| Thomas_L | 15.06.2015 14:08 |
Nun noch richtig eingefügt
Hier nochmals die Dateien, wie sie sein sollten.
Addition:
[CODE]Additional
FRST Logfile: Code:
scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by TL at 2015-06-15 11:43:30
Running from C:\Users\tl\Desktop\Virenschutz
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1747593855-565391543-2980224419-500 - Administrator - Disabled)
Gast (S-1-5-21-1747593855-565391543-2980224419-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advanced IP Scanner 2.4 (HKLM-x32\...\{051770B2-AC7A-4A63-9326-394C3E6E3B12}) (Version: 2.4.2526 - Famatech)
AMD Catalyst Install Manager (HKLM\...\{C23F43A3-327E-2969-52F2-89ED83D99F48}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.3 - Ihr Firmenname)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
cardPresso (HKLM-x32\...\cardPresso) (Version: 1.1.0 - Copyright 2012, cardPresso, Lda)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
DataDirect ODBC driver for InterBase (HKLM-x32\...\DataDirect ODBC driver for InterBase) (Version: - )
DecoderProgrammer (C:\Program Files (x86)\DecoderProgrammer\) (HKLM-x32\...\ST6UNST #2) (Version: - )
DecoderProgrammer (HKLM-x32\...\ST6UNST #1) (Version: - )
Digi Device Discovery (HKLM-x32\...\Digi Device Discovery) (Version: - )
ELCOM BTI-TERM (HKLM-x32\...\ELCOM BTI-TERM) (Version: 1.0 - ELCOM GmbH & Co. KG)
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
IB-Upgrade Version 1.0.0.1 (HKLM-x32\...\{15E58B69-C4D7-4338-AA1C-4519F843AE0C}_is1) (Version: 1.0.0.1 - Uhlenbrock Elektronik GmbH)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
InterBase 2009 (HKLM-x32\...\InterBase 2009) (Version: InterBase 2009 - Embarcadero Technologies Inc.)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
Linphone (HKLM-x32\...\Linphone) (Version: 3.8.4 - Belledonne communications)
LogMeIn (HKLM-x32\...\{CB7AF84A-1B7F-4C6B-8A58-EB7CDE48C23A}) (Version: 4.1.3268 - LogMeIn, Inc.)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1026108093-1314267383-2887952174-1155\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MySQL Utilities (HKLM-x32\...\{0B18AA75-6A44-4950-A0A2-A486C2D839A0}) (Version: 1.4.4 - Oracle Corporation)
MySQL Workbench 6.1 CE (HKLM-x32\...\{AD95295B-0279-43B6-A873-F12A1D1CD146}) (Version: 6.1.7 - Oracle Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
OKI Network Extension (HKLM-x32\...\{38ADB9A6-798C-11D6-A855-00105A80791C}) (Version: 1.00.000 - Okidata)
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
PhonerLite 2.25 (HKLM-x32\...\PhonerLite_is1) (Version: 2.25 - Heiko Sommerfeldt)
PingPlotter Standard 3.42.3s (HKLM-x32\...\{1C1D0A2C-C8B4-4C2C-9877-884F8FC082B5}) (Version: 3.42.3.6 - Nessoft, LLC)
Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Scriptable Automation Manager (HKLM-x32\...\{9F26E6E5-66BD-4EEA-9038-AC18A63E49A5}) (Version: 0.9.20 - AIT Software GmbH)
Self-Service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6406 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.972 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{11A5F0A4-5738-4857-9CEA-216E4F78BEB5}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.2 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.3 - VMware, Inc)
VMware Player (Version: 6.0.3 - VMware, Inc.) Hidden
VMware vSphere Client 5.1 (HKLM-x32\...\{09DC364B-A77A-49A0-972B-E43F0DACC5E3}) (Version: 5.1.0.1557 - VMware, Inc.)
vtiger CRM Outlook Plugin-6.0-X86 (HKLM-x32\...\vtiger CRM Outlook Plugin-6.0-X86) (Version: - Vtiger)
vtiger CRM Outlook plugin-6.0-X86_64 (HKLM\...\vtiger CRM Outlook plugin-6.0-X86_64) (Version: - Vtiger)
vtigercrm600 (HKU\S-1-5-21-1026108093-1314267383-2887952174-1155\...\vtigercrm600) (Version: - )
VWP100 (HKLM-x32\...\PfisterWaagenGmbH VWP100_is1) (Version: 2.1.0.205 - Pfister Waagen Bilanciai GmbH)
WinWeigh Plus (HKLM-x32\...\PfisterWaagenGmbH WinWeighPlus_is1) (Version: 6.0.0.203 - Pfister Waagen Bilanciai GmbH)
X-Lite (HKLM-x32\...\{D79740D7-405F-4A07-A144-40A655CA4B7C}) (Version: 48.7.6589 - CounterPath Corporation)
Zebra ZXP S3 and S1 Card Printers (HKLM-x32\...\{1132009E-7E6B-43D3-8F24-5554F5E9483B}) (Version: 05.01.00.00 - Zebra Technologies Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1026108093-1314267383-2887952174-1155_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\tl\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
05-06-2015 16:17:04 Windows Update
10-06-2015 13:43:26 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
12-06-2015 14:37:53 Removed PlanetView 030006
15-06-2015 09:37:30 AA11
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1A2A573B-2C2A-44EF-A06D-5431D3C00D31} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-11] (Microsoft Corporation)
Task: {21E2740A-9194-4FAF-9B22-117618CDA0A0} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {26166EDA-84BE-488F-822B-13821D2B145E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29] (Google Inc.)
Task: {2A54C017-97F1-445E-A08F-FF3A8CC22857} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {2F16612B-41A6-4680-A5EF-395EBE596C73} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {32A9D14E-C630-4A42-9556-CFD9EEAC6C4C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {417502C0-9D3B-4553-9DE0-69FA1FA67AE1} - System32\Tasks\{7FB0C9C3-0F3E-4C60-9925-21E2C811DC63} => pcalua.exe -a C:\Users\tl\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=slb2
Task: {5242AA7D-454B-4B4F-9014-D4837CDCBC5E} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-09-25] (Toshiba Europe GmbH)
Task: {5AB1DB5F-1591-4541-849A-635A46A95760} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {5B8BFD2D-202A-4F64-B1A4-B960C4BB4878} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {74415D5C-E789-4B25-8333-AA42DA002600} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {8C7DC534-40B9-4692-90E4-DE07859545E2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {A1AFF702-852D-4707-8739-A25D528605D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29] (Google Inc.)
Task: {B1495406-6C7D-4100-AFEC-5E5830E0966B} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1026108093-1314267383-2887952174-1155 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {CABB91D3-E361-4ECC-BADD-08D85B7C3E4D} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {E8B683AC-BAE7-4250-A5FB-DA5919F275FD} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {EA7E79F4-622D-4847-9422-E8A0C990CB77} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\vtigerCRM Email Reminder.job => C:\Program Files (x86)\vtigercrm600\apache\htdocs\vtigerCRM\modules\Calendar\SendReminder.bat
Task: C:\WINDOWS\Tasks\vtigerCRM Notification Scheduler.job => C:\Program Files (x86)\vtigercrm600\apache\htdocs\vtigerCRM\cron\intimateTaskStatus.bat
Task: C:\WINDOWS\Tasks\vtigerCRM Recurring Invoice.job => C:\Program Files (x86)\vtigercrm600\apache\htdocs\vtigerCRM\cron\modules\SalesOrder\RecurringInvoiceCron.bat
Task: C:\WINDOWS\Tasks\vtigerCRM WorkFlow.job => C:\Program Files (x86)\vtigercrm600\apache\htdocs\vtigerCRM\cron\modules\com_vtiger_workflow\com_vtiger_workflow.bat
==================== Loaded Modules (Whitelisted) ==============
2011-10-13 14:38 - 2011-10-13 14:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2014-07-14 15:08 - 2014-07-14 15:08 - 00034304 _____ () C:\WINDOWS\System32\ssj2mlm.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-25 10:03 - 2012-09-25 10:03 - 05750784 _____ () C:\Program Files (x86)\vtigercrm600\mysql\bin\mysqld-nt.exe
2015-03-02 16:43 - 2015-03-02 16:43 - 00099288 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-09-11 09:29 - 2014-09-11 09:30 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\kpcengine.2.3.dll
2014-06-12 18:22 - 2014-06-12 18:22 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2013-07-03 11:20 - 2008-05-12 17:27 - 00389120 _____ () C:\CodeGear\InterBase\bin\sanctuarylib.dll
2013-06-05 11:26 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-03-02 22:30 - 2015-03-02 22:30 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-06-15 09:43 - 2015-06-05 20:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-15 09:43 - 2015-06-05 20:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
2015-06-15 09:43 - 2015-06-05 20:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-01-13 12:42 - 2014-01-13 12:42 - 00251392 _____ () C:\Program Files (x86)\vtigerCRM\Outlook6.0\vtigerCRMOutlookAddin.dll
2013-07-04 07:30 - 2013-07-04 07:30 - 00886272 _____ () C:\Program Files (x86)\vtigerCRM\Outlook6.0\System.Data.SQLite.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\tl\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1026108093-1314267383-2887952174-1155\...\bern.ch -> hxxps://portal.bern.ch
IE trusted site: HKU\S-1-5-21-1026108093-1314267383-2887952174-1155\...\internet -> internet
IE trusted site: HKU\S-1-5-21-1026108093-1314267383-2887952174-1155\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1026108093-1314267383-2887952174-1155\...\logmein.com -> hxxps://secure.logmein.com
IE trusted site: HKU\S-1-5-21-1026108093-1314267383-2887952174-1155\...\mcafee.com -> hxxp://mcafee.com
IE trusted site: HKU\S-1-5-21-1026108093-1314267383-2887952174-1155\...\mcafee.com -> hxxps://mcafee.com
IE trusted site: HKU\S-1-5-21-1026108093-1314267383-2887952174-1155\...\saidef.ch -> hxxps://login.saidef.ch
IE trusted site: HKU\S-1-5-21-1026108093-1314267383-2887952174-1155\...\webcompanion.com -> hxxp://webcompanion.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1026108093-1314267383-2887952174-1155\Control Panel\Desktop\\Wallpaper -> C:\Users\tl\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\hintergrundbild der windows-fotoanzeige.jpg
DNS Servers: 81.218.119.5 - 82.163.142.130
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "TPUReg(x86)"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Shairport4w"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [UDP Query User{6DF5E0C5-745D-42FA-9871-6AF4488677F5}C:\pfisterwaagengmbh\hkw_basel\bin\wiegen.exe] => (Allow) C:\pfisterwaagengmbh\hkw_basel\bin\wiegen.exe
FirewallRules: [TCP Query User{B968324F-A042-4C32-8EA8-DACFA77B2D6D}C:\pfisterwaagengmbh\hkw_basel\bin\wiegen.exe] => (Allow) C:\pfisterwaagengmbh\hkw_basel\bin\wiegen.exe
FirewallRules: [UDP Query User{1C96A74D-C23E-4798-BC57-8A50C87A1334}C:\pfisterwaagengmbh\leureko\bin\wiegen.exe] => (Allow) C:\pfisterwaagengmbh\leureko\bin\wiegen.exe
FirewallRules: [TCP Query User{E4707320-9033-4523-99C2-21B1B83C6D99}C:\pfisterwaagengmbh\leureko\bin\wiegen.exe] => (Allow) C:\pfisterwaagengmbh\leureko\bin\wiegen.exe
FirewallRules: [UDP Query User{35C67BCD-819A-46E1-9C7F-FD4ADBA67977}C:\pfisterwaagengmbh\kva_winterthur\bin\wiegen.exe] => (Allow) C:\pfisterwaagengmbh\kva_winterthur\bin\wiegen.exe
FirewallRules: [TCP Query User{AA9AADD3-C7AC-44BF-AFF4-B53DACB2B1BA}C:\pfisterwaagengmbh\kva_winterthur\bin\wiegen.exe] => (Allow) C:\pfisterwaagengmbh\kva_winterthur\bin\wiegen.exe
FirewallRules: [UDP Query User{D3A0D19A-A389-4B14-8F0D-725C9F57B9BE}C:\pfisterwaagengmbh\flueckiger\bin\wiegen.exe] => (Allow) C:\pfisterwaagengmbh\flueckiger\bin\wiegen.exe
FirewallRules: [TCP Query User{37571717-5AA6-4267-9262-D776B612060C}C:\pfisterwaagengmbh\flueckiger\bin\wiegen.exe] => (Allow) C:\pfisterwaagengmbh\flueckiger\bin\wiegen.exe
FirewallRules: [UDP Query User{8D8950B2-BFFD-4764-80C7-398755CA72DE}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{011C5D06-4136-4916-8EBB-61689F4233CC}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{DFB5C209-6260-4295-A146-4C7738862D9D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C73F061D-B069-41BE-B38F-3C08140F3BC3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CB1512B8-1DE0-495B-ACFB-7F78AA456E7B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3387AB65-3249-4A15-BCF1-11FE086DAB27}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5D3135C9-0467-43FE-B51C-4005C1EC9A8C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{3AC7E504-4078-4D6C-940C-BFCF5741D6DE}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [TCP Query User{18A83794-C959-40F8-9357-6074AAD50A6D}C:\pfisterwaagengmbh\winweighplus\bin\wiegen.exe] => (Allow) C:\pfisterwaagengmbh\winweighplus\bin\wiegen.exe
FirewallRules: [UDP Query User{2496DC98-1378-4DA3-84A2-2B702D8D7981}C:\pfisterwaagengmbh\winweighplus\bin\wiegen.exe] => (Allow) C:\pfisterwaagengmbh\winweighplus\bin\wiegen.exe
FirewallRules: [TCP Query User{AD62AC37-7B4D-450F-AD21-E418C0912308}C:\pfisterwaagengmbh\haefeli-bruegger\bin\wiegen.exe] => (Allow) C:\pfisterwaagengmbh\haefeli-bruegger\bin\wiegen.exe
FirewallRules: [UDP Query User{54B4FC3B-8064-4F9D-9316-BC966BA38ACB}C:\pfisterwaagengmbh\haefeli-bruegger\bin\wiegen.exe] => (Allow) C:\pfisterwaagengmbh\haefeli-bruegger\bin\wiegen.exe
FirewallRules: [TCP Query User{A12BD658-2F07-4300-8DA1-623A2E98F4BC}C:\users\tl\appdata\local\temp\lmia96.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmia96.tmp\logmein client.exe
FirewallRules: [UDP Query User{563A6257-137D-4526-AC7F-760B3D200CCB}C:\users\tl\appdata\local\temp\lmia96.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmia96.tmp\logmein client.exe
FirewallRules: [TCP Query User{F1ED3FA5-423F-4382-A2F2-371898F997F0}C:\users\tl\appdata\local\logmein client\logmein client.exe] => (Block) C:\users\tl\appdata\local\logmein client\logmein client.exe
FirewallRules: [UDP Query User{E14CBF71-2B9E-4E9D-A6AE-92FABB963897}C:\users\tl\appdata\local\logmein client\logmein client.exe] => (Block) C:\users\tl\appdata\local\logmein client\logmein client.exe
FirewallRules: [TCP Query User{FE23DF26-717A-47D6-A1A5-2376CAD0E33D}C:\pfisterwaagengmbh\regio-recycling\replikation\sdctec\ibrdemon\rpdemon.exe] => (Allow) C:\pfisterwaagengmbh\regio-recycling\replikation\sdctec\ibrdemon\rpdemon.exe
FirewallRules: [UDP Query User{A28910CA-6DDC-4C00-86EB-30755C32A3F3}C:\pfisterwaagengmbh\regio-recycling\replikation\sdctec\ibrdemon\rpdemon.exe] => (Allow) C:\pfisterwaagengmbh\regio-recycling\replikation\sdctec\ibrdemon\rpdemon.exe
FirewallRules: [TCP Query User{21DA7F26-C2F5-4B21-8A36-498488355AF5}C:\pfisterwaagengmbh\regio-recycling\bin\wiegen.exe] => (Block) C:\pfisterwaagengmbh\regio-recycling\bin\wiegen.exe
FirewallRules: [UDP Query User{184C6217-29E9-4DA7-9129-D2C62B1FE295}C:\pfisterwaagengmbh\regio-recycling\bin\wiegen.exe] => (Block) C:\pfisterwaagengmbh\regio-recycling\bin\wiegen.exe
FirewallRules: [TCP Query User{089CA0E6-CBBA-4C36-9826-B889F3B38B94}C:\pfisterwaagengmbh\sam\bin\sam.exe] => (Allow) C:\pfisterwaagengmbh\sam\bin\sam.exe
FirewallRules: [UDP Query User{C77E5057-773F-41D0-A588-E01586DD8954}C:\pfisterwaagengmbh\sam\bin\sam.exe] => (Allow) C:\pfisterwaagengmbh\sam\bin\sam.exe
FirewallRules: [TCP Query User{DD87B767-647C-40F8-AACD-8ABE328471C5}C:\pfisterwaagengmbh\vwp\bin\vwp100.exe] => (Allow) C:\pfisterwaagengmbh\vwp\bin\vwp100.exe
FirewallRules: [UDP Query User{8D9F3E63-B0AD-482F-9E19-587758D3F184}C:\pfisterwaagengmbh\vwp\bin\vwp100.exe] => (Allow) C:\pfisterwaagengmbh\vwp\bin\vwp100.exe
FirewallRules: [TCP Query User{C8720512-FE45-47AA-A0C0-84BC71589354}C:\program files (x86)\microsoft office\office14\outlook.exe] => (Block) C:\program files (x86)\microsoft office\office14\outlook.exe
FirewallRules: [UDP Query User{65B458B4-ED04-48A4-9776-5F8DF6649BF4}C:\program files (x86)\microsoft office\office14\outlook.exe] => (Block) C:\program files (x86)\microsoft office\office14\outlook.exe
FirewallRules: [TCP Query User{4BF94D84-EC94-41AF-9EF1-F0427563870C}C:\pfisterwaagengmbh\laurent\sam\bin\sam.exe] => (Allow) C:\pfisterwaagengmbh\laurent\sam\bin\sam.exe
FirewallRules: [UDP Query User{960BAFC1-E79B-4C3E-8061-637AC1941B77}C:\pfisterwaagengmbh\laurent\sam\bin\sam.exe] => (Allow) C:\pfisterwaagengmbh\laurent\sam\bin\sam.exe
FirewallRules: [TCP Query User{1A5BFCA4-FE72-4F6C-A5D2-DB6293FCEDDE}C:\pfisterwaagengmbh\laurent\bin\wiegen.exe] => (Allow) C:\pfisterwaagengmbh\laurent\bin\wiegen.exe
FirewallRules: [UDP Query User{929D7F75-EBBC-4931-B07B-C27E6BEB83BE}C:\pfisterwaagengmbh\laurent\bin\wiegen.exe] => (Allow) C:\pfisterwaagengmbh\laurent\bin\wiegen.exe
FirewallRules: [{4FC63C92-DCC9-4192-9DD1-0D0BA1F7328E}] => (Allow) LPort=6160
FirewallRules: [TCP Query User{19510CE2-CEDD-457F-A46B-D08D9DD539E7}C:\users\tl\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\tl\appdata\local\logmein client\logmein client.exe
FirewallRules: [UDP Query User{98CA6081-5BEB-417D-B701-FDAF9B4A6D89}C:\users\tl\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\tl\appdata\local\logmein client\logmein client.exe
FirewallRules: [TCP Query User{F3841F5E-F098-43FA-A794-DDA85A92D73A}C:\pfisterwaagengmbh\winweighplus\bin\vip.exe] => (Allow) C:\pfisterwaagengmbh\winweighplus\bin\vip.exe
FirewallRules: [UDP Query User{3A7712EF-C62A-4FEC-84F4-FC5EB9576612}C:\pfisterwaagengmbh\winweighplus\bin\vip.exe] => (Allow) C:\pfisterwaagengmbh\winweighplus\bin\vip.exe
FirewallRules: [TCP Query User{2861A8E2-B3A1-4326-A1B8-EABC00F03C2E}C:\users\tl\appdata\local\temp\lmi8a0b.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmi8a0b.tmp\logmein client.exe
FirewallRules: [UDP Query User{13489791-BAE8-4DEE-85E8-F55AD935635F}C:\users\tl\appdata\local\temp\lmi8a0b.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmi8a0b.tmp\logmein client.exe
FirewallRules: [TCP Query User{EE5A351F-F3E3-4DDA-9770-A11D4E2C7D33}C:\users\tl\appdata\local\temp\lmicab0.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmicab0.tmp\logmein client.exe
FirewallRules: [UDP Query User{2DBA82D1-C9F6-4099-A9D8-3818A1F5A81B}C:\users\tl\appdata\local\temp\lmicab0.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmicab0.tmp\logmein client.exe
FirewallRules: [TCP Query User{E419FD77-9C7D-4D7E-AD2E-4ADB4108A87C}C:\users\tl\appdata\local\temp\lmif23.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmif23.tmp\logmein client.exe
FirewallRules: [UDP Query User{3B12BFEB-D1A6-4C05-AB44-F7E5AE7885F0}C:\users\tl\appdata\local\temp\lmif23.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmif23.tmp\logmein client.exe
FirewallRules: [{A36AF5E9-B54B-401C-8C74-8DDAE0F34E34}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{34B6B948-E6EF-4939-ACC5-115FAE2B3748}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [TCP Query User{707251A2-5EEA-4852-8AD2-A63E1D4B8576}C:\users\tl\appdata\local\temp\lmi5aef.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmi5aef.tmp\logmein client.exe
FirewallRules: [UDP Query User{3FA31B54-B923-4EAF-BCE1-E528B4E38194}C:\users\tl\appdata\local\temp\lmi5aef.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmi5aef.tmp\logmein client.exe
FirewallRules: [{96C82587-C833-4619-A865-8DB821473A86}] => (Block) C:\users\tl\appdata\local\temp\lmi5aef.tmp\logmein client.exe
FirewallRules: [{5259C50B-F01E-44BA-B23B-F63A58FAC4B5}] => (Block) C:\users\tl\appdata\local\temp\lmi5aef.tmp\logmein client.exe
FirewallRules: [TCP Query User{9F89E13E-10F4-438F-BFB6-B2CB2A689637}C:\users\tl\appdata\local\temp\temp1_shairport4w73.zip\shairport4w.exe] => (Allow) C:\users\tl\appdata\local\temp\temp1_shairport4w73.zip\shairport4w.exe
FirewallRules: [UDP Query User{DD6C979E-D6AB-4468-A494-1EB3724A599E}C:\users\tl\appdata\local\temp\temp1_shairport4w73.zip\shairport4w.exe] => (Allow) C:\users\tl\appdata\local\temp\temp1_shairport4w73.zip\shairport4w.exe
FirewallRules: [{1B974948-5978-4FB2-9B19-CAB1EC8A8F48}] => (Block) C:\users\tl\appdata\local\temp\temp1_shairport4w73.zip\shairport4w.exe
FirewallRules: [{5262CDE8-5098-48D9-A279-96972AFB16C8}] => (Block) C:\users\tl\appdata\local\temp\temp1_shairport4w73.zip\shairport4w.exe
FirewallRules: [TCP Query User{C319BF7B-A590-4002-8FA0-52FDF68A99A8}C:\users\tl\downloads\shairport4w.exe] => (Allow) C:\users\tl\downloads\shairport4w.exe
FirewallRules: [UDP Query User{9502A222-BF4F-40AE-8B53-7C09D3DB0C1C}C:\users\tl\downloads\shairport4w.exe] => (Allow) C:\users\tl\downloads\shairport4w.exe
FirewallRules: [{F19EEF4A-6688-4593-90E1-CFDC00370D6C}] => (Block) C:\users\tl\downloads\shairport4w.exe
FirewallRules: [{0193E345-477B-4E0C-A87A-4B43F06777BC}] => (Block) C:\users\tl\downloads\shairport4w.exe
FirewallRules: [TCP Query User{C77B61D7-9C05-4127-9A72-7F20F8FDD3F6}C:\users\tl\appdata\local\temp\lmi32fb.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmi32fb.tmp\logmein client.exe
FirewallRules: [UDP Query User{78F472D1-F4E2-4130-9F25-BB925EC414DF}C:\users\tl\appdata\local\temp\lmi32fb.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmi32fb.tmp\logmein client.exe
FirewallRules: [{1A855937-7B11-4B29-9A59-7E16B0EAB2E2}] => (Block) C:\users\tl\appdata\local\temp\lmi32fb.tmp\logmein client.exe
FirewallRules: [{ECA562BF-1826-4AB0-B99C-8DC1954F0B9F}] => (Block) C:\users\tl\appdata\local\temp\lmi32fb.tmp\logmein client.exe
FirewallRules: [TCP Query User{B1719AC7-0B8A-4952-9EE7-85E10DB80626}C:\users\tl\appdata\local\temp\lmi506b.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmi506b.tmp\logmein client.exe
FirewallRules: [UDP Query User{186A7E3E-39F7-409F-AD15-72AA8C7E5BD2}C:\users\tl\appdata\local\temp\lmi506b.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmi506b.tmp\logmein client.exe
FirewallRules: [{F7ED78AB-9616-4D0F-9803-E43D4BA8BDA6}] => (Block) C:\users\tl\appdata\local\temp\lmi506b.tmp\logmein client.exe
FirewallRules: [{7608FBDA-6D5D-44B5-9C03-79FA96955295}] => (Block) C:\users\tl\appdata\local\temp\lmi506b.tmp\logmein client.exe
FirewallRules: [TCP Query User{72C20564-E862-41F1-A0B6-371A98A82A49}C:\users\tl\appdata\local\temp\lmi5479.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmi5479.tmp\logmein client.exe
FirewallRules: [UDP Query User{88349468-55F1-484C-A391-84309A0F4898}C:\users\tl\appdata\local\temp\lmi5479.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmi5479.tmp\logmein client.exe
FirewallRules: [{48DB220E-ED51-4AFA-BF7D-5BCED6EB8048}] => (Block) C:\users\tl\appdata\local\temp\lmi5479.tmp\logmein client.exe
FirewallRules: [{7E69A0E3-CCED-4D70-86CD-14E41E53509C}] => (Block) C:\users\tl\appdata\local\temp\lmi5479.tmp\logmein client.exe
FirewallRules: [TCP Query User{ACC4ED1D-9534-4E5C-8670-927D64D503A3}C:\users\tl\appdata\local\temp\lmi1c36.tmp\logmein client.exe] => (Block) C:\users\tl\appdata\local\temp\lmi1c36.tmp\logmein client.exe
FirewallRules: [UDP Query User{EEDED9C7-08F7-4893-8F8C-1E6ACA6910EC}C:\users\tl\appdata\local\temp\lmi1c36.tmp\logmein client.exe] => (Block) C:\users\tl\appdata\local\temp\lmi1c36.tmp\logmein client.exe
FirewallRules: [{1F66F25A-757B-4DFE-9C08-D1E1F6A50E2F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{6E88C7C3-54AC-42E8-8FE0-00DCE64F8CCB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{827A314E-31ED-40D8-8BCF-482B9DA3EA6D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{D0977BA1-314B-430A-BD6B-CCF77EA42B09}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{DF336DAC-12FE-4959-B746-2453E8B2547D}C:\program files (x86)\vtigercrm600\apache\bin\httpd.exe] => (Allow) C:\program files (x86)\vtigercrm600\apache\bin\httpd.exe
FirewallRules: [UDP Query User{82139993-6DC3-4AFE-9630-542F5B30F7B0}C:\program files (x86)\vtigercrm600\apache\bin\httpd.exe] => (Allow) C:\program files (x86)\vtigercrm600\apache\bin\httpd.exe
FirewallRules: [{5228C92C-C043-40DF-B51D-B8F2B67F9677}] => (Block) C:\program files (x86)\vtigercrm600\apache\bin\httpd.exe
FirewallRules: [{46CEE341-4C5D-4D9C-8D46-A3996BD25CF6}] => (Block) C:\program files (x86)\vtigercrm600\apache\bin\httpd.exe
FirewallRules: [TCP Query User{BDA41A5C-B3D6-44B3-BDB1-7D0267F0167E}\\chpf05\ftp\tools\ftp_server\quick£neasy\ftpserver3lite\ftpserver.exe] => (Allow) \\chpf05\ftp\tools\ftp_server\quick£neasy\ftpserver3lite\ftpserver.exe
FirewallRules: [UDP Query User{A541D71C-AF00-4A4B-8D6B-5A644D3AA46C}\\chpf05\ftp\tools\ftp_server\quick£neasy\ftpserver3lite\ftpserver.exe] => (Allow) \\chpf05\ftp\tools\ftp_server\quick£neasy\ftpserver3lite\ftpserver.exe
FirewallRules: [{D50BDBEC-8A14-49A9-9275-9643A3A4AD8B}] => (Block) \\chpf05\ftp\tools\ftp_server\quick£neasy\ftpserver3lite\ftpserver.exe
FirewallRules: [{17C20F44-8078-4325-82BA-756CC9A9EA25}] => (Block) \\chpf05\ftp\tools\ftp_server\quick£neasy\ftpserver3lite\ftpserver.exe
FirewallRules: [TCP Query User{F1A9A991-2331-4446-A176-70B983378FAD}C:\users\tl\appdata\local\temp\lmi4d14.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmi4d14.tmp\logmein client.exe
FirewallRules: [UDP Query User{01372AB0-BE78-4978-8269-2D750A4D7965}C:\users\tl\appdata\local\temp\lmi4d14.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmi4d14.tmp\logmein client.exe
FirewallRules: [{D064D779-2ACB-4411-B478-5CA6F4D39D80}] => (Block) C:\users\tl\appdata\local\temp\lmi4d14.tmp\logmein client.exe
FirewallRules: [{84F39603-F78D-4747-A2DC-3057524C00F3}] => (Block) C:\users\tl\appdata\local\temp\lmi4d14.tmp\logmein client.exe
FirewallRules: [TCP Query User{CA4FDDC9-5233-4EFA-8102-27AF1ADEBEA5}E:\dart\apps\nirsoft\netbscanner.exe] => (Allow) E:\dart\apps\nirsoft\netbscanner.exe
FirewallRules: [UDP Query User{89B348B1-96D1-451B-9F0D-13C7DE53C22E}E:\dart\apps\nirsoft\netbscanner.exe] => (Allow) E:\dart\apps\nirsoft\netbscanner.exe
FirewallRules: [{CEFCBAB9-6067-4A31-8A7A-BEA675D712AB}] => (Block) E:\dart\apps\nirsoft\netbscanner.exe
FirewallRules: [{B5083C7A-5234-4C8E-82D0-C579B18A17CF}] => (Block) E:\dart\apps\nirsoft\netbscanner.exe
FirewallRules: [TCP Query User{469E45CD-3341-43E3-BFDF-F80D4F861B7E}C:\users\tl\appdata\local\temp\lmi59c2.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmi59c2.tmp\logmein client.exe
FirewallRules: [UDP Query User{FE697957-28B8-4EF9-97A9-972124ACC2E8}C:\users\tl\appdata\local\temp\lmi59c2.tmp\logmein client.exe] => (Allow) C:\users\tl\appdata\local\temp\lmi59c2.tmp\logmein client.exe
FirewallRules: [{46128B36-356E-4F9C-B3D0-134419AA4721}] => (Block) C:\users\tl\appdata\local\temp\lmi59c2.tmp\logmein client.exe
FirewallRules: [{D90E0E14-F3FF-4219-85D6-4CFD47254AD4}] => (Block) C:\users\tl\appdata\local\temp\lmi59c2.tmp\logmein client.exe
FirewallRules: [TCP Query User{BF17F129-A741-40B3-9997-E04D5A5C1C01}C:\pfisterwaagengmbh\winweighplus\bin\wiegen-6-1-0-204.exe] => (Allow) C:\pfisterwaagengmbh\winweighplus\bin\wiegen-6-1-0-204.exe
FirewallRules: [UDP Query User{3307843B-D079-4A5D-8C8F-7F87CDC288B6}C:\pfisterwaagengmbh\winweighplus\bin\wiegen-6-1-0-204.exe] => (Allow) C:\pfisterwaagengmbh\winweighplus\bin\wiegen-6-1-0-204.exe
FirewallRules: [{D01E3058-FB68-42CA-8F2A-EF4B5F06C2E6}] => (Block) C:\pfisterwaagengmbh\winweighplus\bin\wiegen-6-1-0-204.exe
FirewallRules: [{F7A2F2C4-EC7C-4FAC-9D81-141AB3C6AAD7}] => (Block) C:\pfisterwaagengmbh\winweighplus\bin\wiegen-6-1-0-204.exe
FirewallRules: [TCP Query User{A4497331-DA1D-44FF-9469-13D0A4BECB48}C:\pfisterwaagengmbh\winweighplus\bin\wiegen-6-2-0-203.exe] => (Allow) C:\pfisterwaagengmbh\winweighplus\bin\wiegen-6-2-0-203.exe
FirewallRules: [UDP Query User{E45321EF-1E1E-4DC8-AEB5-46FA47CC3676}C:\pfisterwaagengmbh\winweighplus\bin\wiegen-6-2-0-203.exe] => (Allow) C:\pfisterwaagengmbh\winweighplus\bin\wiegen-6-2-0-203.exe
FirewallRules: [{8C71A085-33E9-472E-8EC4-D5C8BF5B3BB9}] => (Block) C:\pfisterwaagengmbh\winweighplus\bin\wiegen-6-2-0-203.exe
FirewallRules: [{AF0DE006-A96A-4194-9578-80E5174A3CED}] => (Block) C:\pfisterwaagengmbh\winweighplus\bin\wiegen-6-2-0-203.exe
FirewallRules: [TCP Query User{8F7B07BB-B4C6-4DD2-AC5C-AB42B12B5E17}C:\users\tl\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\tl\appdata\local\logmein client\lmiignition.exe
FirewallRules: [UDP Query User{414D4EB2-359C-40DB-96D2-5C50A05ACFBA}C:\users\tl\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\tl\appdata\local\logmein client\lmiignition.exe
FirewallRules: [{784740AB-C5F0-4198-A245-9E991C3F7150}] => (Block) C:\users\tl\appdata\local\logmein client\lmiignition.exe
FirewallRules: [{3FD46780-447D-4F4A-93DB-24C97A43EFCC}] => (Block) C:\users\tl\appdata\local\logmein client\lmiignition.exe
FirewallRules: [TCP Query User{71B48C9A-3DE3-4A50-AB2D-209752523850}C:\program files (x86)\logmein\ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [UDP Query User{0A6E9E96-C9D4-4870-8651-DF917046C45A}C:\program files (x86)\logmein\ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [{81F33B51-E452-40A7-B2AF-924EE237644D}] => (Block) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [{4B1A6B12-3CDD-41B4-847D-44659325D312}] => (Block) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [TCP Query User{A358574F-D9F3-43AF-8F7C-C76C8F52489D}C:\program files (x86)\matx software\planetview_030006\planetview.exe] => (Allow) C:\program files (x86)\matx software\planetview_030006\planetview.exe
FirewallRules: [UDP Query User{E1DD3D6B-EE6E-438E-A6F1-872EA56930AA}C:\program files (x86)\matx software\planetview_030006\planetview.exe] => (Allow) C:\program files (x86)\matx software\planetview_030006\planetview.exe
FirewallRules: [{41F66AE3-DB6D-4A3A-A8F5-015BD4ABC803}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{1A994E50-837E-4938-8538-5AACE1B135BE}C:\pfisterwaagengmbh\winweighplus\bin\wiegen-6-0-0-109.exe] => (Block) C:\pfisterwaagengmbh\winweighplus\bin\wiegen-6-0-0-109.exe
FirewallRules: [UDP Query User{E1A2DADE-FBF5-40A6-9733-B50FF69586F4}C:\pfisterwaagengmbh\winweighplus\bin\wiegen-6-0-0-109.exe] => (Block) C:\pfisterwaagengmbh\winweighplus\bin\wiegen-6-0-0-109.exe
FirewallRules: [{EB52EE57-B11B-48B8-8064-F54907EA5FFF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{C9FC595C-1F39-41A6-B017-BCCA3E1C7DBE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{1F50B441-33B9-46BF-86F2-CA3E6AC7AD98}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{16AB997B-042A-4CC5-ABB1-FEE60CB7D897}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{31451F06-5738-4726-B13D-E776482E8E11}C:\program files (x86)\linphone\bin\linphone.exe] => (Allow) C:\program files (x86)\linphone\bin\linphone.exe
FirewallRules: [UDP Query User{C4071F1C-BC52-403E-BB26-D2C40E860E41}C:\program files (x86)\linphone\bin\linphone.exe] => (Allow) C:\program files (x86)\linphone\bin\linphone.exe
FirewallRules: [TCP Query User{8CD46B07-3048-44E2-8A63-8E4B40F0C5CD}C:\program files (x86)\phonerlite\phonerlite.exe] => (Allow) C:\program files (x86)\phonerlite\phonerlite.exe
FirewallRules: [UDP Query User{749C1348-45B0-46E2-A807-CA11757C211C}C:\program files (x86)\phonerlite\phonerlite.exe] => (Allow) C:\program files (x86)\phonerlite\phonerlite.exe
FirewallRules: [TCP Query User{6FD97CB3-59B4-42B2-99D2-9C9BA1B8D5D7}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [UDP Query User{4732951F-D02B-440C-ABCA-3713D2DDCDC0}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [{E6972F3F-1171-4E19-B89E-4142D3D960A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/15/2015 11:41:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PFISTERWAAGEN)
Description: Bei der Aktivierung der App „Microsoft.BingNews_8wekyb3d8bbwe!AppexNews“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/15/2015 11:41:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PFISTERWAAGEN)
Description: Bei der Aktivierung der App „Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/15/2015 11:41:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PFISTERWAAGEN)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/15/2015 11:27:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17667, Zeitstempel: 0x54c6f7c2
Name des fehlerhaften Moduls: twinui.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54503c45
Ausnahmecode: 0x80270249
Fehleroffset: 0x00000000002f497f
ID des fehlerhaften Prozesses: 0x1334
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5
Error: (06/15/2015 10:29:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17667, Zeitstempel: 0x54c6f7c2
Name des fehlerhaften Moduls: twinui.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54503c45
Ausnahmecode: 0x80270249
Fehleroffset: 0x00000000002f497f
ID des fehlerhaften Prozesses: 0x1184
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5
Error: (06/15/2015 10:25:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PFISTERWAAGEN)
Description: Bei der Aktivierung der App „Microsoft.BingSports_8wekyb3d8bbwe!AppexSports“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/15/2015 10:10:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17667, Zeitstempel: 0x54c6f7c2
Name des fehlerhaften Moduls: twinui.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54503c45
Ausnahmecode: 0x80270249
Fehleroffset: 0x00000000002f497f
ID des fehlerhaften Prozesses: 0x1344
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5
Error: (06/15/2015 09:44:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PFISTERWAAGEN)
Description: Bei der Aktivierung der App „Microsoft.BingNews_8wekyb3d8bbwe!AppexNews“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/15/2015 09:44:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PFISTERWAAGEN)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/15/2015 09:44:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PFISTERWAAGEN)
Description: Bei der Aktivierung der App „Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
System errors:
=============
Error: (06/15/2015 11:38:53 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80072ee4 fehlgeschlagen: Microsoft.BingFoodAndDrink
Error: (06/15/2015 11:38:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80072ee4 fehlgeschlagen: PONS.Wrterbuch
Error: (06/15/2015 11:38:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80072ee4 fehlgeschlagen: WildTangentGames.-GamesApp-
Error: (06/15/2015 11:38:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80072ee4 fehlgeschlagen: Microsoft.Reader
Error: (06/15/2015 11:38:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80072ee4 fehlgeschlagen: Microsoft.BingNews
Error: (06/15/2015 11:38:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80072ee4 fehlgeschlagen: Microsoft.BingTravel
Error: (06/15/2015 11:38:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80072ee4 fehlgeschlagen: Microsoft.FreshPaint
Error: (06/15/2015 11:38:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80072ee4 fehlgeschlagen: Microsoft.MicrosoftSolitaireCollection
Error: (06/15/2015 11:38:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80072ee4 fehlgeschlagen: Microsoft.SkypeApp
Error: (06/15/2015 11:38:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80072ee4 fehlgeschlagen: Microsoft.ZuneMusic
Microsoft Office:
=========================
Error: (06/15/2015 11:41:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PFISTERWAAGEN)
Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews-2144927148
Error: (06/15/2015 11:41:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PFISTERWAAGEN)
Description: Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel-2144927148
Error: (06/15/2015 11:41:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PFISTERWAAGEN)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148
Error: (06/15/2015 11:27:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497f133401d0a74d6ac59514C:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\twinui.dllb0c85038-1340-11e5-bee5-2cd05a90f365
Error: (06/15/2015 10:29:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497f118401d0a745541daccbC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\twinui.dll98b83a3d-1338-11e5-bee4-2cd05a90f365
Error: (06/15/2015 10:25:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PFISTERWAAGEN)
Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927148
Error: (06/15/2015 10:10:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497f134401d0a742bdb0842eC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\twinui.dll003bdf5b-1336-11e5-bee4-2cd05a90f365
Error: (06/15/2015 09:44:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PFISTERWAAGEN)
Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews-2144927148
Error: (06/15/2015 09:44:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PFISTERWAAGEN)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148
Error: (06/15/2015 09:44:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PFISTERWAAGEN)
Description: Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel-2144927148
CodeIntegrity Errors:
===================================
Date: 2015-06-12 14:09:09.954
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-12 14:09:09.798
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-12 14:09:09.657
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-12 14:09:07.016
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-12 14:09:06.875
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-12 14:09:06.719
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-12 14:09:06.579
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-12 14:09:06.422
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-12 14:09:06.282
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-12 14:09:06.125
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 34%
Total physical RAM: 8143.22 MB
Available physical RAM: 5329.54 MB
Total Pagefile: 9423.22 MB
Available Pagefile: 6432.54 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: (TI31025900A) (Fixed) (Total:454.36 GB) (Free:286.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End of log ============================
--- --- ---
result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by TL (administrator) on PFISTERNB20 on 15-06-2015 11:42:30
Running from C:\Users\tl\Des Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-15 11:59:48
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000033 TOSHIBA_MK5061GSYN rev.MH001M 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\tl\AppData\Local\Temp\kwlyqaoc.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff960000c4d00 15 bytes [00, A9, F3, 01, 80, 64, 6D, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff960000c4d10 11 bytes [00, 91, FC, FF, 00, BF, CA, ...]
---- User code sections - GMER 2.1 ----
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ff996904b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ff996904f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ff996905206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ff9969053ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ff99690579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ff996905954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ff996905ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ff996905f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ff9969060ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ff9969064d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ff996906616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ff9969066cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ff996908397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ff996908a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ff996908d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ff996908e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ff9969090ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ff99690917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ff996909d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ff996909fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ff99690aae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ff99690ab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ff99690b2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ff99690b33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ff99690c4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ff99690c5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ff99690d0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ff99690d10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ff99690d57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ff99690d6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ff99690d888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ff99690d944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ff99690dba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ff99690dd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ff99690e073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ff99690e124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ff99690e160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ff99690eb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ff99690fe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ff99691009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ff99691015b 8 bytes [70, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ff996911438 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ff9969115e6 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ff996911877 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ff996911a2d 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ff996911c35 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff996981290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ff996981410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff996981440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ff996981560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ff996981610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ff996981cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ff996981fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ff996982850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438 0000000076e713f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387 0000000076e71583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000076e71621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000076e71674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000076e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000076e716e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000076e71727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 0000000076e725d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000076e72714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000076e72961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\tl\Desktop\Virenschutz\Gmer-19357.exe[2272] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000076e72bd3 8 bytes [DC, 6A, F8, 7F, 00, 00, 00, ...]
---- User IAT/EAT - GMER 2.1 ----
IAT C:\WINDOWS\explorer.exe[5764] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcConnectPortEx] [66444d70] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\prremote.dll
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [800:828] fffff960008762d0
Thread C:\WINDOWS\system32\svchost.exe [1032:4620] 00007ff98acb4ee0
Thread C:\WINDOWS\system32\svchost.exe [1096:6440] 00007ff985ce6c60
Thread C:\WINDOWS\system32\svchost.exe [1096:6444] 00007ff985ce6850
Thread C:\WINDOWS\system32\svchost.exe [1612:4536] 00007ff984201600
Thread C:\WINDOWS\system32\svchost.exe [1612:4616] 00007ff984151b70
Thread C:\WINDOWS\system32\svchost.exe [1612:4428] 00007ff985f24440
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
Lesestoff:
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
FRST 32-Bit | FRST 64-Bit