WIN 8: Trojan.Zbot aus Spam-Mail Liebes Trojaner-Board,
mein Vater war unachtsam und hat vor ein paar Tagen eine .exe einer SPAM-Mail geöffnet. Seitdem hat er keine Einschränkungen am PC festgestellt.
Der McAfee Virenscanner meldet "keine Bedrohung", allerdings hat er drei Trojaner festgetellt.
Daraufhin habe ich Malwarebytes heruntergeladen. Der log zeigt einige vedächtige Dateien. Unter anderem der Trojan.Zbot, der sich bei den Downloads als Rechnung.exe verbirgt. Was die .exe angerichtet hat, würde ich nun gerne mit Euch herausfinden. Wäre toll, wenn uns jemand helfen könnte. Vielen Dank im voraus!
Gruß,
Marco Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 20.04.2014
Scan Time: 12:27:11
Logfile: 20042014.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.04.20.03
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 8
CPU: x64
File System: NTFS
User: Peter
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 245324
Time Elapsed: 1 hr, 38 min, 22 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 4
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, , [256ec963017ae3539374af9e20e2d62a],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, , [256ec963017ae3539374af9e20e2d62a],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3406209320-4008881683-4255431915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, , [0d86e943f6853bfbdfb4e435f1114db3],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3406209320-4008881683-4255431915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, , [0d86e943f6853bfbdfb4e435f1114db3],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 4
PUP.Optional.Wajam, C:\Users\Peter\AppData\Local\Temp\DLG_aRJy\exe\wajam-internet-technologies-wajam-1.0-de-de\wajam_download.exe, , [890a5dcf7209d363ec7553cbc63aae52],
PUP.Optional.Conduit.A, C:\Users\Peter\AppData\Local\Temp\DLG_aRJy\requirements\SPIdentifier.exe, , [a3f03def7902d56160f557b0857c9070],
PUP.Optional.Breitschopp, C:\Users\Peter\Downloads\agsetup183se.exe, , [2370ca623c3f61d570e80e0dc1430af6],
Trojan.Zbot, C:\Users\Peter\Downloads\Rechnung.exe, , [e9aa0f1d14672e08ee9a204da16009f7],
Physical Sectors: 0
(No malicious items detected)
(end) Die von Euch gewünschten logs habe ich durchgefürt.
defogger: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:19 on 20/04/2014 (Peter)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- Farbar's Recovery Scan Tool Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014
Ran by Peter (administrator) on DAGMAR on 20-04-2014 15:22:04
Running from C:\Users\Peter\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-02-01] (Dell Inc.)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3406209320-4008881683-4255431915-1001\...\Run: [BrowserChoice] => C:\Windows\BrowserChoice\browserchoice.exe [86696 2012-08-15] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKLM - DefaultScope {F478D88F-5D13-4723-9FE3-52113C979269} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {F478D88F-5D13-4723-9FE3-52113C979269} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope {F478D88F-5D13-4723-9FE3-52113C979269} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {F478D88F-5D13-4723-9FE3-52113C979269} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {F478D88F-5D13-4723-9FE3-52113C979269} URL =
SearchScopes: HKCU - {F478D88F-5D13-4723-9FE3-52113C979269} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\6mpq2kr1.default
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-05-01]
==================== Services (Whitelisted) =================
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)
==================== Drivers (Whitelisted) ====================
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-20] (Malwarebytes Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-20 15:22 - 2014-04-20 15:22 - 00014052 _____ () C:\Users\Peter\Downloads\FRST.txt
2014-04-20 15:21 - 2014-04-20 15:22 - 00000000 ____D () C:\FRST
2014-04-20 15:20 - 2014-04-20 15:20 - 02055680 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2014-04-20 15:19 - 2014-04-20 15:19 - 00050477 _____ () C:\Users\Peter\Downloads\Defogger.exe
2014-04-20 15:19 - 2014-04-20 15:19 - 00000472 _____ () C:\Users\Peter\Downloads\defogger_disable.log
2014-04-20 15:19 - 2014-04-20 15:19 - 00000000 _____ () C:\Users\Peter\defogger_reenable
2014-04-20 12:28 - 2014-04-20 12:28 - 00020992 ___SH () C:\Users\Peter\Downloads\Thumbs.db
2014-04-20 12:27 - 2014-04-20 12:27 - 00002258 _____ () C:\20042014.txt
2014-04-20 12:22 - 2014-04-20 12:22 - 00122976 _____ (Kaspersky Lab ZAO) C:\Users\Peter\Downloads\zbotkiller.exe
2014-04-20 12:18 - 2014-04-20 12:29 - 00014884 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 12:12 - 2014-04-20 12:12 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-20 12:12 - 2014-04-20 12:12 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-20 12:12 - 2014-04-20 12:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-20 12:11 - 2014-04-20 12:12 - 03710504 _____ (Piriform Ltd) C:\Users\Peter\Downloads\ccsetup412_slim.exe
2014-04-20 10:54 - 2014-04-20 10:54 - 00000000 ____D () C:\ProgramData\softthinks
2014-04-20 10:54 - 2013-05-24 03:37 - 00000094 ____H () C:\DBAR_Ver.txt
2014-04-20 10:48 - 2014-04-20 10:48 - 00000000 ___RD () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-20 10:20 - 2014-04-20 10:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 10:20 - 2014-04-20 10:20 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-20 10:19 - 2014-04-20 10:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-20 10:19 - 2014-04-20 10:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-20 10:19 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-20 10:19 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-20 10:19 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-20 08:51 - 2014-04-20 08:51 - 00325704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-15 20:17 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-15 20:17 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-15 20:17 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-15 20:17 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-15 20:17 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-15 20:17 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-15 20:17 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-15 20:17 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-15 20:17 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-15 20:17 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-15 20:17 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-15 20:17 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-15 20:17 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-15 20:17 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-15 20:17 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-15 20:17 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-15 20:17 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-15 20:17 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-15 20:17 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-15 20:17 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-15 20:14 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-15 20:14 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-15 20:14 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-15 20:14 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-30 21:18 - 2014-03-30 21:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-23 14:22 - 2014-03-24 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
2014-04-20 15:22 - 2014-04-20 15:22 - 00014052 _____ () C:\Users\Peter\Downloads\FRST.txt
2014-04-20 15:22 - 2014-04-20 15:21 - 00000000 ____D () C:\FRST
2014-04-20 15:20 - 2014-04-20 15:20 - 02055680 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2014-04-20 15:19 - 2014-04-20 15:19 - 00050477 _____ () C:\Users\Peter\Downloads\Defogger.exe
2014-04-20 15:19 - 2014-04-20 15:19 - 00000472 _____ () C:\Users\Peter\Downloads\defogger_disable.log
2014-04-20 15:19 - 2014-04-20 15:19 - 00000000 _____ () C:\Users\Peter\defogger_reenable
2014-04-20 15:19 - 2013-07-05 19:48 - 00000000 ____D () C:\Users\Peter
2014-04-20 15:06 - 2013-10-03 07:20 - 00043520 ___SH () C:\Users\Peter\Desktop\Thumbs.db
2014-04-20 13:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-20 12:29 - 2014-04-20 12:18 - 00014884 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 12:28 - 2014-04-20 12:28 - 00020992 ___SH () C:\Users\Peter\Downloads\Thumbs.db
2014-04-20 12:27 - 2014-04-20 12:27 - 00002258 _____ () C:\20042014.txt
2014-04-20 12:22 - 2014-04-20 12:22 - 00122976 _____ (Kaspersky Lab ZAO) C:\Users\Peter\Downloads\zbotkiller.exe
2014-04-20 12:14 - 2013-07-31 07:39 - 00000000 ____D () C:\Users\Peter\AppData\Local\CrashDumps
2014-04-20 12:14 - 2013-05-02 05:43 - 00000000 ____D () C:\Windows\Panther
2014-04-20 12:12 - 2014-04-20 12:12 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-20 12:12 - 2014-04-20 12:12 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-20 12:12 - 2014-04-20 12:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-20 12:12 - 2014-04-20 12:11 - 03710504 _____ (Piriform Ltd) C:\Users\Peter\Downloads\ccsetup412_slim.exe
2014-04-20 11:29 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-04-20 11:11 - 2013-08-18 09:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-20 11:08 - 2013-07-14 10:53 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-20 10:54 - 2014-04-20 10:54 - 00000000 ____D () C:\ProgramData\softthinks
2014-04-20 10:54 - 2013-07-05 20:23 - 00000000 ____D () C:\Users\Peter\AppData\Local\softthinks
2014-04-20 10:54 - 2013-05-01 21:48 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-04-20 10:52 - 2012-07-26 12:27 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-04-20 10:52 - 2012-07-26 12:27 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-04-20 10:52 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-20 10:48 - 2014-04-20 10:48 - 00000000 ___RD () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-20 10:48 - 2014-04-20 10:20 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 10:46 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 10:45 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-20 10:26 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-20 10:20 - 2014-04-20 10:20 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-20 10:19 - 2014-04-20 10:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-20 10:19 - 2014-04-20 10:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-20 09:06 - 2013-07-05 19:51 - 00000000 ____D () C:\Users\Peter\Documents\Bluetooth Folder
2014-04-20 08:58 - 2013-07-05 19:50 - 00000000 ___RD () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-20 08:58 - 2013-07-05 19:50 - 00000000 ___RD () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-20 08:53 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-20 08:53 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-20 08:52 - 2013-05-01 21:53 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-04-20 08:51 - 2014-04-20 08:51 - 00325704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-20 08:50 - 2013-07-13 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-15 20:41 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-13 23:02 - 2013-07-05 19:58 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-03 09:51 - 2014-04-20 10:19 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-20 10:19 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-20 10:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 06:20 - 2013-07-16 22:49 - 00000000 ____D () C:\Users\Peter\AppData\Local\Windows Live
2014-04-03 00:15 - 2013-07-14 11:57 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-31 23:18 - 2013-11-17 12:05 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-11-17 12:05 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-30 21:18 - 2014-03-30 21:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-24 20:50 - 2014-03-23 14:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-22 11:10 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-22 11:10 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-22 11:10 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-22 11:10 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
Some content of TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-07 07:16
==================== End Of Log ============================ Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014
Ran by Peter at 2014-04-20 15:23:10
Running from C:\Users\Peter\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon MG4200 series Benutzerregistrierung (HKLM-x32\...\Canon MG4200 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
Canon MG4200 series On-screen Manual (HKLM-x32\...\Canon MG4200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.2417 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2413 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4828.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.5.618 - Foxit Corporation)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version: 3.8.0.0 - Ifolor AG)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.017 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
==================== Restore Points =========================
02-04-2014 20:26:14 Geplanter Prüfpunkt
15-04-2014 18:17:44 Windows Update
20-04-2014 09:05:06 Windows Update
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {07DAF570-ABC4-4B82-B3AC-CF7A6BF2DFCE} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {1AA14FE8-9ECC-4EA4-ABBA-750EF73CDDDB} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {46BDB02D-5646-4932-A295-CA3AF21A280B} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {4BC34443-4226-44FD-A4AD-DC071E02AB71} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {4D5535B9-877F-4950-8870-D0B616B02408} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {6A641042-6F4E-4989-87E7-54F839278B88} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {6B70CD78-D1A4-4EB2-8D12-7C7392D3FF5F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {6B965CC2-1534-4F3C-8829-4B8BD23A224D} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {78E12D59-1C95-4CB5-B9CA-567A4C8875DB} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8C19EA27-8B01-4771-A53B-647DDE29CB5C} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {ABFE222D-79EB-4B22-9D99-B717251E2672} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
==================== Loaded Modules (whitelisted) =============
2014-03-22 11:24 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-07-05 19:58 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-05-01 21:46 - 2012-04-25 04:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-05-02 05:59 - 2013-01-03 00:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-12-28 13:39 - 2012-12-28 13:39 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 13:36 - 2012-12-28 13:36 - 00084480 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-28 13:41 - 2012-12-28 13:41 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2013-05-02 06:03 - 2012-10-16 12:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-06 18:09 - 2013-04-20 00:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-07-06 18:09 - 2013-04-20 00:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2014-02-19 17:11 - 2014-02-19 17:11 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\5baeeabc4ba71e8eeb8ccc7162c475b2\PSIClient.ni.dll
2013-05-01 21:44 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-05-01 21:34 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-07-06 18:09 - 2013-05-03 01:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
2014-03-30 21:18 - 2014-03-30 21:18 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Peter\Documents\Vogel 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Peter\Documents\Vogel 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Peter\Documents\Vogel 1.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Peter\Documents\Vogel 1.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Peter\Documents\Vogel 2.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Peter\Documents\Vogel 2.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Peter\Documents\vogel 3.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Peter\Documents\vogel 3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Peter\Documents\vogel 4.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Peter\Documents\vogel 4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Peter\Documents\vogel 5.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Peter\Documents\vogel 5.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Peter\Documents\vogel 6.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Peter\Documents\vogel 6.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/20/2014 09:00:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: DAGMAR)
Description: Bei der Aktivierung der App „McAfeeInc.01.McAfeeSecurityAdvisorforDell_n49tcsmxt2t2c!SecurityAdvisor“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (04/20/2014 09:00:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: DAGMAR)
Description: Die App „McAfeeInc.01.McAfeeSecurityAdvisorforDell_n49tcsmxt2t2c!SecurityAdvisor“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error: (04/15/2014 09:17:07 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (04/14/2014 04:56:45 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (04/10/2014 05:57:48 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TOASTER.EXE, Version: 1.0.0.44, Zeitstempel: 0x50b3754f
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0572ad5f
ID des fehlerhaften Prozesses: 0xfa8
Startzeit der fehlerhaften Anwendung: 0xTOASTER.EXE0
Pfad der fehlerhaften Anwendung: TOASTER.EXE1
Pfad des fehlerhaften Moduls: TOASTER.EXE2
Berichtskennung: TOASTER.EXE3
Vollständiger Name des fehlerhaften Pakets: TOASTER.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TOASTER.EXE5
Error: (04/10/2014 05:57:46 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: TOASTER.EXE
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Windows.Threading.DispatcherOperation.Invoke()
bei System.Windows.Threading.Dispatcher.ProcessQueue()
bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Threading.Dispatcher.Run()
bei System.Windows.Application.RunDispatcher(System.Object)
bei System.Windows.Application.RunInternal(System.Windows.Window)
bei System.Windows.Application.Run(System.Windows.Window)
bei Toaster.App.Main()
Error: (04/10/2014 05:57:46 PM) (Source: TOASTER.EXE) (User: )
Description: An Unhandled Exception occured.
Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Toaster.Helper.GetDelayBeforeReminders(ObservableCollection`1 notificationHelpers)
bei Toaster.ToasterTimerManager.SetNextNotification()
bei Toaster.ToasterTimerManager.UpdateAllTimers()
bei Toaster.ToasterTimerManager.InitTimers()
bei Toaster.ToasterTimerManager.GetInstance()
bei Toaster.MainWindowViewModel..ctor()
bei Toaster.App.OnStartup(StartupEventArgs e)
bei System.Windows.Application.<.ctor>b__1(Object unused)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)
Error: (04/10/2014 05:04:19 PM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.
Error: (04/07/2014 09:16:45 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (04/07/2014 07:23:13 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: McUpdate.exe, Version: 12.8.934.0, Zeitstempel: 0x52e74787
Name des fehlerhaften Moduls: McUpdate.exe, Version: 12.8.934.0, Zeitstempel: 0x52e74787
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000007ba91
ID des fehlerhaften Prozesses: 0x221c
Startzeit der fehlerhaften Anwendung: 0xMcUpdate.exe0
Pfad der fehlerhaften Anwendung: McUpdate.exe1
Pfad des fehlerhaften Moduls: McUpdate.exe2
Berichtskennung: McUpdate.exe3
Vollständiger Name des fehlerhaften Pakets: McUpdate.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: McUpdate.exe5
System errors:
=============
Error: (04/20/2014 10:46:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1243
Error: (04/20/2014 09:41:07 AM) (Source: Service Control Manager) (User: )
Description: Dienst "SoftThinks Agent Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/20/2014 08:57:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1243
Error: (04/20/2014 08:56:29 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueBasic
Error: (04/20/2014 08:56:29 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueNegotiate
Error: (04/20/2014 08:56:29 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueNTLM
Error: (04/20/2014 08:56:29 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueWDigest
Error: (04/20/2014 08:55:28 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SoftThinks Agent Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/20/2014 08:55:28 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SoftThinks Agent Service erreicht.
Error: (04/20/2014 08:52:09 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1243
Microsoft Office Sessions:
=========================
Error: (04/20/2014 09:00:13 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: DAGMAR)
Description: McAfeeInc.01.McAfeeSecurityAdvisorforDell_n49tcsmxt2t2c!SecurityAdvisor-2144927142
Error: (04/20/2014 09:00:11 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: DAGMAR)
Description: McAfeeInc.01.McAfeeSecurityAdvisorforDell_n49tcsmxt2t2c!SecurityAdvisor
Error: (04/15/2014 09:17:07 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (04/14/2014 04:56:45 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (04/10/2014 05:57:48 PM) (Source: Application Error)(User: )
Description: TOASTER.EXE1.0.0.4450b3754funknown0.0.0.000000000c00000050572ad5ffa801cf54d59d34bd97C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXEunknowndc448c7b-c0c8-11e3-be7b-1c3e84977c8e
Error: (04/10/2014 05:57:46 PM) (Source: .NET Runtime)(User: )
Description: Anwendung: TOASTER.EXE
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Windows.Threading.DispatcherOperation.Invoke()
bei System.Windows.Threading.Dispatcher.ProcessQueue()
bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Threading.Dispatcher.Run()
bei System.Windows.Application.RunDispatcher(System.Object)
bei System.Windows.Application.RunInternal(System.Windows.Window)
bei System.Windows.Application.Run(System.Windows.Window)
bei Toaster.App.Main()
Error: (04/10/2014 05:57:46 PM) (Source: TOASTER.EXE)(User: )
Description: An Unhandled Exception occured.
Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Toaster.Helper.GetDelayBeforeReminders(ObservableCollection`1 notificationHelpers)
bei Toaster.ToasterTimerManager.SetNextNotification()
bei Toaster.ToasterTimerManager.UpdateAllTimers()
bei Toaster.ToasterTimerManager.InitTimers()
bei Toaster.ToasterTimerManager.GetInstance()
bei Toaster.MainWindowViewModel..ctor()
bei Toaster.App.OnStartup(StartupEventArgs e)
bei System.Windows.Application.<.ctor>b__1(Object unused)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)
Error: (04/10/2014 05:04:19 PM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
Error: (04/07/2014 09:16:45 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (04/07/2014 07:23:13 AM) (Source: Application Error)(User: )
Description: McUpdate.exe12.8.934.052e74787McUpdate.exe12.8.934.052e7478740000015000000000007ba91221c01cf521ccc856ed3C:\Program Files\mcafee.com\agent\McUpdate.exeC:\Program Files\mcafee.com\agent\McUpdate.exeb66718de-be14-11e3-be7b-1c3e84977c8e
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 3965.27 MB
Available physical RAM: 1711.61 MB
Total Pagefile: 4669.27 MB
Available Pagefile: 2425.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:453.02 GB) (Free:412.36 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: F6E63F39)
Partition: GPT Partition Type.
==================== End Of Log ============================
Gmer: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-20 15:45:35
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000035 Hitachi_HTS545050A7E380 rev.GG2OA950 465,76GB
Running: zdm529y6.exe; Driver: C:\Users\Peter\AppData\Local\Temp\ufloapoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000007f8fdb24401 8 bytes JMP 000007f9fdb10501
.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text C:\Windows\system32\csrss.exe[524] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007f8fb0abee0 5 bytes JMP 000007f8fdb106a3
.text C:\Windows\system32\csrss.exe[524] C:\Windows\system32\USER32.dll!SetWindowsHookExA 000007f8fb0d1850 12 bytes JMP 000007f8fdb105d2
.text C:\Windows\system32\csrss.exe[524] C:\Windows\system32\RPCRT4.dll!NdrStubCall2 000007f8fb63aa90 6 bytes JMP 000007f8fdb10845
.text C:\Windows\system32\csrss.exe[524] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize 000007f8fb64bc60 6 bytes JMP 000007f8fdb10774
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000007f8fdb24401 8 bytes JMP 000007f9fdb10501
.text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text C:\Windows\system32\csrss.exe[624] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007f8fb0abee0 5 bytes JMP 000007f8fdb106a3
.text C:\Windows\system32\csrss.exe[624] C:\Windows\system32\USER32.dll!SetWindowsHookExA 000007f8fb0d1850 12 bytes JMP 000007f8fdb105d2
.text C:\Windows\system32\csrss.exe[624] C:\Windows\system32\RPCRT4.dll!NdrStubCall2 000007f8fb63aa90 6 bytes JMP 000007f8fdb10845
.text C:\Windows\system32\csrss.exe[624] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize 000007f8fb64bc60 6 bytes JMP 000007f8fdb10774
.text C:\Windows\system32\winlogon.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000007f8fdb24401 8 bytes JMP 000007f9fdb10501
.text C:\Windows\system32\winlogon.exe[660] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text C:\Windows\system32\winlogon.exe[660] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007f8fb0abee0 5 bytes JMP 000007f8fdb106a3
.text C:\Windows\system32\winlogon.exe[660] C:\Windows\system32\USER32.dll!SetWindowsHookExA 000007f8fb0d1850 12 bytes JMP 000007f8fdb105d2
.text C:\Windows\system32\winlogon.exe[660] C:\Windows\system32\RPCRT4.dll!NdrStubCall2 000007f8fb63aa90 6 bytes JMP 000007f8fdb10845
.text C:\Windows\system32\winlogon.exe[660] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize 000007f8fb64bc60 6 bytes JMP 000007f8fdb10774
.text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000007f8fdb24401 8 bytes JMP 000007f9fdb10501
.text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text C:\Windows\system32\lsass.exe[688] C:\Windows\system32\RPCRT4.dll!NdrStubCall2 000007f8fb63aa90 6 bytes JMP 000007f8fdb106a3
.text C:\Windows\system32\lsass.exe[688] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize 000007f8fb64bc60 6 bytes JMP 000007f8fdb105d2
.text C:\Windows\system32\lsass.exe[688] C:\Windows\system32\lsasrv.dll!LsarLookupSids 000007f8fa67aec0 5 bytes JMP 000007f8fdb10845
.text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000007f8fdb24401 8 bytes JMP 000007f9fda70501
.text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fda70430
.text C:\Windows\system32\svchost.exe[796] C:\Windows\system32\RPCRT4.dll!NdrStubCall2 000007f8fb63aa90 6 bytes JMP 000007f8fda706a3
.text C:\Windows\system32\svchost.exe[796] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize 000007f8fb64bc60 6 bytes JMP 000007f8fda705d2
.text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000007f8fdb24401 8 bytes JMP 000007f9fda70501
.text C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fda70430
.text C:\Windows\system32\svchost.exe[948] C:\Windows\system32\RPCRT4.dll!NdrStubCall2 000007f8fb63aa90 6 bytes JMP 000007f8fda706a3
.text C:\Windows\system32\svchost.exe[948] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize 000007f8fb64bc60 6 bytes JMP 000007f8fda705d2
.text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000007f8fdb24401 8 bytes JMP 000007f9fda70501
.text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fda70430
.text C:\Windows\System32\svchost.exe[344] C:\Windows\system32\RPCRT4.dll!NdrStubCall2 000007f8fb63aa90 6 bytes JMP 000007f8fda70845
.text C:\Windows\System32\svchost.exe[344] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize 000007f8fb64bc60 6 bytes JMP 000007f8fda70774
.text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8fb0abee0 5 bytes JMP 000007f8fda706a3
.text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8fb0d1850 12 bytes JMP 000007f8fda705d2
.text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000007f8fdb24401 8 bytes JMP 000007f9fd7c0501
.text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fd7c0430
.text C:\Windows\system32\svchost.exe[532] C:\Windows\system32\RPCRT4.dll!NdrStubCall2 000007f8fb63aa90 6 bytes JMP 000007f8fd7c0845
.text C:\Windows\system32\svchost.exe[532] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize 000007f8fb64bc60 6 bytes JMP 000007f8fd7c0774
.text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8fb0abee0 5 bytes JMP 000007f8fd7c06a3
.text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8fb0d1850 12 bytes JMP 000007f8fd7c05d2
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000007f8fdb24401 8 bytes JMP 000007f9fda70501
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fda70430
.text C:\Windows\system32\svchost.exe[732] C:\Windows\system32\RPCRT4.dll!NdrStubCall2 000007f8fb63aa90 6 bytes JMP 000007f8fda70845
.text C:\Windows\system32\svchost.exe[732] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize 000007f8fb64bc60 6 bytes JMP 000007f8fda70774
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8fb0abee0 5 bytes JMP 000007f8fda706a3
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8fb0d1850 12 bytes JMP 000007f8fda705d2
.text C:\Windows\System32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000007f8fdb24401 8 bytes JMP 000007f9fd7c0501
.text C:\Windows\System32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fd7c0430
.text C:\Windows\System32\svchost.exe[868] C:\Windows\system32\RPCRT4.dll!NdrStubCall2 000007f8fb63aa90 6 bytes JMP 000007f8fd7c0845
.text C:\Windows\System32\svchost.exe[868] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize 000007f8fb64bc60 6 bytes JMP 000007f8fd7c0774
.text C:\Windows\System32\svchost.exe[868] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8fb0abee0 5 bytes JMP 000007f8fd7c06a3
.text C:\Windows\System32\svchost.exe[868] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8fb0d1850 12 bytes JMP 000007f8fd7c05d2
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1108] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8f6df1532 4 bytes [DF, F6, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1108] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8f6df153a 4 bytes [DF, F6, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1108] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8f6df165a 4 bytes [DF, F6, F8, 07]
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000007f8fdb24401 8 bytes JMP 000007f9fda70501
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fda70430
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\system32\RPCRT4.dll!NdrStubCall2 000007f8fb63aa90 6 bytes JMP 000007f8fda70845
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize 000007f8fb64bc60 6 bytes JMP 000007f8fda70774
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8fb0abee0 5 bytes JMP 000007f8fda706a3
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8fb0d1850 12 bytes JMP 000007f8fda705d2
.text C:\Windows\System32\spoolsv.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000007f8fdb24401 8 bytes JMP 000007f9fdb10501
.text C:\Windows\System32\spoolsv.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text C:\Windows\System32\spoolsv.exe[1436] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007f8fb0abee0 5 bytes JMP 000007f8fdb106a3
.text C:\Windows\System32\spoolsv.exe[1436] C:\Windows\system32\USER32.dll!SetWindowsHookExA 000007f8fb0d1850 12 bytes JMP 000007f8fdb105d2
.text C:\Windows\System32\spoolsv.exe[1436] C:\Windows\system32\RPCRT4.dll!NdrStubCall2 000007f8fb63aa90 6 bytes JMP 000007f8fdb10845
.text C:\Windows\System32\spoolsv.exe[1436] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize 000007f8fb64bc60 6 bytes JMP 000007f8fdb10774
.text C:\Windows\System32\spoolsv.exe[1436] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8fd7c177a 4 bytes [7C, FD, F8, 07]
.text C:\Windows\System32\spoolsv.exe[1436] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8fd7c1782 4 bytes [7C, FD, F8, 07]
.text C:\Windows\system32\svchost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000007f8fdb24401 8 bytes JMP 000007f9fda70501
.text C:\Windows\system32\svchost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fda70430
.text C:\Windows\system32\svchost.exe[1488] C:\Windows\system32\RPCRT4.dll!NdrStubCall2 000007f8fb63aa90 6 bytes JMP 000007f8fda70845
.text C:\Windows\system32\svchost.exe[1488] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize 000007f8fb64bc60 6 bytes JMP 000007f8fda70774
.text C:\Windows\system32\svchost.exe[1488] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8fb0abee0 5 bytes JMP 000007f8fda706a3
.text C:\Windows\system32\svchost.exe[1488] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8fb0d1850 12 bytes JMP 000007f8fda705d2
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1668] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8fd7c177a 4 bytes [7C, FD, F8, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1668] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8fd7c1782 4 bytes [7C, FD, F8, 07]
.text C:\Windows\system32\mfevtps.exe[1868] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007f8fd7c177a 4 bytes [7C, FD, F8, 07]
.text C:\Windows\system32\mfevtps.exe[1868] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007f8fd7c1782 4 bytes [7C, FD, F8, 07]
.text C:\Windows\system32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000007f8fdb24401 8 bytes JMP 000007f9fd7c0501
.text C:\Windows\system32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fd7c0430
.text C:\Windows\system32\svchost.exe[1732] C:\Windows\system32\RPCRT4.dll!NdrStubCall2 000007f8fb63aa90 6 bytes JMP 000007f8fd7c0845
.text C:\Windows\system32\svchost.exe[1732] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize 000007f8fb64bc60 6 bytes JMP 000007f8fd7c0774
.text C:\Windows\system32\svchost.exe[1732] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007f8fb0abee0 5 bytes JMP 000007f8fd7c06a3
.text C:\Windows\system32\svchost.exe[1732] C:\Windows\system32\USER32.dll!SetWindowsHookExA 000007f8fb0d1850 12 bytes JMP 000007f8fd7c05d2
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2108] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8fd7c177a 4 bytes [7C, FD, F8, 07]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2108] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8fd7c1782 4 bytes [7C, FD, F8, 07]
.text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000007f8fdb24401 8 bytes JMP 000007f9fda70501
.text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fda70430
.text C:\Windows\system32\svchost.exe[2512] C:\Windows\system32\RPCRT4.dll!NdrStubCall2 000007f8fb63aa90 6 bytes JMP 000007f8fda70845
.text C:\Windows\system32\svchost.exe[2512] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize 000007f8fb64bc60 6 bytes JMP 000007f8fda70774
.text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8fb0abee0 5 bytes JMP 000007f8fda706a3
.text C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8fb0d1850 12 bytes JMP 000007f8fda705d2
.text C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000007f8fdb24401 8 bytes JMP 000007f9fda70501
.text C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fda70430
.text C:\Windows\system32\svchost.exe[2700] C:\Windows\system32\RPCRT4.dll!NdrStubCall2 000007f8fb63aa90 6 bytes JMP 000007f8fda706a3
.text C:\Windows\system32\svchost.exe[2700] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize 000007f8fb64bc60 6 bytes JMP 000007f8fda705d2
.text C:\Windows\System32\svchost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000007f8fdb24401 8 bytes JMP 000007f9fdb10501
.text C:\Windows\System32\svchost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text C:\Windows\System32\svchost.exe[2636] C:\Windows\system32\RPCRT4.dll!NdrStubCall2 000007f8fb63aa90 6 bytes JMP 000007f8fdb10845
.text C:\Windows\System32\svchost.exe[2636] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize 000007f8fb64bc60 6 bytes JMP 000007f8fdb10774
.text C:\Windows\System32\svchost.exe[2636] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007f8fb0abee0 5 bytes JMP 000007f8fdb106a3
.text C:\Windows\System32\svchost.exe[2636] C:\Windows\system32\USER32.dll!SetWindowsHookExA 000007f8fb0d1850 12 bytes JMP 000007f8fdb105d2
.text C:\Windows\system32\DllHost.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000007f8fdb24401 8 bytes JMP 000007f9fdb10501
.text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007f8fb0abee0 5 bytes JMP 000007f8fdb106a3
.text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SetWindowsHookExA 000007f8fb0d1850 12 bytes JMP 000007f8fdb105d2
.text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\RPCRT4.dll!NdrStubCall2 000007f8fb63aa90 6 bytes JMP 000007f8fdb10845
.text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize 000007f8fb64bc60 6 bytes JMP 000007f8fdb10774
.text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8f6df1532 4 bytes [DF, F6, F8, 07]
.text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8f6df153a 4 bytes [DF, F6, F8, 07]
.text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8f6df165a 4 bytes [DF, F6, F8, 07]
.text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007f8fd7c177a 4 bytes [7C, FD, F8, 07]
.text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007f8fd7c1782 4 bytes [7C, FD, F8, 07]
.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4352] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8f6df1532 4 bytes [DF, F6, F8, 07]
.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4352] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8f6df153a 4 bytes [DF, F6, F8, 07]
.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4352] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8f6df165a 4 bytes [DF, F6, F8, 07]
.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4352] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f8f1061b32 4 bytes [06, F1, F8, 07]
.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4352] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f8f1061b3a 4 bytes [06, F1, F8, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4376] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8fd7c177a 4 bytes [7C, FD, F8, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4376] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8fd7c1782 4 bytes [7C, FD, F8, 07]
.text C:\Windows\System32\igfxpers.exe[4556] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8fd7c177a 4 bytes [7C, FD, F8, 07]
.text C:\Windows\System32\igfxpers.exe[4556] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8fd7c1782 4 bytes [7C, FD, F8, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4676] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8fd7c177a 4 bytes [7C, FD, F8, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4676] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8fd7c1782 4 bytes [7C, FD, F8, 07]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5920] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f8f1061b32 4 bytes [06, F1, F8, 07]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5920] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f8f1061b3a 4 bytes [06, F1, F8, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [624:636] fffff960009075e8
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- |