Ok, so müsste es passen. Das defogger log häng ich nicht nochmal an, das dürfte ja alles gleich bleiben, oder?! Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:15-09-2015
durchgeführt von Stephan (2015-09-22 11:16:37)
Gestartet von C:\Users\Stephan\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-27 13:40:00)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1867853704-4276267928-437079347-500 - Administrator - Disabled)
Gast (S-1-5-21-1867853704-4276267928-437079347-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1867853704-4276267928-437079347-1003 - Limited - Enabled)
Stephan (S-1-5-21-1867853704-4276267928-437079347-1001 - Administrator - Enabled) => C:\Users\Stephan
UpdatusUser (S-1-5-21-1867853704-4276267928-437079347-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
Akamai NetSession Interface (HKU\S-1-5-21-1867853704-4276267928-437079347-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)
Autostart-Manager (HKLM-x32\...\{0C6DA7D3-EA2A-428B-8F8A-28EB811F57B2}) (Version: 6.01.0000 - Wirth IT Design )
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
BILD-Steuer 2012 (HKLM-x32\...\{8D37EF28-C603-41DE-843F-300C5EF8FD82}) (Version: 17.13 - Wolters Kluwer Deutschland GmbH)
BILD-Steuer 2013 (HKLM-x32\...\{33030435-243F-4111-BD25-C6A447E8A84F}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Chessmaster 10th Edition (HKLM-x32\...\InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}) (Version: 1.00.0000 - Ubisoft)
Chessmaster 10th Edition (x32 Version: 1.00.0000 - Ubisoft) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Cypress TrackPad (HKLM\...\{7F2F6CC5-434B-4311-9DE2-60C7CAF50B73}_is1) (Version: 2.3.6.21 - Cypress Semiconductor, Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell Stage (HKLM-x32\...\{56A0DD94-47D9-4AC8-B5A1-8A8CA77C4B89}) (Version: 1.5.201.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{2299EEBD-0A83-4B26-AA4A-057AE9E5BAE8}) (Version: 2.0.0.50 - ArcSoft)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.50 - ArcSoft)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell Support Center (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Easy Poster Printer (HKLM-x32\...\{1B5979B5-FE79-405A-A023-592DCE48C522}) (Version: 6.0.0 - GD Software)
f.lux (HKU\S-1-5-21-1867853704-4276267928-437079347-1001\...\Flux) (Version: - )
Far Cry (HKLM-x32\...\InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}) (Version: 1.00.0000 - Ihr Firmenname)
Far Cry (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\{DBA7719B-28D4-30D9-98DE-E689280E4D7E}) (Version: 66.88.49277 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Gpg4win (2.2.3) (HKLM-x32\...\GPG4Win) (Version: 2.2.3 - The Gpg4win Project)
GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - )
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 3.3.0728 - KYOCERA Document Solutions Inc.)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.2.0 - Mozilla)
Mozilla Thunderbird 38.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 de)) (Version: 38.2.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
Nokia Suite (x32 Version: 3.7.22.0 - Nokia) Hidden
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Opera Stable 30.0.1835.88 (HKLM-x32\...\Opera 30.0.1835.88) (Version: 30.0.1835.88 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PASW Statistics 18 (HKLM-x32\...\{C25215FC-5900-48B0-B93C-8D3379027312}) (Version: 18.0.0 - SPSS Inc.)
PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
PDF Experte 9 Ultimate (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 9.00.0.0 - Avanquest Software)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PosteRazor (HKLM-x32\...\PosteRazor_is1) (Version: 1.5.2 - Alessandro Portale)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.21 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6383 - Realtek Semiconductor Corp.)
RoboForm 7-9-0-0 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-0-0 - Siber Systems)
Secure Eraser (HKLM-x32\...\Secure Eraser_is1) (Version: 4.2.0.1 - ASCOMP Software GmbH)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SRWare Iron (64-Bit) Version SRWare Iron 41.2200.0 (HKLM\...\{BA85A29D-B48E-4826-BAEE-817024E52E29}_is1) (Version: SRWare Iron 41.2200.0 - SRWare)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.32.155 - Akademische Arbeitsgemeinschaft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42650 - TeamViewer)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{CBCC2FD8-7DFE-4752-95B5-2E447C226F45}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-1867853704-4276267928-437079347-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
17-09-2015 00:27:18 Windows Update
17-09-2015 15:24:47 Installed Microsoft Fix it 50123
17-09-2015 16:33:34 Installed Microsoft Fix it 50123
17-09-2015 16:38:30 Windows Update
21-09-2015 22:14:47 JRT Pre-Junkware Removal
21-09-2015 22:44:15 Windows Update
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2013-06-25 12:17 - 00000845 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1061D06F-F594-455A-8F9C-A63E723942AE} - System32\Tasks\{132C5505-87E7-49F2-8C0F-EAA891EACED3} => C:\Program Files (x86)\Return to Castle Wolfenstein\WolfSP.exe
Task: {1EE82063-7B9C-412A-A321-7EDAE067BA93} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {23508C4D-99DB-4AA5-BD21-C82571B395BD} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe
Task: {289C8285-7CAF-47EE-8E6C-3529B21D89C8} - System32\Tasks\{9777D154-CCD4-427E-8338-7E9ED9B8749C} => pcalua.exe -a C:\Users\Stephan\Downloads\KYOCERA_KX_UPD_V5_0_x86_EN.exe -d C:\Users\Stephan\Downloads
Task: {324EC08C-B234-41EA-9AE1-CF5A888E871F} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {33656222-CEC1-4AF4-A125-9D7AFA600C48} - System32\Tasks\Opera scheduled Autoupdate 1391467507 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-19] (Opera Software)
Task: {3A43AB77-2C06-46A6-A921-1175BFAB7046} - System32\Tasks\{E123EBEA-19C6-4CEC-856A-6ACF1F801630} => pcalua.exe -a "C:\Program Files (x86)\o2\Mobile Connection Manager\Uninstall.exe" -d "C:\Program Files (x86)\o2\Mobile Connection Manager"
Task: {3AF58263-48CC-483D-A7D8-B2C9FD8DA8A8} - System32\Tasks\{6E326DFE-4949-490F-A089-8C9F6B133950} => pcalua.exe -a E:\setup.exe -d E:\ -c AUTORUN=1
Task: {454E2CA1-F66F-4C51-9DE1-62B3B1B43613} - System32\Tasks\{4333F8FA-2E82-4548-BE88-B76637435A01} => D:\setup.exe
Task: {45B0EAE7-BDAD-4F78-8B40-4821E18E71C4} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {46708DFF-46DB-45C4-9F3C-25C6C3093467} - System32\Tasks\{A5AF21A1-5280-422E-807B-009C8B1F45E9} => C:\Program Files (x86)\Return to Castle Wolfenstein\WolfSP.exe
Task: {47F09768-5DD0-4AE6-B9BC-0685AD04B229} - System32\Tasks\{08DBAA47-1CEA-4841-B720-7F6A1E4EE04E} => pcalua.exe -a C:\Users\Stephan\Downloads\QpilotClient-UniMR-setup.exe -d C:\Users\Stephan\Downloads
Task: {48F4C830-D0AE-4077-8162-B3B18FA80D20} - System32\Tasks\{79C18693-C209-4FD7-8BB9-CB8D02DE9238} => C:\Users\Stephan\Desktop\Programm CVD.EXE
Task: {56DFD1A2-1FE4-41FA-9270-C67EC80C20F7} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJOJGMNMNJHMMJJJCNIMMJIMKJCNLMJJJMIMCNNJKJGMJJCNLMJJHMLMMJHMJJLMJJPMKJLJJNJICMIMCNGMCNPMFMGMCNOMPMCNGMNMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMNMOMGMJNHICMEKMICNJJCKJNBJCMMKLIKJPIHJOJBJJNKJCMJNNICMJNDJCMLJKJ"
Task: {58711CEC-0A2B-43E3-A5A0-980FFB06F51C} - System32\Tasks\{B74F3038-8B82-4997-B62D-0D1CE32306F4} => D:\setup.exe
Task: {5EE5583B-4CC2-4DE1-BCAD-24C38FF9F5C8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6E6C8A53-6645-4737-84A1-CBEB8C05905E} - System32\Tasks\{F16A5E8D-EE35-46C5-B457-C350D72F16A1} => pcalua.exe -a C:\Users\Stephan\Desktop\setup.exe -d C:\Users\Stephan\Desktop
Task: {75760496-4625-4CBA-8CC6-D02D23145CBC} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {76441F93-20DC-466D-826D-C4F7433D7DEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A3F74BBD-D9CC-451A-B391-CC35BAEAFA43} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-07-22] (Siber Systems)
Task: {A5825DE3-C57B-4910-9188-D82CBDB07D3A} - System32\Tasks\{B0251714-6043-45CB-BCA7-678ACF38F103} => c:\program files (x86)\opera\launcher.exe [2015-06-19] (Opera Software)
Task: {A678108B-4F07-409A-88D9-07C4C1C5D6AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {ACD4D19F-BE20-4DE4-BEFE-498C2F22D906} - System32\Tasks\{E01BAE6C-0AAD-4031-89E3-129388071491} => pcalua.exe -a C:\Users\Stephan\Downloads\DeepBurner19.exe -d C:\Users\Stephan\Downloads
Task: {B05E48C1-74BB-4EC2-8D81-84AC50FD3EAC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C65CFF47-C4C2-4150-AB17-DB2BAD0ED263} - System32\Tasks\{93921FF7-FCA8-43F1-812A-7CADAF442869} => pcalua.exe -a C:\Users\Stephan\Downloads\QpilotClient-UniMR-setup(1).exe -d C:\Users\Stephan\Downloads
Task: {ECA09D57-DE92-49CD-80AC-8CADC091B145} - \YourFile DownloaderUpdate -> Keine Datei <==== ACHTUNG
Task: {EFD08C45-336E-4712-A6FE-4598C36937D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {F0EFFF33-7EC9-4107-8679-5781EF4EC43F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {F2BA9648-2CD4-4B72-9F71-6634D68C147E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2011-09-16 01:46 - 2011-09-16 01:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-11-25 21:25 - 2014-11-25 21:25 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2012-01-12 12:23 - 2012-01-12 12:23 - 00018432 _____ () C:\Users\Stephan\AppData\LocalLow\WOT\IE\WOTUpdater.exe
2014-07-07 22:33 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-12-02 11:58 - 2011-07-20 15:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-16 01:46 - 2011-09-16 01:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2014-11-25 21:11 - 2014-11-25 21:11 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2014-11-25 21:05 - 2014-11-25 21:05 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2014-11-25 20:57 - 2014-11-25 20:57 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2014-11-25 21:10 - 2014-11-25 21:10 - 00070144 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2014-11-25 21:13 - 2014-11-25 21:13 - 00742912 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1867853704-4276267928-437079347-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Stephan\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bluetooth Device Monitor => 2
MSCONFIG\Services: Bluetooth Media Service => 3
MSCONFIG\Services: Bluetooth OBEX Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: vpnagent => 2
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^Users^Stephan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Speed Launcher => 1431942838
MSCONFIG\startupreg: Akamai NetSession Interface => REM "C:\Users\Stephan\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BingSvc => C:\Users\Stephan\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CyCpIo => C:\Program Files\Cypress\TrackPad\CyCpIo.exe
MSCONFIG\startupreg: CyHidWin => C:\Program Files\Cypress\TrackPad\CyHidWin.exe
MSCONFIG\startupreg: DAEMON Tools Lite => REM "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dell Registration => REM C:\Program Files (x86)\System Registration\prodreg.exe /boot
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: f.lux => "C:\Users\Stephan\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: QuickSet => c:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: RoboForm => REM "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Stephan\AppData\Roaming\Spotify\Spotify.exe" -autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Stephan\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Stage Remote => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
MSCONFIG\startupreg: Steam => REM "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: vspdfprsrv.exe => C:\Program Files (x86)\Avanquest\PDF Experte 9 Ultimate\vspdfprsrv.exe --background
MSCONFIG\startupreg: WinampAgent => REM "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{6E634757-F452-4EAD-8CBB-4F4B66C7E9D6}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{78555DFF-F72A-4D44-A08A-918715A30859}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{B8F58065-59B0-4D26-A7CF-EE2038EB2A08}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{F4AEEB8D-D4EE-48A6-A819-D2B31272708D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/22/2015 11:04:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen. Fehler: Zugriff verweigert
Error: (09/22/2015 11:04:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen. Fehler: Zugriff verweigert
Error: (09/22/2015 11:04:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen. Fehler: Zugriff verweigert
Error: (09/22/2015 11:04:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen. Fehler: Zugriff verweigert
Error: (09/22/2015 11:04:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen. Fehler: Zugriff verweigert
Error: (09/22/2015 11:04:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen. Fehler: Zugriff verweigert
Error: (09/22/2015 11:03:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen. Fehler: Zugriff verweigert
Error: (09/22/2015 11:03:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen. Fehler: Zugriff verweigert
Error: (09/22/2015 10:55:01 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (09/22/2015 10:54:50 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Systemfehler:
=============
Error: (09/22/2015 10:55:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (09/22/2015 10:54:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/22/2015 10:54:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/22/2015 10:53:51 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "WWAN - automatische Konfiguration" wurde mit folgendem Fehler beendet:
%%5
Error: (09/22/2015 01:57:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%5
Error: (09/21/2015 11:09:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (09/21/2015 11:09:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/21/2015 11:09:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 32%
Installierter physikalischer RAM: 3990.17 MB
Verfügbarer physikalischer RAM: 2678.31 MB
Summe virtueller Speicher: 7978.53 MB
Verfügbarer virtueller Speicher: 6041.77 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:87.15 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================ Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
durchgeführt von Stephan (Administrator) auf STEPHAN-PC (22-09-2015 11:15:53)
Gestartet von C:\Users\Stephan\Downloads
Geladene Profile: UpdatusUser & Stephan (Verfügbare Profile: UpdatusUser & Stephan & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Opera)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Users\Stephan\AppData\LocalLow\WOT\IE\WOTUpdater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7214696 2011-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-16] (Intel(R) Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1867853704-4276267928-437079347-1001\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => Keine Datei
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{177B8BEB-DBAA-47D6-8C61-F7616DCD5895}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{601FA99B-3204-45FF-A447-85CFFDE57623}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {41E992AA-6FBC-4095-840F-49D418443471} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {41E992AA-6FBC-4095-840F-49D418443471} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> {41E992AA-6FBC-4095-840F-49D418443471} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1867853704-4276267928-437079347-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1867853704-4276267928-437079347-1001 -> {41E992AA-6FBC-4095-840F-49D418443471} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-07-22] (Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-30] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-30] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2013-07-22] (Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-30] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-30] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-07-22] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2013-07-22] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1867853704-4276267928-437079347-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-07-22] (Siber Systems Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\59d7t28u.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: about:home
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF NetworkProxy: "share_proxy_settings", true
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-30] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-30] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Keine Datei]
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-12-21] ( )
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1867853704-4276267928-437079347-1001: @hola.org/vlc,version=1.8.649 -> C:\Users\Stephan\AppData\Local\Hola\firefox\app\vlc Keine Datei
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Bing Search - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\59d7t28u.default\Extensions\bingsearch.full@microsoft.com [2015-07-10]
FF Extension: Print pages to PDF - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\59d7t28u.default\Extensions\printPages2Pdf@reinhold.ripper [2015-05-31]
FF Extension: WOT - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\59d7t28u.default\Extensions\wotstats@mywot.com [2015-04-26]
FF Extension: EPUBReader - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\59d7t28u.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-05-31]
FF Extension: Grooveshark Unlocker - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\59d7t28u.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-03-14]
FF Extension: Download Manager (S3) - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\59d7t28u.default\Extensions\s3download@statusbar.xpi [2015-04-26]
FF Extension: NoScript - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\59d7t28u.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-04-21]
FF Extension: BugMeNot Plugin - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\59d7t28u.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2013-06-28]
FF Extension: DownThemAll! - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\59d7t28u.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-05-14]
FF Extension: Adblock Edge - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\59d7t28u.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-02-10]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-12-15]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll => Keine Datei
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll => Keine Datei
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL => Keine Datei
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll => Keine Datei
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => Keine Datei
CHR Profile: C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-20]
CHR Extension: (Google Drive) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-20]
CHR Extension: (YouTube) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-20]
CHR Extension: (uBlock) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-02-10]
CHR Extension: (Google Search) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-20]
CHR Extension: (Avira Browser Safety) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-24]
CHR Extension: (Google Wallet) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (Gmail) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-20]
CHR Extension: (RoboForm) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome [2012-12-15]
CHR HKU\S-1-5-21-1867853704-4276267928-437079347-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nphjeokkkbngjpiofnfpnafjeofjomfb] - C:\Users\Stephan\AppData\LocalLow\WOT\CHROME\WOT.crx [2012-01-12]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-30] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-30] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2014-11-25] () [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-16] ()
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-13] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WOTUpdater; C:\Users\Stephan\AppData\LocalLow\WOT\IE\WOTUpdater.exe [18432 2012-01-12] () [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-08-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-17] (Avira Operations GmbH & Co. KG)
R3 cyhid; C:\Windows\System32\DRIVERS\cyhid.sys [117248 2011-10-22] (Cypress Semiconductor, Inc.)
R3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [13824 2011-10-19] (Cypress Semiconductor, Inc.)
R3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [79872 2011-10-22] (Cypress Semiconductor, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-28] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-18] (NVIDIA Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [Datei ist nicht signiert]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2015-02-02] (Wondershare)
S3 athur; system32\DRIVERS\athurx.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-22 11:15 - 2015-09-22 11:16 - 00025017 _____ C:\Users\Stephan\Downloads\FRST.txt
2015-09-22 11:05 - 2015-09-22 11:05 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2015-09-22 10:53 - 2015-09-22 10:53 - 00000022 _____ C:\Windows\S.dirmngr
2015-09-22 00:26 - 2015-09-22 00:32 - 163663872 _____ C:\Users\Stephan\Downloads\precise-5.7.1.iso
2015-09-21 23:08 - 2015-09-21 23:08 - 609027426 _____ C:\Windows\MEMORY.DMP
2015-09-21 23:08 - 2015-09-21 23:08 - 00262144 _____ C:\Windows\Minidump\092115-32697-01.dmp
2015-09-21 22:45 - 2015-09-21 22:45 - 00380416 _____ C:\Users\Stephan\Downloads\Gmer-19357.exe
2015-09-21 22:44 - 2015-09-21 22:44 - 00000000 ____D C:\Windows\CheckSur
2015-09-21 22:37 - 2015-09-21 22:37 - 00050477 _____ C:\Users\Stephan\Downloads\Defogger.exe
2015-09-21 22:37 - 2015-09-21 22:37 - 00000000 _____ C:\Users\Stephan\defogger_reenable
2015-09-21 22:30 - 2015-09-22 11:15 - 00000000 ____D C:\FRST
2015-09-21 22:26 - 2015-09-21 22:27 - 02191360 _____ (Farbar) C:\Users\Stephan\Downloads\FRST64.exe
2015-09-21 21:02 - 2015-09-21 21:08 - 00000000 ____D C:\AdwCleaner
2015-09-21 20:54 - 2015-09-21 20:54 - 01798976 _____ (Malwarebytes) C:\Users\Stephan\Downloads\JRT.exe
2015-09-21 20:54 - 2015-09-21 20:54 - 01662976 _____ C:\Users\Stephan\Downloads\AdwCleaner_5.008.exe
2015-09-21 20:17 - 2015-09-21 20:19 - 18411033 _____ C:\Users\Stephan\Downloads\ResumeCV-Elliot.zip
2015-09-21 20:14 - 2015-09-21 20:14 - 00302011 _____ C:\Users\Stephan\Downloads\WindowsUpdateDiagnostic.diagcab
2015-09-21 20:12 - 2015-09-21 20:49 - 564744309 _____ C:\Users\Stephan\Downloads\Windows6.1-KB947821-v34-x64.msu
2015-09-21 20:12 - 2015-09-21 20:15 - 47346280 _____ (Microsoft Corporation) C:\Users\Stephan\Downloads\Windows-KB890830-x64-V5.28.exe
2015-09-18 15:38 - 2015-09-18 15:38 - 00000902 _____ C:\Windows\wsusofflineupdate.log
2015-09-18 13:02 - 2015-09-18 15:01 - 1552095232 _____ C:\Users\Stephan\Downloads\zorin-os-10-core-64.iso
2015-09-17 16:40 - 2015-09-17 16:40 - 00000286 _____ C:\Windows\PFRO.log
2015-09-17 16:39 - 2015-09-17 16:39 - 00000000 ____D C:\e8d2671f46ba6c54bd
2015-09-17 15:29 - 2015-09-17 15:30 - 00000000 ____D C:\Windows\SoftwareDistribution.old
2015-09-17 15:13 - 2015-09-17 15:13 - 00141560 _____ C:\Users\Stephan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-16 22:11 - 2015-09-22 10:53 - 00002029 _____ C:\Windows\setupact.log
2015-09-16 22:11 - 2015-09-16 22:11 - 00000000 _____ C:\Windows\setuperr.log
2015-09-16 22:10 - 2015-09-16 22:11 - 00553552 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-16 15:10 - 2015-09-16 15:10 - 00170000 _____ C:\Users\Stephan\Documents\cc_20150916_151018.reg
2015-09-15 13:52 - 2015-09-15 13:52 - 00000000 ____D C:\Users\Stephan\Downloads\spacesniffer_1_2_0_2
2015-09-14 03:31 - 2015-09-14 03:32 - 11041080 _____ (IDRIX) C:\Users\Stephan\Downloads\VeraCrypt Setup 1.13.exe
2015-09-10 20:20 - 2015-09-10 20:20 - 00000903 _____ C:\Users\Stephan\Documents\theman6101@gmail.com (0x3F4E3E6F) rev.asc
2015-09-02 16:03 - 2015-09-14 14:27 - 00002357 _____ C:\Users\Stephan\Documents\Clean.wallet
2015-09-02 16:03 - 2015-09-14 14:27 - 00000505 _____ C:\Users\Stephan\Documents\Clean.info
2015-09-02 16:03 - 2015-09-02 16:03 - 00000000 ____D C:\Users\Stephan\Documents\Clean-data
2015-08-31 00:54 - 2015-09-03 14:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-30 23:37 - 2015-08-30 23:37 - 00000000 ____D C:\Users\Stephan\AppData\Local\CEF
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-22 11:07 - 2013-02-17 17:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-22 11:07 - 2012-10-27 15:42 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-09-22 11:05 - 2012-10-27 15:42 - 00003456 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-09-22 11:02 - 2009-07-14 06:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-22 11:02 - 2009-07-14 06:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-22 10:57 - 2011-12-02 10:35 - 01907826 _____ C:\Windows\WindowsUpdate.log
2015-09-22 10:54 - 2013-02-17 17:37 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-22 10:53 - 2011-12-02 10:32 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-22 10:53 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-22 01:38 - 2013-06-10 17:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-21 23:53 - 2012-12-13 16:37 - 00000000 ____D C:\Users\Stephan\Desktop\Misc
2015-09-21 23:08 - 2015-05-18 12:29 - 00000000 ____D C:\Windows\Minidump
2015-09-21 22:37 - 2012-10-27 15:40 - 00000000 ____D C:\Users\Stephan
2015-09-21 20:40 - 2013-06-10 17:30 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 20:40 - 2013-06-10 17:30 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-21 20:40 - 2013-06-10 17:30 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-20 02:21 - 2013-10-02 13:02 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\vlc
2015-09-18 15:39 - 2013-03-24 12:18 - 00000000 ____D C:\Users\Stephan\Downloads\pics
2015-09-18 12:35 - 2014-07-07 22:03 - 00007621 _____ C:\Users\Stephan\AppData\Local\Resmon.ResmonCfg
2015-09-17 20:59 - 2013-04-11 10:26 - 00000000 ____D C:\Users\Stephan\Desktop\VK
2015-09-17 18:30 - 2014-12-30 18:32 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-17 16:05 - 2010-11-21 08:50 - 00699666 _____ C:\Windows\system32\perfh007.dat
2015-09-17 16:05 - 2010-11-21 08:50 - 00149774 _____ C:\Windows\system32\perfc007.dat
2015-09-17 16:05 - 2009-07-14 07:13 - 00904370 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-17 15:19 - 2012-12-18 13:19 - 00000000 ____D C:\Users\Stephan\AppData\Local\Adobe
2015-09-16 14:54 - 2015-04-21 17:25 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-09-16 14:54 - 2013-04-16 11:45 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-16 14:43 - 2013-04-16 11:44 - 00000000 ____D C:\ProgramData\Apple
2015-09-15 18:54 - 2013-01-13 23:48 - 00000000 ____D C:\Users\Stephan\Desktop\Spiele
2015-09-15 14:05 - 2012-12-15 18:33 - 00000000 ____D C:\Users\Stephan\dwhelper
2015-09-15 14:02 - 2013-02-17 17:37 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 14:02 - 2013-02-17 17:37 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 13:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\catroot2.old
2015-09-14 14:27 - 2015-06-01 01:40 - 00001576 _____ C:\Users\Stephan\Documents\zweites wallte.wallet
2015-09-14 14:27 - 2015-06-01 01:40 - 00000547 _____ C:\Users\Stephan\Documents\zweites wallte.info
2015-09-14 14:27 - 2015-05-14 13:30 - 00000577 _____ C:\Users\Stephan\Documents\multibit.info
2015-09-14 14:27 - 2015-05-14 13:29 - 00004111 _____ C:\Users\Stephan\Documents\multibit.wallet
2015-09-11 02:53 - 2012-10-28 16:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-10 20:19 - 2015-04-27 22:30 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\gnupg
2015-09-10 20:12 - 2015-06-16 19:48 - 00001211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-09-10 20:12 - 2015-06-16 19:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-09-10 11:53 - 2013-03-24 12:23 - 00000000 ____D C:\Users\Stephan\Desktop\Bücher
2015-09-06 20:50 - 2013-06-16 19:52 - 00006656 _____ C:\Users\Stephan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-02 13:57 - 2013-02-28 22:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-01 01:19 - 2015-01-18 20:56 - 00000000 ____D C:\Users\Stephan\Desktop\Zeitschriften
2015-08-31 16:22 - 2009-07-14 04:34 - 00000510 _____ C:\Windows\win.ini
2015-08-31 16:21 - 2013-07-31 00:13 - 00000000 ____D C:\Windows\system32\MRT
2015-08-31 13:28 - 2013-10-04 13:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-31 13:28 - 2013-10-04 13:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-31 01:38 - 2013-10-04 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-30 20:31 - 2014-11-28 16:46 - 00000000 ____D C:\Users\Stephan\Desktop\Tor Browser
2015-08-30 18:27 - 2012-11-18 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-30 12:08 - 2013-02-17 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-26 18:37 - 2012-11-18 16:43 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-10-31 11:38 - 2014-10-31 11:38 - 0000037 ___SH () C:\Users\Stephan\AppData\Local\69ff07055291669bb2b218.72821112
2013-06-16 19:52 - 2015-09-06 20:50 - 0006656 _____ () C:\Users\Stephan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-20 01:09 - 2015-04-20 01:09 - 0001523 _____ () C:\Users\Stephan\AppData\Local\PDLSetup.20150420.010948.txt
2015-05-14 14:01 - 2015-05-14 14:01 - 0001251 _____ () C:\Users\Stephan\AppData\Local\recently-used.xbel
2014-07-07 22:03 - 2015-09-18 12:35 - 0007621 _____ () C:\Users\Stephan\AppData\Local\Resmon.ResmonCfg
2015-05-20 13:49 - 2015-05-20 13:49 - 0000000 _____ () C:\Users\Stephan\AppData\Local\{F4965B60-1D99-4818-9266-98147F102379}
Einige Dateien in TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Stephan\AppData\Local\Temp\avgnt.exe
C:\Users\Stephan\AppData\Local\Temp\sqlite3.dll
C:\Users\Stephan\AppData\Local\Temp\WindowsUpdateAgent30-x64.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-21 00:05
==================== Ende von FRST.txt ============================ Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-09-22 12:03:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0002 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\Stephan\AppData\Local\Temp\kwdirfoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2224] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7677b1ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2224] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7677b31a C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2224] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 767f8f09 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2224] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 76754885 C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2224] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 767f8802 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2224] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 767f89d8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2224] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 767f86f8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2224] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 767f8ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2224] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7676fc78 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2224] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000760d1555 2 bytes JMP 767768bf C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2224] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 767f8fc1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2224] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 767f8b22 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2224] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 767f86bc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2224] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7676fd11 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2224] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7677b2b0 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2224] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 767f8e84 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2224] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 767f8651 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076cfde50 16 bytes [50, 48, B8, 30, 33, 2F, FA, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076cfdca0 16 bytes [50, 48, B8, 10, 5B, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076cfde10 16 bytes [50, 48, B8, 40, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076cfde30 48 bytes [50, 48, B8, 90, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076cfde70 16 bytes [50, 48, B8, 40, 5B, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076cfdec0 32 bytes [50, 48, B8, 70, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076cfdf00 16 bytes [50, 48, B8, 00, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076cfdfa0 16 bytes [50, 48, B8, A0, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076cfe120 16 bytes [50, 48, B8, A0, 57, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076cfeb90 16 bytes [50, 48, B8, C0, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076cfebe0 16 bytes [50, 48, B8, 10, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076cfed30 16 bytes [50, 48, B8, C0, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076cfdca0 16 bytes [50, 48, B8, 10, 5B, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076cfde10 16 bytes [50, 48, B8, 40, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076cfde30 48 bytes [50, 48, B8, 90, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076cfde70 16 bytes [50, 48, B8, 40, 5B, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076cfdec0 32 bytes [50, 48, B8, 70, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076cfdf00 16 bytes [50, 48, B8, 00, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076cfdfa0 16 bytes [50, 48, B8, A0, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076cfe120 16 bytes [50, 48, B8, A0, 57, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076cfeb90 16 bytes [50, 48, B8, C0, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076cfebe0 16 bytes [50, 48, B8, 10, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076cfed30 16 bytes [50, 48, B8, C0, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076cfdca0 16 bytes [50, 48, B8, 10, 5B, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076cfde10 16 bytes [50, 48, B8, 40, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076cfde30 48 bytes [50, 48, B8, 90, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076cfde70 16 bytes [50, 48, B8, 40, 5B, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076cfdec0 32 bytes [50, 48, B8, 70, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076cfdf00 16 bytes [50, 48, B8, 00, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076cfdfa0 16 bytes [50, 48, B8, A0, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076cfe120 16 bytes [50, 48, B8, A0, 57, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076cfeb90 16 bytes [50, 48, B8, C0, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076cfebe0 16 bytes [50, 48, B8, 10, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076cfed30 16 bytes [50, 48, B8, C0, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4768] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076cfdca0 16 bytes [50, 48, B8, 10, 5B, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076cfde10 16 bytes [50, 48, B8, 40, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076cfde30 48 bytes [50, 48, B8, 90, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4768] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076cfde70 16 bytes [50, 48, B8, 40, 5B, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076cfdec0 32 bytes [50, 48, B8, 70, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076cfdf00 16 bytes [50, 48, B8, 00, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076cfdfa0 16 bytes [50, 48, B8, A0, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076cfe120 16 bytes [50, 48, B8, A0, 57, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076cfeb90 16 bytes [50, 48, B8, C0, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076cfebe0 16 bytes [50, 48, B8, 10, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076cfed30 16 bytes [50, 48, B8, C0, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076cfdca0 16 bytes [50, 48, B8, 10, 5B, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076cfde10 16 bytes [50, 48, B8, 40, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076cfde30 48 bytes [50, 48, B8, 90, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076cfde70 16 bytes [50, 48, B8, 40, 5B, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076cfdec0 32 bytes [50, 48, B8, 70, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076cfdf00 16 bytes [50, 48, B8, 00, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076cfdfa0 16 bytes [50, 48, B8, A0, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076cfe120 16 bytes [50, 48, B8, A0, 57, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076cfeb90 16 bytes [50, 48, B8, C0, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076cfebe0 16 bytes [50, 48, B8, 10, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076cfed30 16 bytes [50, 48, B8, C0, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076cfdca0 16 bytes [50, 48, B8, 10, 5B, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076cfde10 16 bytes [50, 48, B8, 40, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076cfde30 48 bytes [50, 48, B8, 90, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076cfde70 16 bytes [50, 48, B8, 40, 5B, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076cfdec0 32 bytes [50, 48, B8, 70, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076cfdf00 16 bytes [50, 48, B8, 00, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076cfdfa0 16 bytes [50, 48, B8, A0, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076cfe120 16 bytes [50, 48, B8, A0, 57, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076cfeb90 16 bytes [50, 48, B8, C0, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076cfebe0 16 bytes [50, 48, B8, 10, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076cfed30 16 bytes [50, 48, B8, C0, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076cfdca0 16 bytes [50, 48, B8, 10, 5B, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076cfde10 16 bytes [50, 48, B8, 40, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076cfde30 48 bytes [50, 48, B8, 90, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076cfde70 16 bytes [50, 48, B8, 40, 5B, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076cfdec0 32 bytes [50, 48, B8, 70, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076cfdf00 16 bytes [50, 48, B8, 00, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076cfdfa0 16 bytes [50, 48, B8, A0, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076cfe120 16 bytes [50, 48, B8, A0, 57, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076cfeb90 16 bytes [50, 48, B8, C0, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076cfebe0 16 bytes [50, 48, B8, 10, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076cfed30 16 bytes [50, 48, B8, C0, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076cfdca0 16 bytes [50, 48, B8, 10, 5B, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076cfde10 16 bytes [50, 48, B8, 40, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076cfde30 48 bytes [50, 48, B8, 90, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076cfde70 16 bytes [50, 48, B8, 40, 5B, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076cfdec0 32 bytes [50, 48, B8, 70, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076cfdf00 16 bytes [50, 48, B8, 00, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076cfdfa0 16 bytes [50, 48, B8, A0, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076cfe120 16 bytes [50, 48, B8, A0, 57, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076cfeb90 16 bytes [50, 48, B8, C0, 59, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076cfebe0 16 bytes [50, 48, B8, 10, 5A, A6, 3F, ...]
.text C:\Program Files\SRWare Iron (64-Bit)\chrome.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076cfed30 16 bytes [50, 48, B8, C0, 5A, A6, 3F, ...]
---- Processes - GMER 2.1 ----
Process C:\Users\Stephan\AppData\LocalLow\WOT\IE\WOTUpdater.exe (*** suspicious ***) @ C:\Users\Stephan\AppData\LocalLow\WOT\IE\WOTUpdater.exe [2432](2012-01-12 10:23:20) 0000000000380000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e7b027c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e7b027c@c8844700f6bd 0xB5 0x5D 0x84 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e7b027c@000c8af2a817 0x46 0x4A 0x7D 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e7b027c@a0e9db186cbc 0xD7 0xF1 0x9A 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e7b027c@00126f7d94b0 0x63 0x2D 0x40 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 23493
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e7b027c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e7b027c@c8844700f6bd 0xB5 0x5D 0x84 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e7b027c@000c8af2a817 0x46 0x4A 0x7D 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e7b027c@a0e9db186cbc 0xD7 0xF1 0x9A 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e7b027c@00126f7d94b0 0x63 0x2D 0x40 0x4C ...
---- EOF - GMER 2.1 ---- |