGANG\NWTSRV.EXE[2436] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffaba971f6a 4 bytes [97, BA, FA, 7F]
.text C:\PROGRAM FILES\FRITZ!FERNZUGANG\NWTSRV.EXE[2436] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffaba971f82 4 bytes [97, BA, FA, 7F]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2872] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffac31a169a 4 bytes [1A, C3, FA, 7F]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2872] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffac31a16a2 4 bytes [1A, C3, FA, 7F]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2872] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffac31a181a 4 bytes [1A, C3, FA, 7F]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2872] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffac31a1832 4 bytes [1A, C3, FA, 7F]
.text C:\PROGRAM FILES (X86)\BLUETOOTH SUITE\BTVSTACK.EXE[4016] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffaba971f6a 4 bytes [97, BA, FA, 7F]
.text C:\PROGRAM FILES (X86)\BLUETOOTH SUITE\BTVSTACK.EXE[4016] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffaba971f82 4 bytes [97, BA, FA, 7F]
.text C:\Windows\System32\igfxpers.exe[6240] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffac31a169a 4 bytes [1A, C3, FA, 7F]
.text C:\Windows\System32\igfxpers.exe[6240] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffac31a16a2 4 bytes [1A, C3, FA, 7F]
.text C:\Windows\System32\igfxpers.exe[6240] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffac31a181a 4 bytes [1A, C3, FA, 7F]
.text C:\Windows\System32\igfxpers.exe[6240] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffac31a1832 4 bytes [1A, C3, FA, 7F]
.text C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE[5176] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffaba971f6a 4 bytes [97, BA, FA, 7F]
.text C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE[5176] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffaba971f82 4 bytes [97, BA, FA, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [664:688] fffff96000869b90
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2500] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2512] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2520] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2540] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2544] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2548] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2552] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2556] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2560] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2576] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2580] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2596] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2600] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2616] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2620] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2644] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2648] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2652] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2656] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2660] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2664] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2668] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2672] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2676] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2680] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2684] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2688] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2692] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2696] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2700] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2704] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2712] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2768] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2780] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2784] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2788] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2792] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2796] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2800] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2804] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2808] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2812] 0000000052033810
Thread C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:5268] 0000000052033810
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{F5859835-7A40-431D-B905-0EA5E6817747}\Connection@Name isatap.fritz.box
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -646930721
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\9cb70dc8261d
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\9cb70dc8261d@00219e8bdc27 0x88 0x6C 0xD2 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{F5859835-7A40-431D-B905-0EA5E6817747}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{F5859835-7A40-431D-B905-0EA5E6817747}@DefunctTimestamp 0xB5 0xE1 0x76 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 13397
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 2662
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E41AAFE8-1653-420F-8552-BEF8BA69315F}@LeaseObtainedTime 1417077192
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E41AAFE8-1653-420F-8552-BEF8BA69315F}@T1 1417509192
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E41AAFE8-1653-420F-8552-BEF8BA69315F}@T2 1417833192
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E41AAFE8-1653-420F-8552-BEF8BA69315F}@LeaseTerminatesTime 1417941192
Reg HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters\Interfaces\{E41AAFE8-1653-420F-8552-BEF8BA69315F}@Dhcpv6InformationObtainedTime 1417077187
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\iexplore@Count 66
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\iexplore@Count 446
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{553891B7-A0D5-4526-BE18-D3CE461D6310}\iexplore@Count 446
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0xBF 0x8A 0xCB 0x80 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0xBF 0x8A 0xCB 0x80 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0xBF 0x8A 0xCB 0x80 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0xBF 0x8A 0xCB 0x80 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63552664872327%3bID%3dA09EBB5F1A14EB85!102%3bLR%3d63552674346127%3bEP%3d4%3bTD%3dTrue%3bSO%3d0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@CloudSettingsDirtyMarks 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@CloudUsertileDirtyMarks 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xD9 0xAB 0x16 0x34 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SkyDrive\Subscriptions@Scenario-1-A09EBB5F1A14EB85!107 WLS_SubscriptionId_132B3DBB-5E2C-4279-B8EC-6D74F915AF34
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SkyDrive\Subscriptions@Scenario-2-A09EBB5F1A14EB85!107 WLS_SubscriptionId_6AC70BD8-934F-42EB-8F15-001BBBED4974
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting@LastRateLimitedDumpGenerationTime 0x6D 0xCB 0x06 0xD1 ...
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Gmer-19357.exe_d0d3955a196d9f2ab4b8ad4ff555b78d2c0b7_69ff3d88_228b4f95
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0x02 0x05 0x1B 0x00 ...
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CloseDialog 0xAC 0x06 0x01 0x00 ...
---- EOF - GMER 2.1 ----
|
|
27.11.2014, 11:06
| #2 |
| | Blauer Slider, der sich nicht schließen lässt und abnormales Verhalten Addition.txt
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by xxxxxx at 2014-11-27 10:55:19
Running from D:\download\troyaner_board
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Audials (HKLM-x32\...\{7DED1048-34EC-4D7C-968E-D1112EC3325B}) (Version: 11.0.53800.0 - Audials AG)
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
AusweisApp (HKLM-x32\...\{BA6CDB7A-F5D7-4341-99E1-1FF0AAEAF1D8}) (Version: 1.13.0 - OpenLimit SignCubes AG)
AutoRunnerX (HKLM-x32\...\AutoRunnerX) (Version: 1.4.5 - Bernhard Fomm, Munich)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boxcryptor 2.0 (HKLM-x32\...\{EBFEBFC7-B128-4700-ADBC-E839BFC833AE}) (Version: 2.0.419.376 - Secomba GmbH)
calibre (HKLM-x32\...\{C5670C59-8D82-47FF-90A1-FDAA41A7E9B2}) (Version: 1.34.0 - Kovid Goyal)
calibre 64bit (HKLM\...\{7A073C16-B3B5-4913-8457-262B6E17947A}) (Version: 2.5.0 - Kovid Goyal)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version: - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version: - Canon Inc.)
Canon MX920 series Benutzerregistrierung (HKLM-x32\...\Canon MX920 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CVE-2014-6352 (HKLM\...\{19b2ec23-d405-490d-be4b-385387efd0a1}.sdb) (Version: - )
CVE-2014-6352 (HKLM\...\{3a9498f9-243d-424b-893a-8da0b0cfad53}.sdb) (Version: - )
CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version: - CyberGhost S.R.L.)
DDBAC (HKLM-x32\...\{7F879E7D-61CA-42B4-AFB6-F8AFE65CE0B0}) (Version: 5.3.27 - DataDesign)
Dia (nur entfernen) (HKLM-x32\...\Dia) (Version: - )
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM-x32\...\dreamboxEDIT) (Version: - )
Dropbox (HKU\S-1-5-21-2322124623-168391288-3357487613-1001\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Duplicati (x64) (HKLM\...\{77BA8977-0BA6-4A83-A741-1DFAD23A6B23}) (Version: 1.3.4 - HexaD)
EG21 Vokabelkartei interaktiv 3 (HKLM-x32\...\{D14B5875-A7FB-4169-BE5B-C9003A5C71AC}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.14949 - Landesfinanzdirektion Thüringen)
English G 21 e-Workbook A3 (HKLM-x32\...\{BE18B4ED-EC6C-4DA1-AC48-515E8D60BFFE}) (Version: 1.00.000 - Cornelsen)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FileZilla Client 3.8.0 (HKU\S-1-5-21-2322124623-168391288-3357487613-1001\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
FRITZ!Fernzugang (HKLM\...\{DD57CC22-8864-4CCA-94D4-600D024C1207}) (Version: 1.3.1 - AVM Berlin)
GDR 5520 für SQL Server 2008 (KB 2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.29.0 - International GeoGebra Institute)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.17.0 - International GeoGebra Institute)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.14) (Version: 9.14 - Artifex Software Inc.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.30151 (CD 2.5d) - Hauppauge Computer Works)
HBCI-Modul für Money 99 Version 2000 (HKLM-x32\...\{8A13EBF6-6249-4C0D-92BE-F8497C922311}_is1) (Version: 5.0.1.10 - Dr. Ulrich Amann)
Hotfix für Microsoft Visual Basic 2010 Express - DEU (KB2635973) (HKLM-x32\...\{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}.KB2635973) (Version: 1 - Microsoft Corporation)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
IMAPSize 0.3.7 (HKLM-x32\...\IMAPSize_is1) (Version: - Broobles)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7100 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Money 99 (HKLM-x32\...\MSMONEYV70) (Version: - )
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{12FE6AA6-65D2-40EE-B925-62193128A0E6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C668416A-9213-4058-B7F2-01A42D85559D}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Money-Browser für Money 99 Version 2000 3.0.1.37 (HKLM-x32\...\{E9E9FCFC-9F1A-4EDC-8400-2EAB5A9DEB4F}_is1) (Version: 3.0.1.37 - Dr. Ulrich Amann)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
Nero 11 InfoTool (HKLM-x32\...\{64BEF779-5053-48AF-A3D8-B70EBC1C70E7}) (Version: 11.0.00500 - Nero AG)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Passbild-Generator v3.6b (HKLM-x32\...\Passbild-Generator_is1) (Version: - Passbild-Generator)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Photo Station Uploader (remove only) (HKLM-x32\...\Photo Station Uploader) (Version: - Synology)
PhotoFiltre 7 (HKU\S-1-5-21-2322124623-168391288-3357487613-1001\...\PhotoFiltre 7) (Version: - )
PlayReady PC Runtime amd64 (HKLM\...\{2E0C1D31-8FEC-411E-97FB-6E56BD429A98}) (Version: 1.3.10 - Microsoft Corporation)
Plextool (HKLM-x32\...\Plextool1.1.4) (Version: 1.1.4 - )
Python 3.4.0 (64-bit) (HKLM\...\{863162a8-ecc2-35ea-bdf7-e09ac456e164}) (Version: 3.4.150 - Python Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Secure Banking Version 1.5.2 (HKLM-x32\...\{0BEE0AF9-79F3-4C4F-B374-90C0A16BF294}_is1) (Version: 1.5.2 - Hopfgartner Niklas)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 3 für SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Setup-Loader für das HBCI-Modul für Money 99 Version 2000 3.4 (HKLM-x32\...\Setup-Loader für das HBCI-Modul für Money 99 Version 2000_is1) (Version: 3.4 - Dr. Ulrich Amann)
Sound Blaster X-Fi MB 2 (HKLM-x32\...\{44DA67A9-C906-4316-94CB-61B036BBDCE5}) (Version: 1.04.02 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-2322124623-168391288-3357487613-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Spyware Terminator 2012 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.82 - Crawler, LLC)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
UltraEdit 15.20 SE (HKLM-x32\...\{A8606865-6D52-44C1-82BD-A3C9A80222D4}) (Version: 15.20.1 - IDM Computer Solutions, Inc.)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.4 - VMware, Inc)
VMware Player (Version: 6.0.4 - VMware, Inc.) Hidden
WhoCrashed 5.01 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Windows-Treiberpaket - Hewlett-Packard hp scanjet 8200 series (01/16/2007 8.1.0.76) (HKLM\...\571317D7659CF42D910AB8DDFEDF584C46DC97E9) (Version: 01/16/2007 8.1.0.76 - Hewlett-Packard)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.10.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.7 - The Wireshark developer community, hxxp://www.wireshark.org)
XMind 2013 (v3.4.1) (HKLM-x32\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2322124623-168391288-3357487613-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2322124623-168391288-3357487613-1001_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-2322124623-168391288-3357487613-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2322124623-168391288-3357487613-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2322124623-168391288-3357487613-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2322124623-168391288-3357487613-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
08-11-2014 20:13:56 FRITZ!Fernzugang wird installiert
12-11-2014 11:31:00 Windows Update
21-11-2014 17:32:10 Geplanter Prüfpunkt
25-11-2014 21:50:14 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {024C24D7-2FE7-4D11-BE4E-25876EC03853} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\SYSTEM32\MRT.EXE [2014-11-12] (Microsoft Corporation)
Task: {1C28ABD5-5DF8-4A9F-932B-D8FEC003CE52} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {1EADD87C-4611-466B-9A35-2C6D5D3EC13D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {85C1A639-1730-420F-856D-BD6A933E2B57} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {8D21C848-7D01-4BD6-B1DD-527975E41D06} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8FF7A5CE-DF08-4EEB-9BF5-D412540A7BCE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B98096A4-BCAE-446F-A6C7-44425C8873B7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-04-26 23:41 - 2006-02-23 10:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll
2014-04-26 23:41 - 2006-02-22 09:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll
2014-04-26 06:45 - 2014-09-11 07:06 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2014-10-15 12:37 - 2014-10-15 12:37 - 00707888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
2014-10-15 13:03 - 2014-10-15 13:03 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 12459344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareServiceKernel.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_regex-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareActivation.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02185560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareApplicationUpdater.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareGamingMode.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareReset.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTime.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00952152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdater.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01108808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIgnoreList.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00250696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareQuarantine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00989016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiMalwareEngine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiRootkitEngine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerHistory.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01281344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScanner.dll
2014-10-15 13:04 - 2014-10-15 13:04 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_timer-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00976728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerScheduler.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01092440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIncompatibles.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00893768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiSpam.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00845136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiPhishing.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareParentalControl.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02887504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareWebProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareEmailProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNetworkProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePromo.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareFeedback.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareThreatWorkAlliance.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01264960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePinCode.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNotice.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAvcEngine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01179496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtectionHistory.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\SecurityCenter.dll
2014-02-25 02:28 - 2014-02-25 02:28 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-09-07 00:48 - 2013-09-07 00:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 00:45 - 2013-09-07 00:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 00:52 - 2013-09-07 00:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-01-25 01:22 - 2014-01-25 01:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-26 22:23 - 2011-12-16 16:18 - 00325120 _____ () C:\WINDOWS\SYSTEM32\APOMgr64.DLL
2014-10-15 13:03 - 2014-10-15 13:03 - 08925504 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.4.6792.0\ADAWARETRAY.EXE
2014-10-15 13:03 - 2014-10-15 13:03 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02132800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll
2014-04-27 09:06 - 2012-09-07 16:30 - 00002560 _____ () C:\PROGRAM FILES (X86)\SECURE BANKING\SBSERVICE.EXE
2014-11-03 22:19 - 2014-11-03 22:19 - 00046080 _____ () C:\Users\xxxxxx\AppData\Local\KeePass\PluginCache\qZgCqdciWBqH6AA4UJA9\Fleck2.dll
2014-11-25 22:09 - 2014-11-25 22:09 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-26 21:46 - 2011-08-23 09:04 - 00057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll
2014-04-26 21:46 - 2012-01-16 16:12 - 00018944 _____ () C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
2014-04-27 08:38 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-04-27 08:38 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-04-27 08:38 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-04-27 08:38 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-27 08:38 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-10-29 15:01 - 2014-10-29 15:01 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2014-04-27 09:06 - 2012-09-07 16:30 - 00002560 _____ () C:\Program Files (x86)\Secure Banking\sbservice.exe
2014-04-27 09:06 - 2013-06-30 16:01 - 00017920 _____ () C:\Program Files (x86)\Secure Banking\SecureBanking.dll
2014-04-27 09:06 - 2013-05-26 12:13 - 00008704 _____ () C:\Program Files (x86)\Secure Banking\funcs.dll
2014-11-08 11:51 - 2014-11-10 23:45 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-16 17:08 - 2014-10-16 17:08 - 03339376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-10-16 17:08 - 2014-10-16 17:08 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-10-16 17:08 - 2014-10-16 17:08 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\xxxxxx\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2322124623-168391288-3357487613-500 - Administrator - Disabled)
Gast (S-1-5-21-2322124623-168391288-3357487613-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2322124623-168391288-3357487613-1007 - Limited - Enabled)
zzzzzz (S-1-5-21-2322124623-168391288-3357487613-1024 - Limited - Enabled) => C:\Users\zzzzzz
yyyyyy (S-1-5-21-2322124623-168391288-3357487613-1023 - Limited - Enabled) => C:\Users\yyyyyy
xxxxxx (S-1-5-21-2322124623-168391288-3357487613-1001 - Administrator - Enabled) => C:\Users\xxxxxx
==================== Faulty Device Manager Devices =============
Name: K:\
Description: STORAGE DEVICE
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFWpdFs
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
Name: Qualcomm Atheros AR5BWB222 Wireless Network Adapter
Description: Qualcomm Atheros AR5BWB222 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/27/2014 10:18:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SECUREBANKING.EXE, Version 1.5.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1b9c
Startzeit: 01d00a1cc8742587
Endzeit: 4294967295
Anwendungspfad: C:\PROGRAM FILES (X86)\SECURE BANKING\SECUREBANKING.EXE
Berichts-ID: 4ad9fa36-7616-11e4-bec1-9cb70dc8261d
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/27/2014 10:17:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0xa50
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5
Error: (11/27/2014 10:16:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x2314
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5
Error: (11/27/2014 09:59:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (11/27/2014 09:40:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0xce8
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5
Error: (11/27/2014 09:40:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x1eb8
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5
Error: (11/27/2014 07:15:49 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (11/26/2014 04:23:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CM2012)
Description: Bei der Aktivierung der App „Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/25/2014 10:50:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (11/25/2014 10:50:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2322124623-168391288-3357487613-1022.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {16f706c1-6110-4e65-be51-913bee467f04}
System errors:
=============
Error: (11/27/2014 09:32:12 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/27/2014 07:06:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/27/2014 07:05:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/27/2014 07:01:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Virtueller Datenträger" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/27/2014 07:00:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HauppaugeTVServer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/27/2014 06:59:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/27/2014 06:58:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HauppaugeTVServer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/27/2014 06:57:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/27/2014 06:52:02 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.25
registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (11/25/2014 11:58:29 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Microsoft Office Sessions:
=========================
Error: (11/27/2014 10:18:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SECUREBANKING.EXE1.5.0.11b9c01d00a1cc87425874294967295C:\PROGRAM FILES (X86)\SECURE BANKING\SECUREBANKING.EXE4ad9fa36-7616-11e4-bec1-9cb70dc8261d
Error: (11/27/2014 10:17:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aaa5001d00a22e4de15a9D:\download\Gmer-19357.exeD:\download\Gmer-19357.exe244fd60d-7616-11e4-bec1-9cb70dc8261d
Error: (11/27/2014 10:16:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa231401d00a22d2bd6d3eD:\download\Gmer-19357.exeD:\download\Gmer-19357.exe123c8645-7616-11e4-bec1-9cb70dc8261d
Error: (11/27/2014 09:59:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (11/27/2014 09:40:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aace801d00a1dce14472fD:\download\Gmer-19357.exeD:\download\Gmer-19357.exe0dfa52b7-7611-11e4-bec1-9cb70dc8261d
Error: (11/27/2014 09:40:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa1eb801d00a1dbd091f67D:\download\Gmer-19357.exeD:\download\Gmer-19357.exefd525576-7610-11e4-bec1-9cb70dc8261d
Error: (11/27/2014 07:15:49 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (11/26/2014 04:23:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CM2012)
Description: Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader-2144927142
Error: (11/25/2014 10:50:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (11/25/2014 10:50:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2322124623-168391288-3357487613-1022.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {16f706c1-6110-4e65-be51-913bee467f04}
CodeIntegrity Errors:
===================================
Date: 2014-04-24 23:42:36.829
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\xxxxxx\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-04-24 23:42:36.798
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 23%
Total physical RAM: 16274.14 MB
Available physical RAM: 12506.55 MB
Total Pagefile: 18706.14 MB
Available Pagefile: 14871.9 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB
==================== Drives ================================
Drive c: (SSD) (Fixed) (Total:237.28 GB) (Free:148.35 GB) NTFS
Drive d: (DATEN) (Fixed) (Total:2794.39 GB) (Free:328.32 GB) NTFS
Drive e: (BACKUP) (Fixed) (Total:2794.39 GB) (Free:923.27 GB) NTFS
Drive m: (Daten xxxxxx) (Fixed) (Total:50 GB) (Free:2.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: BC7C73E9)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 0CE249C3)
Partition: GPT Partition Type.
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
27.11.2014, 13:47
| #3 |
| /// the machine /// TB-Ausbilder    | Blauer Slider, der sich nicht schließen lässt und abnormales Verhalten Hi,
__________________das ist deine Lautstärkeregelung. Hast den nen Button auf dem Laptop um Lautstärke ein/aus zu schalten?
__________________ |
|
27.11.2014, 15:53
| #4 |
| | Blauer Slider, der sich nicht schließen lässt und abnormales Verhalten Hallo schrauber, danke für deine schnelle Antwort. Ich habe ein Desktop, der hat keine speziellen Tasten für die Lautstärke wie beim Laptop. Der normale Slider in der Symbolleiste sieht anders aus (vgl. Anhang). Wenn ich den Wert des blauen Sliders von 100 verringere, läuft er immer wieder auf 100 hoch. Und wie gesagt, er ist auch nach dem Abmelden sichtbar und lässt sich nicht schließen. Sehen die LOGs ansonsten OK aus? Im FRST-Log ist mir die Zeile GroupPolicyUsers\S-1-5-21-2322124623-168391288-3357487613-1001\User: Group Policy restriction detected <======= ATTENTION aufgefallen. Ist dies OK? LG Thomas |
|
28.11.2014, 12:59
| #5 |
| /// the machine /// TB-Ausbilder | Blauer Slider, der sich nicht schließen lässt und abnormales Verhalten Hat deine Tastatur nen Extra-Button für Lautstärke? Vielleicht klemmt die? Diese eine Zeile zeigt dass ne Policy gesetzt ist, meht nicht. Ich sehe auch etwas Adware, aber das alles ist nicht dein Problem mit dem Balken. Deswegen wollte ich das zuerst klären.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.11.2014, 22:17
| #6 |
| | Blauer Slider, der sich nicht schließen lässt und abnormales Verhalten Hallo schrauber, mich laust der Affe. Da sind tatsächlich über den Funktionstasten Tasten für die Lautstärkeregelung (Cherry G230). Habe ich in den ganzen Jahren nie bemerkt. Und hier kommt beim Drücken auch der blaue Balken. Wahrscheinlich scheint hier was zu klemmen. Wow, die Tastatur ist mit 23 (!) Schrauben auf der Rückseite gesichert. Werde ich mir morgen mal vornehmen. Kannst Du mir sonst noch was auf Basis der vorliegenden LOGs empfehelen? Vielen Dank für Deine Unterstützung. LG Thomas |
|
29.11.2014, 18:44
| #7 |
| /// the machine /// TB-Ausbilder | Blauer Slider, der sich nicht schließen lässt und abnormales Verhalten Logs sind sauber. Deine Auswahl an Sicherheitssoftware ist mMn nicht so der Bringer 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.11.2014, 12:15
| #8 |
| | Blauer Slider, der sich nicht schließen lässt und abnormales Verhalten Hi schrauber, heute hat Avira folgendes gemeldet: Code:
ATTFilter In der Datei 'C:\Windows\Temp\7b078874-fd95-4415-82d8-03aaa8068cb9\tmp00006d7f\tmp00009679'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
In dem Ordner liegt nur eine Datei tmp00000000 mit 0 Bytes. Muss ich hier was tun, oder kann ich solche Meldungen ignorieren? Log Avira Code:
ATTFilter Exportierte Ereignisse:
30.11.2014 11:52 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Windows\Temp\7b078874-fd95-4415-82d8-03aaa8068cb9\tmp00006d7f\tmp00009679'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen2' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
30.11.2014 11:52 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Windows\Temp\7b078874-fd95-4415-82d8-03aaa8068cb9\tmp00006d7f\tmp00009679'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen2' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
30.11.2014 11:52 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Windows\Temp\7b078874-fd95-4415-82d8-03aaa8068cb9\tmp00006d7f\tmp00009679'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen2' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
30.11.2014 11:52 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Windows\Temp\7b078874-fd95-4415-82d8-03aaa8068cb9\tmp00006d7f\tmp00009679'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen2' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
30.11.2014 10:49 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer CM2012 (169.254.123.105)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://62.154.232.67/update" aktualisiert:
aevdf.dat 8.11.189.150
xbv00196.vdf 8.11.189.150
local001.vdf
09.11.2014 20:22 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Windows\Temp\45bd6d1b-8b97-4790-bc0e-596674c1bd2e\tmp0000420d\tmp000092aa'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen2' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
09.11.2014 20:22 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Windows\Temp\45bd6d1b-8b97-4790-bc0e-596674c1bd2e\tmp0000420d\tmp000092aa'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen2' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
09.11.2014 20:22 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Windows\Temp\45bd6d1b-8b97-4790-bc0e-596674c1bd2e\tmp0000420d\tmp000092aa'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen2' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
|
|
30.11.2014, 17:50
| #9 |
| /// the machine /// TB-Ausbilder | Blauer Slider, der sich nicht schließen lässt und abnormales Verhalten Lass eine der Dateien mal bei www.virustotal.com scannen, ich tippe wie immer auf Fehlalarm.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.11.2014, 22:29
| #10 |
| | Blauer Slider, der sich nicht schließen lässt und abnormales Verhalten Hallo Schrauber, danke für die schnelle Antwort. In dem Ordner sind allerdings keine Dateien mehr (auch keine versteckten oder Systemdateien). Ich denke auch an Fehlalarm. Avira traue ich sowieso nicht über dem Weg. OK, ich denke dann hat sich alles erledigt. Nochmal ein herzliches  für Deine Hilfe.LG, Thomas |
|
01.12.2014, 20:43
| #11 |
| /// the machine /// TB-Ausbilder | Blauer Slider, der sich nicht schließen lässt und abnormales Verhalten Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Blauer Slider, der sich nicht schließen lässt und abnormales Verhalten |
| ad-aware, antivir, antivirus, autorun, bonjour, computer, cyberghost, downloader, fehlercode 0xc0000005, fehlercode 22, fehlercode 43, fehlercode windows, flash player, homepage, installation, mozilla, registry, rundll, security, software, spyware, svchost.exe, synology, system, this device is disabled. (code 22), windows, windowsapps |
Linear-Darstellung
