| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: W 8.1,Trojaner kann von mir nicht entfernt werden.Virus: Trojan.GenericKD.1673711 (Engine A),Virus: Win32.Trojan.Pirpi.A (Engine B)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.08.2014, 20:11
| #1 |
| |  W 8.1,Trojaner kann von mir nicht entfernt werden.Virus: Trojan.GenericKD.1673711 (Engine A),Virus: Win32.Trojan.Pirpi.A (Engine B) KAVROS Rendsburg Hallo freundliches und hilfsbereites Team von „ TROJANER BOARD.de „ , ich habe ein Problem. Ich habe im Mai 2014 eine Mail geöffnet( GMX), die eine ZIP-Datei im Anhang hatte. Mein Schutz meldete mir dann (G-DATA-CB-Ausgabe) dann nach einiger Zeit einen Trojaner (nach Leerlaufscan von G-DATA = 2x), leider habe ich den Fehler begangen und diese beiden Anzeigen aus dem Verlauf gelöscht. Probleme habe ich jetzt beim versenden von E-Mails mit Bildanhang, sowie eine Bildbestellung ist nicht möglich, da das Zeitfenster überschritten worden ist.Die E-Mail ist noch im Postfach (GMX). Können Sie mir behilflich sein? Mit freundlichem Gruß Anbei die Daten der Virenprüfung durch GDATA Kavros hansfried.mueller@freenet.de Virenprüfung mit G Data InternetSecurity CBE Version 25.0.1.2 (20.03.2014) Virensignaturen vom 29.05.2014 Startzeit: 29.05.2014 20:38:54 Engine(s): Engine A (AVA 24.2354), Engine B (GD 25.3336) Heuristik: Ein Archive: Ein Systembereiche: Ein RootKits prüfen: Ein Prüfung der Systembereiche... Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart... Prüfung auf RootKits... Prüfung aller lokalen Festplatten... Analyse vollständig durchgeführt: 29.05.2014 21:49:03 252657 Dateien überprüft 2 infizierte Dateien gefunden 0 verdächtige Dateien gefunden +Archiv: $RZDK2GZ.zip Pfad: C:\$Recycle.Bin\S-1-5-21-2622078942-607086881-82134762-1001 Status: Virus gefunden Virus: Trojan.GenericKD.1673711 (Engine A)[/COLOR][/U] Objekt: SetStretch.exe Pfad: C:\ProgramData Status: Datei in Quarantäne verschoben Virus: Win32.Trojan.Pirpi.A (Engine B) –Der Zugriff auf die folgenden Dateien wurde verweigert: ________________________________________ C:\WINDOWS\Resources\Themes\aero\VSCache\Aero.msstyles_1031_96.mss C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Microsoft-Windows-WorkFolders-WHC.etl C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System (1).etl C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTRAC_PS.etl C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTWFP-IPsec Diagnostics.etl C:\WINDOWS\System32\Microsoft\Protect\Recovery\Recovery.dat C:\WINDOWS\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1 C:\WINDOWS\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2 C:\WINDOWS\System32\Microsoft\Protect\Recovery\Recovery.dat{3903ab39-9a6a-11e3-be7e-bcee7bbf7cf7}.TM.blf C:\WINDOWS\System32\Microsoft\Protect\Recovery\Recovery.dat{3903ab39-9a6a-11e3-be7e-bcee7bbf7cf7}.TMContainer00000000000000000001.regtrans-ms C:\WINDOWS\System32\Microsoft\Protect\Recovery\Recovery.dat{3903ab39-9a6a-11e3-be7e-bcee7bbf7cf7}.TMContainer00000000000000000002.regtrans-ms C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\419310399bc4b13083629073a10a1633_d691a49e-6c69-4cb4-8d79-7ace2a2f2653 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\516045738f0becbfaeadc41ce8becbc4_d691a49e-6c69-4cb4-8d79-7ace2a2f2653 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\78ed4dba83c8e34e3af653f1889d5734_d691a49e-6c69-4cb4-8d79-7ace2a2f2653 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\79232c9cd7682b15b59a8692f11d63cb_d691a49e-6c69-4cb4-8d79-7ace2a2f2653 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8305e7ffcb967d865fc08708ba53b08f_d691a49e-6c69-4cb4-8d79-7ace2a2f2653 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b1293bc3f627cdf5d84c50ba393427fa_d691a49e-6c69-4cb4-8d79-7ace2a2f2653 C:\ProgramData\Microsoft\Windows\LocationProvider\edb.chk C:\ProgramData\Microsoft\Windows\LocationProvider\edb.log C:\ProgramData\Microsoft\Windows\LocationProvider\edb00065.log C:\ProgramData\Microsoft\Windows\LocationProvider\edb00064.log C:\ProgramData\Microsoft\Windows\LocationProvider\edb00066.log C:\ProgramData\Microsoft\Windows\LocationProvider\edb00067.log C:\ProgramData\Microsoft\Windows\LocationProvider\edb00069.log C:\ProgramData\Microsoft\Windows\LocationProvider\edb00068.log C:\ProgramData\Microsoft\Windows\LocationProvider\edbres00001.jrs C:\ProgramData\Microsoft\Windows\LocationProvider\edbtmp.log C:\ProgramData\Microsoft\Windows\LocationProvider\edbres00002.jrs C:\ProgramData\Microsoft\Windows\LocationProvider\LocationCache.dat C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2622078942-607086881-82134762-1001\NoAccess\LockScreenNotificationBadgeImages\276b92b1543a3b2d_844424930263298_100.png C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2622078942-607086881-82134762-1001\NoAccess\LockScreenNotificationBadgeImages\66b946c27e205b38_4785096708083730_100.png C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2622078942-607086881-82134762-1001\NoAccess\LockScreenNotificationBadgeImages\cf558dc5acda18b6_4785096708083730_100.png C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-0.bin C:\System Volume Information\LightningSand.CFD C:\System Volume Information\EfaData\SYMEFA.DB D:\System Volume Information\IndexerVolumeGuid D:\System Volume Information\LightningSand.CFD D:\System Volume Information\EfaData\SYMEFA.DB |
|
19.08.2014, 20:26
| #2 |
| /// the machine /// TB-Ausbilder    | W 8.1,Trojaner kann von mir nicht entfernt werden.Virus: Trojan.GenericKD.1673711 (Engine A),Virus: Win32.Trojan.Pirpi.A (Engine B) hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
20.08.2014, 18:43
| #3 |
| | W 8.1,Trojaner kann von mir nicht entfernt werden.Virus: Trojan.GenericKD.1673711 (Engine A),Virus: Win32.Trojan.Pirpi.A (Engine B)FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Hans Friedrich (administrator) on HOME on 20-08-2014 19:22:13
Running from C:\Users\Hans Friedrich\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
() C:\Program Files\WindowsApps\Microsoft.BingMaps_2.1.2922.2139_x64__8wekyb3d8bbwe\Map.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [EPSON Stylus DX3800] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S5FAA.tmp" /EF "HKLM"
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [EPSON Stylus DX3800 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S494C.tmp" /EF "HKLM"
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [CloneCDElbyCDFL] => C:\Program Files (x86)\Elaborate Bytes\CloneCD\ElbyCheck.exe [45056 2002-11-02] (Elaborate Bytes AG)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\Elaborate Bytes\CloneCD\CloneCDTray.exe [73728 2002-12-02] (Elaborate Bytes AG)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2622078942-607086881-82134762-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-05-28] (Samsung)
HKU\S-1-5-21-2622078942-607086881-82134762-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
Startup: C:\Users\Hans Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Hans Friedrich\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Hans Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: !AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans Friedrich\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans Friedrich\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans Friedrich\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans Friedrich\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans Friedrich\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans Friedrich\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans Friedrich\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans Friedrich\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Hans Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\ls0c6rtc.default
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Hans Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\ls0c6rtc.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Hans Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\ls0c6rtc.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Hans Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\ls0c6rtc.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Hans Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\ls0c6rtc.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Hans Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\ls0c6rtc.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-04-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2723400 2014-03-25] (G Data Software AG)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-18] (Just Develop It)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2992760 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-11-08] (ASUS Corporation)
S3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [15360 2002-11-28] (Elaborate Bytes AG) [File not signed]
S2 ElbyCDIO; C:\Windows\SysWOW64\Drivers\ElbyCDIO.sys [16320 2002-11-29] (Elaborate Bytes AG) [File not signed]
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-05-29] (G Data Software AG)
R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [135168 2014-05-29] (G Data Software AG)
R3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [71168 2014-05-29] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [67584 2014-05-29] (G Data Software AG)
R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [106272 2014-05-29] (G Data Software)
R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [65024 2014-05-29] (G Data Software AG)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-20 19:22 - 2014-08-20 19:23 - 00019824 _____ () C:\Users\Hans Friedrich\Downloads\FRST.txt
2014-08-20 19:19 - 2014-08-20 19:22 - 00000000 ____D () C:\FRST
2014-08-20 19:17 - 2014-08-20 19:17 - 02101760 _____ (Farbar) C:\Users\Hans Friedrich\Downloads\FRST64.exe
2014-08-18 17:17 - 2014-08-02 02:17 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-18 17:17 - 2014-08-02 02:17 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-17 13:56 - 2014-08-17 13:56 - 00008991 _____ () C:\Users\Hans Friedrich\Documents\G Data Protokoll ID 5.html
2014-08-15 16:34 - 2014-08-15 16:41 - 177510134 _____ () C:\Users\Hans Friedrich\Downloads\Windows8.1-KB2975719-x64.msu
2014-08-14 20:31 - 2014-08-14 20:31 - 01785747 _____ () C:\Users\Hans Friedrich\Downloads\Windows8.1-KB2990532-x64.msu
2014-08-14 18:58 - 2014-08-14 19:07 - 00000000 ____D () C:\Users\Hans Friedrich\Documents\2013-Ermioni
2014-08-14 18:57 - 2014-08-14 19:08 - 00000000 ____D () C:\Users\Hans Friedrich\Documents\Video WA 14.08.2014
2014-08-14 18:54 - 2014-08-14 18:54 - 00000000 ____D () C:\Users\Hans Friedrich\Documents\S2-14.08.2014
2014-08-13 19:30 - 2014-08-13 20:37 - 00000000 ____D () C:\Users\Hans Friedrich\AppData\Roaming\Nico Mak Computing
2014-08-13 19:27 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-13 19:27 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-13 19:27 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-13 19:27 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-13 19:27 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-13 19:27 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-13 19:27 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-13 19:27 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-13 19:27 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-13 19:27 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-13 19:27 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-13 19:27 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-13 19:27 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-13 19:27 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-13 19:27 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-13 19:27 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-13 19:27 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-13 19:27 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-13 19:27 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-13 19:27 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 19:27 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-13 19:27 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-13 19:27 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-13 19:27 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-13 19:27 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-13 19:27 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-13 19:27 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-13 19:27 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-13 19:27 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-13 19:27 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-13 19:27 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-13 19:27 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-13 19:27 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-13 19:27 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-13 19:27 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-13 19:26 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-13 19:26 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-13 19:26 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-13 19:26 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-13 19:26 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-13 19:26 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-13 19:25 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-13 19:25 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-13 19:25 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-13 19:25 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-13 19:25 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-13 19:25 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-13 19:25 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-13 19:24 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-13 19:24 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-13 19:24 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-13 19:24 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-13 19:24 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-13 19:24 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-13 19:24 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-13 19:24 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-13 19:24 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-13 19:24 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-13 19:24 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-13 19:24 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-13 19:24 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-13 19:24 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-13 19:24 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-13 19:24 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-13 19:24 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-13 19:24 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-13 19:24 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-13 19:24 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-13 19:24 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-13 19:24 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-13 19:24 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-13 19:24 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-13 19:24 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-13 19:24 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-13 19:24 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-13 19:24 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-13 19:24 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-13 19:24 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-13 19:24 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-13 19:24 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-13 19:24 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-13 19:24 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-13 19:24 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-13 19:24 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-13 19:24 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-13 19:24 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-13 19:24 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-13 19:24 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-13 19:24 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-13 19:24 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-13 19:24 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-13 19:24 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-13 19:24 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-13 19:24 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-13 19:23 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-13 19:23 - 2014-08-07 00:39 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-13 19:23 - 2014-08-07 00:38 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-13 19:23 - 2014-08-02 07:44 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-13 19:23 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-13 19:23 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-13 19:23 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-13 19:23 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-13 19:23 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-13 19:23 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-13 19:23 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-13 19:23 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-13 19:23 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-13 19:23 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-13 19:23 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-13 19:23 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-13 19:23 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-13 19:23 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-13 19:23 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-13 19:23 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-13 19:23 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-13 19:23 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-13 19:23 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-13 19:23 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-13 19:23 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-13 19:23 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-13 19:23 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-13 19:23 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-13 19:23 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-13 19:23 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-13 19:23 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-13 19:23 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-13 19:23 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-09 19:16 - 2014-08-09 19:21 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2014-08-09 19:15 - 2014-08-09 19:15 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-08-08 11:32 - 2014-08-08 11:32 - 00000162 ____H () C:\Users\Hans Friedrich\Downloads\~$ue_Kreditkartenabrechnung_online_abrufbar.eml
2014-08-08 11:29 - 2014-08-08 11:29 - 00178619 _____ () C:\Users\Hans Friedrich\Downloads\Anhänge_20140808.zip
2014-08-02 21:33 - 2014-08-02 21:33 - 00000000 ____D () C:\Users\Hans Friedrich\Documents\20140222 - 90. Geburtstag Willi
2014-08-02 21:23 - 2014-08-04 17:27 - 00000000 ____D () C:\Users\Hans Friedrich\Documents\Bilder für Willi
2014-08-02 21:18 - 2014-08-09 19:25 - 00121856 ___SH () C:\Users\Hans Friedrich\Documents\Thumbs.db
2014-08-01 11:55 - 2014-08-01 11:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 17:09 - 2014-07-29 17:09 - 05337536 _____ () C:\Users\Hans Friedrich\Downloads\Anhänge_20140729 von Peter Büchert.zip
2014-07-24 17:37 - 2014-08-05 12:12 - 00037067 _____ () C:\Users\Hans Friedrich\Documents\Postfach lädt nicht vollständig - freenetMail-Hilfe.htm
2014-07-24 17:37 - 2014-07-24 17:37 - 00000000 ____D () C:\Users\Hans Friedrich\Documents\Postfach lädt nicht vollständig - freenetMail-Hilfe-Dateien
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-20 19:23 - 2014-08-20 19:22 - 00019824 _____ () C:\Users\Hans Friedrich\Downloads\FRST.txt
2014-08-20 19:22 - 2014-08-20 19:19 - 00000000 ____D () C:\FRST
2014-08-20 19:18 - 2014-02-07 20:58 - 01973933 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-20 19:17 - 2014-08-20 19:17 - 02101760 _____ (Farbar) C:\Users\Hans Friedrich\Downloads\FRST64.exe
2014-08-20 19:07 - 2014-02-07 22:06 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-20 19:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-20 18:52 - 2014-03-11 17:49 - 00000000 ___DO () C:\Users\Hans Friedrich\SkyDrive
2014-08-20 18:52 - 2014-01-31 00:02 - 00000062 _____ () C:\Users\Hans Friedrich\AppData\Roaming\sp_data.sys
2014-08-20 15:51 - 2014-04-23 17:04 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2014-08-20 15:51 - 2014-04-23 17:04 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
2014-08-20 15:51 - 2014-02-11 17:23 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6516ACE8-2BFC-4918-94FE-3E2D341A994D}
2014-08-20 15:50 - 2014-07-20 21:00 - 00000000 ___RD () C:\Users\Hans Friedrich\Dropbox
2014-08-20 15:50 - 2014-07-20 20:51 - 00000000 ____D () C:\Users\Hans Friedrich\AppData\Roaming\Dropbox
2014-08-19 20:24 - 2014-02-09 17:49 - 00000000 ____D () C:\Users\Hans Friedrich\AppData\Local\CrashDumps
2014-08-18 18:10 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-18 17:38 - 2014-01-31 00:09 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2622078942-607086881-82134762-1001
2014-08-18 17:28 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-18 17:16 - 2014-01-31 17:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-18 17:16 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-18 17:16 - 2013-08-22 16:44 - 00357528 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-17 20:04 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-17 20:02 - 2014-07-13 19:31 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-17 20:02 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-17 20:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-17 20:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-17 20:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-17 20:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-17 13:56 - 2014-08-17 13:56 - 00008991 _____ () C:\Users\Hans Friedrich\Documents\G Data Protokoll ID 5.html
2014-08-17 13:49 - 2014-06-05 20:35 - 00000000 ____D () C:\Users\Hans Friedrich\AppData\Local\G DATA
2014-08-17 12:18 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-17 12:16 - 2014-02-04 19:57 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-17 12:12 - 2014-02-04 19:57 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-15 16:41 - 2014-08-15 16:34 - 177510134 _____ () C:\Users\Hans Friedrich\Downloads\Windows8.1-KB2975719-x64.msu
2014-08-14 20:31 - 2014-08-14 20:31 - 01785747 _____ () C:\Users\Hans Friedrich\Downloads\Windows8.1-KB2990532-x64.msu
2014-08-14 19:08 - 2014-08-14 18:57 - 00000000 ____D () C:\Users\Hans Friedrich\Documents\Video WA 14.08.2014
2014-08-14 19:07 - 2014-08-14 18:58 - 00000000 ____D () C:\Users\Hans Friedrich\Documents\2013-Ermioni
2014-08-14 19:06 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-14 19:06 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-14 19:06 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-08-14 18:54 - 2014-08-14 18:54 - 00000000 ____D () C:\Users\Hans Friedrich\Documents\S2-14.08.2014
2014-08-13 20:37 - 2014-08-13 19:30 - 00000000 ____D () C:\Users\Hans Friedrich\AppData\Roaming\Nico Mak Computing
2014-08-13 19:22 - 2014-07-10 17:41 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-13 19:22 - 2014-07-10 17:41 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-13 19:22 - 2014-07-05 17:21 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-13 19:22 - 2014-07-05 17:21 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-13 19:22 - 2014-04-12 15:12 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-13 19:22 - 2014-04-12 15:12 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-13 19:22 - 2014-04-12 15:12 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-13 19:22 - 2014-04-12 15:12 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-13 19:22 - 2014-04-12 15:12 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-13 19:22 - 2014-04-12 15:12 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-13 19:22 - 2014-04-12 15:12 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-13 19:22 - 2014-04-12 15:12 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-13 19:22 - 2014-04-12 15:12 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-13 19:22 - 2014-04-12 15:12 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-13 19:22 - 2014-04-11 21:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-13 19:22 - 2014-04-11 21:31 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-13 19:21 - 2013-11-14 09:26 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-08-13 19:17 - 2014-06-11 19:25 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-13 14:01 - 2014-07-20 21:00 - 00001094 _____ () C:\Users\Hans Friedrich\Desktop\Dropbox.lnk
2014-08-13 14:01 - 2014-07-20 20:55 - 00000000 ____D () C:\Users\Hans Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-12 16:56 - 2013-08-22 16:46 - 00317769 _____ () C:\WINDOWS\setupact.log
2014-08-12 16:44 - 2014-02-09 18:22 - 00019456 _____ () C:\Users\Hans Friedrich\Documents\Skatgesamtl.2014.Ergebnis-Schnitt.xls
2014-08-09 19:25 - 2014-08-02 21:18 - 00121856 ___SH () C:\Users\Hans Friedrich\Documents\Thumbs.db
2014-08-09 19:21 - 2014-08-09 19:16 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2014-08-09 19:15 - 2014-08-09 19:15 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-08-09 19:15 - 2014-04-16 18:54 - 00000000 ____D () C:\Users\Hans Friedrich\AppData\Roaming\Canon
2014-08-09 17:32 - 2014-01-31 18:30 - 00000000 ____D () C:\Users\Hans Friedrich\Documents\Kreis-Senior.u.Beiratsit 2014
2014-08-08 11:32 - 2014-08-08 11:32 - 00000162 ____H () C:\Users\Hans Friedrich\Downloads\~$ue_Kreditkartenabrechnung_online_abrufbar.eml
2014-08-08 11:29 - 2014-08-08 11:29 - 00178619 _____ () C:\Users\Hans Friedrich\Downloads\Anhänge_20140808.zip
2014-08-07 04:12 - 2014-08-13 19:23 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-07 00:39 - 2014-08-13 19:23 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-07 00:38 - 2014-08-13 19:23 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-05 12:12 - 2014-07-24 17:37 - 00037067 _____ () C:\Users\Hans Friedrich\Documents\Postfach lädt nicht vollständig - freenetMail-Hilfe.htm
2014-08-04 17:27 - 2014-08-02 21:23 - 00000000 ____D () C:\Users\Hans Friedrich\Documents\Bilder für Willi
2014-08-02 21:33 - 2014-08-02 21:33 - 00000000 ____D () C:\Users\Hans Friedrich\Documents\20140222 - 90. Geburtstag Willi
2014-08-02 07:44 - 2014-08-13 19:23 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-02 05:56 - 2014-08-13 19:23 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-02 05:11 - 2014-08-13 19:23 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-02 02:17 - 2014-08-18 17:17 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-02 02:17 - 2014-08-18 17:17 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 11:55 - 2014-08-01 11:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 17:09 - 2014-07-29 17:09 - 05337536 _____ () C:\Users\Hans Friedrich\Downloads\Anhänge_20140729 von Peter Büchert.zip
2014-07-25 17:28 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-25 16:52 - 2014-08-13 19:27 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-25 15:51 - 2014-08-13 19:27 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-25 15:28 - 2014-08-13 19:27 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-07-25 15:25 - 2014-08-13 19:27 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 19:27 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-07-25 14:59 - 2014-08-13 19:27 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-07-25 14:40 - 2014-08-13 19:27 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 19:27 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-07-25 14:30 - 2014-08-13 19:27 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 19:27 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-13 19:27 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-13 19:27 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-25 14:17 - 2014-08-13 19:27 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-25 14:10 - 2014-08-13 19:27 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-25 14:08 - 2014-08-13 19:27 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 19:27 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-13 19:27 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 19:27 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 19:27 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-25 13:43 - 2014-08-13 19:27 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 19:27 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 19:27 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-25 13:34 - 2014-08-13 19:27 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 19:27 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 19:27 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 19:27 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-25 13:09 - 2014-08-13 19:27 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-25 13:07 - 2014-08-13 19:27 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-25 13:03 - 2014-08-13 19:27 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 19:27 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 19:27 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 19:27 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 19:27 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 19:27 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 19:27 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-24 17:37 - 2014-07-24 17:37 - 00000000 ____D () C:\Users\Hans Friedrich\Documents\Postfach lädt nicht vollständig - freenetMail-Hilfe-Dateien
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
Some content of TEMP:
====================
C:\Users\Hans Friedrich\AppData\Local\Temp\BackupSetup.exe
C:\Users\Hans Friedrich\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptr9dqg.dll
C:\Users\Hans Friedrich\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Hans Friedrich\AppData\Local\Temp\PicasaCD.exe
C:\Users\Hans Friedrich\AppData\Local\Temp\uninstall.exe
C:\Users\Hans Friedrich\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-19 21:19
==================== End Of Log ============================
FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Hans Friedrich at 2014-08-20 19:24:14
Running from C:\Users\Hans Friedrich\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G Data InternetSecurity CBE (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G Data InternetSecurity CBE (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4552 - ABBYY Software House)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.6 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.7 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG5500 series Benutzerregistrierung (HKLM-x32\...\Canon MG5500 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.01 - Canon Inc.)
Canon MG5500 series On-screen Manual (HKLM-x32\...\Canon MG5500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CloneCD (HKLM-x32\...\CloneCD) (Version: - Elaborate Bytes)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deutschland Digital 1.0.0 (HKLM-x32\...\Deutschland Digital_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.13992 - Landesfinanzdirektion Thüringen)
EPSON-Drucker-Software (HKLM-x32\...\EPSON Printer and Utilities) (Version: - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
G Data InternetSecurity CBE (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6804 - Realtek Semiconductor Corp.)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_5 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_5 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - ASUS (ATP) Mouse (10/31/2013 1.0.0.191) (HKLM\...\15591935E93BF0A0E42CA53B578EE5E630971E15) (Version: 10/31/2013 1.0.0.191 - ASUS)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2622078942-607086881-82134762-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hans Friedrich\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2622078942-607086881-82134762-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Hans Friedrich\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2622078942-607086881-82134762-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans Friedrich\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2622078942-607086881-82134762-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans Friedrich\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2622078942-607086881-82134762-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans Friedrich\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2622078942-607086881-82134762-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans Friedrich\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2622078942-607086881-82134762-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans Friedrich\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2622078942-607086881-82134762-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans Friedrich\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2622078942-607086881-82134762-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans Friedrich\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2622078942-607086881-82134762-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans Friedrich\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
24-07-2014 16:28:48 Geplanter Prüfpunkt
04-08-2014 16:14:48 Geplanter Prüfpunkt
17-08-2014 10:01:48 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {07309E79-DEB4-4DB5-9687-A09DE1DD800F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-17] (Microsoft Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {127AEE6E-A063-47B0-A41B-197F759CADB9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {1E40D656-C76E-4F6F-9A89-D213B5A0A31A} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23F7A769-EDD1-499E-AB3C-74AEA299AA55} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe
Task: {260D258F-43B4-4BED-84A8-7AA541E988F1} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4D34D8B1-3F52-414A-8DCB-338B69BF5C6E} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {4EEE45F3-C147-4C41-BB45-3B9D1FEC5E61} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {5FCE5749-2CC7-48E1-9F65-B0B3D58D6B9A} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {7060BD85-85D1-40D7-BB69-E3749049985D} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
Task: {7317B3A3-35AB-4F38-B328-5867CA75F845} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {877613AC-4575-4979-A51D-1AC289BDF473} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8EF5E5CC-47AA-46D8-904B-5B3F79C080E4} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {92122CCC-3F60-43B8-A1D9-D37CF50CC313} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {96201390-8A28-46C7-8894-85AA7CC14DF1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A583293A-F7C0-426A-A56C-AFE5F9867ECB} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {ADC70525-59A7-4C08-BA29-F8DEF90D29E1} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-11-08] (AsusTek)
Task: {B231E8D3-B4DA-4A61-895C-F9212F853C1E} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {BE5C23F6-3341-4675-A04C-80C2D03EC890} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E33B2EFC-E66B-4151-AD3A-13C280F9C1C5} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-04-29] (ASUS)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EAB00EE5-7580-4E04-B0EC-58493F973C92} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2622078942-607086881-82134762-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {EF3FCD5E-DF08-4798-AC5B-F8E1D7D7EA7B} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {F66C8687-CCF8-4435-BFF8-B62F4344F202} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2012-12-19 08:10 - 2012-12-19 08:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2014-02-18 15:32 - 2014-02-18 15:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2014-02-18 15:38 - 2014-02-18 15:38 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2013-12-19 04:42 - 2013-12-19 04:42 - 00350840 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2013-04-29 18:03 - 2013-04-29 18:03 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-10-01 14:02 - 2013-10-01 14:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-29 19:02 - 2014-05-29 19:02 - 01849856 _____ () C:\Program Files\WindowsApps\Microsoft.BingMaps_2.1.2922.2139_x64__8wekyb3d8bbwe\Map.exe
2014-06-04 19:52 - 2014-06-04 19:52 - 07766016 _____ () C:\Users\Hans Friedrich\AppData\Local\Packages\Microsoft.BingMaps_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Map\3ca95742e2c5e8883f67b2f949e56ecb\Map.ni.exe
2014-05-11 14:15 - 2014-05-11 14:15 - 05185024 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI.Xaml\58afb3c922fe504503f07ade2e88ccfb\Windows.UI.Xaml.ni.dll
2014-04-18 18:36 - 2014-04-18 18:36 - 01782784 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\43b92b6dbc9eb61983817ea32346d510\Windows.ApplicationModel.ni.dll
2014-06-04 19:52 - 2014-06-04 19:52 - 01124352 _____ () C:\Users\Hans Friedrich\AppData\Local\Packages\Microsoft.BingMaps_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\DataTypes\fa486a70ed97d59941527d9a47aa2a1a\DataTypes.ni.dll
2014-06-04 19:53 - 2014-06-04 19:53 - 01495040 _____ () C:\Users\Hans Friedrich\AppData\Local\Packages\Microsoft.BingMaps_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Bing.Maps\0ae84f5d2d44afba35157d6396e4a277\Bing.Maps.ni.dll
2014-06-04 19:52 - 2014-06-04 19:52 - 00445440 _____ () C:\Users\Hans Friedrich\AppData\Local\Packages\Microsoft.BingMaps_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Utilities\d4e2aca8cd4c052f8ba49069ca70aaca\Utilities.ni.dll
2014-05-11 14:15 - 2014-05-11 14:15 - 02019840 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Devices\0b4b3f23bdebd1d056b32b31e2f746bb\Windows.Devices.ni.dll
2014-04-18 18:36 - 2014-04-18 18:36 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\057b7043f4868b76c209d9c426b80743\Windows.Foundation.ni.dll
2014-05-11 14:15 - 2014-05-11 14:15 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\d1c5274ccd6fb2b4b5dbddd0f0ca6c6e\Windows.System.ni.dll
2014-06-04 19:53 - 2014-06-04 19:53 - 01092096 _____ () C:\Users\Hans Friedrich\AppData\Local\Packages\Microsoft.BingMaps_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.Bc95a2f00#\66d187ea5fef2024c3adc4e8960730f2\Microsoft.Bing.Platform.Logging.ClientWinRT.ni.dll
2014-04-18 18:36 - 2014-04-18 18:36 - 01278464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\ba65f033632f4fc480cc45bc72bf25e4\Windows.Storage.ni.dll
2014-06-04 19:53 - 2014-06-04 19:53 - 00616960 _____ () C:\Users\Hans Friedrich\AppData\Local\Packages\Microsoft.BingMaps_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Requests\ca03e68dd9b03edf8926f14b5ded96a4\Requests.ni.dll
2014-04-18 18:36 - 2014-04-18 18:36 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\926020eb508f6968545d6a51fb661fad\Windows.UI.ni.dll
2014-06-04 19:53 - 2014-06-04 19:53 - 00086016 _____ () C:\Users\Hans Friedrich\AppData\Local\Packages\Microsoft.BingMaps_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\ConfigModels\b5ea1859fb928f72186b9c1305f0ed65\ConfigModels.ni.dll
2014-06-04 19:53 - 2014-06-04 19:53 - 00212992 _____ () C:\Users\Hans Friedrich\AppData\Local\Packages\Microsoft.BingMaps_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\ConfigManager\acf641dddec500f05d6fad5242a56c3d\ConfigManager.ni.dll
2014-06-04 19:53 - 2014-06-04 19:53 - 00066048 _____ () C:\Users\Hans Friedrich\AppData\Local\Packages\Microsoft.BingMaps_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Search\fa9b388d7847f1ad3e06b69246a7aeca\Search.ni.dll
2014-05-11 14:15 - 2014-05-11 14:15 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f6e236cd6041c81411f85852722670b\Windows.Networking.ni.dll
2014-04-18 18:36 - 2014-04-18 18:36 - 00347136 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\94e2bc13589233f9d2cc54292717b8cf\Windows.Globalization.ni.dll
2014-04-18 18:36 - 2014-04-18 18:36 - 00632320 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Security\00ce12e0481a881d419350afd79395ef\Windows.Security.ni.dll
2014-04-18 18:36 - 2014-04-18 18:36 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\d07f690ce5d3a2de7c9089a6200d64db\Windows.Data.ni.dll
2014-06-04 19:53 - 2014-06-04 19:53 - 00247808 _____ () C:\Users\Hans Friedrich\AppData\Local\Packages\Microsoft.BingMaps_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Authentication\6b2c72622abd25077a73502ba4c074e1\Authentication.ni.dll
2014-06-04 19:53 - 2014-06-04 19:53 - 00193024 _____ () C:\Users\Hans Friedrich\AppData\Local\Packages\Microsoft.BingMaps_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Autosuggest\d782aec09331f963f01f3c46a936255f\Autosuggest.ni.dll
2014-06-04 19:53 - 2014-06-04 19:53 - 00269312 _____ () C:\Users\Hans Friedrich\AppData\Local\Packages\Microsoft.BingMaps_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\MapClientGraph\16220c0e8221199aab5163f3af00787c\MapClientGraph.ni.dll
2014-06-04 19:53 - 2014-06-04 19:53 - 00496640 _____ () C:\Users\Hans Friedrich\AppData\Local\Packages\Microsoft.BingMaps_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.B2384b708#\db55843d9e2ec1f1bd517bec4fcfdb54\Microsoft.Bing.Client.Graph.ni.dll
2014-05-11 14:15 - 2014-05-11 14:15 - 00467456 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\ea818a24554fc2db9a73de1e79afb286\Windows.Graphics.ni.dll
2014-05-29 19:02 - 2014-05-29 19:02 - 02364928 _____ () C:\Program Files\WindowsApps\Microsoft.BingMaps_2.1.2922.2139_x64__8wekyb3d8bbwe\Microsoft.Bing.Client.Graph.dll
2014-08-02 18:17 - 2014-08-02 18:17 - 00163840 _____ () C:\Users\Hans Friedrich\AppData\Local\Packages\Microsoft.BingMaps_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\ActivationUrl\ac228f164c42fd238594ae59fc889c18\ActivationUrl.ni.dll
2013-12-04 04:09 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-10-08 22:41 - 2013-10-08 22:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-09-09 20:23 - 2013-09-09 20:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-08-01 11:55 - 2014-08-01 11:55 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Hans Friedrich\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Hans Friedrich\Downloads\R-13726794_Rechnung_Widerrufsbelehrung.eml:OECustomProperty
AlternateDataStreams: C:\Users\Hans Friedrich\Downloads\~$ue_Kreditkartenabrechnung_online_abrufbar.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/19/2014 08:24:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xccc
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (08/19/2014 08:24:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 31.0.0.5310 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: d40
Startzeit: 01cfbbd849fd6f70
Endzeit: 24
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 0284a325-27ce-11e4-be8d-bcee7bbf7cf7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (08/18/2014 05:19:10 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (08/17/2014 01:56:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GDSC.exe, Version: 25.0.14079.241, Zeitstempel: 0x532a59ff
Name des fehlerhaften Moduls: MSONSEXT.DLL, Version: 11.0.5510.0, Zeitstempel: 0x3f0e5c3f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052b04
ID des fehlerhaften Prozesses: 0x758
Startzeit der fehlerhaften Anwendung: 0xGDSC.exe0
Pfad der fehlerhaften Anwendung: GDSC.exe1
Pfad des fehlerhaften Moduls: GDSC.exe2
Berichtskennung: GDSC.exe3
Vollständiger Name des fehlerhaften Pakets: GDSC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GDSC.exe5
Error: (08/17/2014 00:07:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b6c
Startzeit: 01cfba024c971b11
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\backgroundTaskHost.exe
Berichts-ID: 401b7c18-25f6-11e4-be8c-bcee7bbf7cf7
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftMinesweeper_2.3.1403.2417_x86__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (08/14/2014 08:33:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 31.0.0.5310 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 21d8
Startzeit: 01cfb7e9c99a9656
Endzeit: 79
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 70f8fd1b-23e1-11e4-be8c-bcee7bbf7cf7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (08/14/2014 08:33:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1c6c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (08/14/2014 08:32:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WINWORD.EXE, Version 11.0.5604.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1628
Startzeit: 01cfb7ea54095bc3
Endzeit: 52
Anwendungspfad: C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
Berichts-ID: 5ea1ca80-23e1-11e4-be8c-bcee7bbf7cf7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (08/14/2014 11:02:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xb90
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (08/14/2014 11:02:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 31.0.0.5310 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: bc0
Startzeit: 01cfb79bdeb5ea39
Endzeit: 46
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: b3cad748-2391-11e4-be8c-bcee7bbf7cf7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
System errors:
=============
Error: (08/19/2014 09:49:19 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (08/19/2014 09:49:19 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (08/18/2014 08:20:55 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (08/18/2014 08:20:55 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (08/18/2014 08:20:55 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (08/18/2014 08:20:55 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (08/18/2014 06:38:50 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (08/18/2014 05:17:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ElbyCDIO Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (08/18/2014 05:17:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\ElbyCDIO.sys
Error: (08/18/2014 05:16:09 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\ElbyCDFL.sys
Microsoft Office Sessions:
=========================
Error: (08/19/2014 08:24:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141bccc01cfbbd857eea42dC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll09e08dcf-27ce-11e4-be8d-bcee7bbf7cf7
Error: (08/19/2014 08:24:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe31.0.0.5310d4001cfbbd849fd6f7024C:\Program Files (x86)\Mozilla Firefox\firefox.exe0284a325-27ce-11e4-be8d-bcee7bbf7cf7
Error: (08/18/2014 05:19:10 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (08/17/2014 01:56:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GDSC.exe25.0.14079.241532a59ffMSONSEXT.DLL11.0.5510.03f0e5c3fc000000500052b0475801cfba0ac880c93cC:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exeC:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL7a2a9ff4-2605-11e4-be8c-bcee7bbf7cf7
Error: (08/17/2014 00:07:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384b6c01cfba024c971b114294967295C:\WINDOWS\syswow64\backgroundTaskHost.exe401b7c18-25f6-11e4-be8c-bcee7bbf7cf7Microsoft.MicrosoftMinesweeper_2.3.1403.2417_x86__8wekyb3d8bbweApp
Error: (08/14/2014 08:33:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe31.0.0.531021d801cfb7e9c99a965679C:\Program Files (x86)\Mozilla Firefox\firefox.exe70f8fd1b-23e1-11e4-be8c-bcee7bbf7cf7
Error: (08/14/2014 08:33:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b1c6c01cfb7ed230fe1c2C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll758f0e21-23e1-11e4-be8c-bcee7bbf7cf7
Error: (08/14/2014 08:32:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE11.0.5604.0162801cfb7ea54095bc352C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE5ea1ca80-23e1-11e4-be8c-bcee7bbf7cf7
Error: (08/14/2014 11:02:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141bb9001cfb79cc9ad2eecC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllba6dd8fb-2391-11e4-be8c-bcee7bbf7cf7
Error: (08/14/2014 11:02:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe31.0.0.5310bc001cfb79bdeb5ea3946C:\Program Files (x86)\Mozilla Firefox\firefox.exeb3cad748-2391-11e4-be8c-bcee7bbf7cf7
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 53%
Total physical RAM: 3981.67 MB
Available physical RAM: 1841.68 MB
Total Pagefile: 4877.67 MB
Available Pagefile: 2238.08 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:136.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.34 GB) (Free:257.92 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0FE4DC0A)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
21.08.2014, 17:05
| #4 |
| /// the machine /// TB-Ausbilder | W 8.1,Trojaner kann von mir nicht entfernt werden.Virus: Trojan.GenericKD.1673711 (Engine A),Virus: Win32.Trojan.Pirpi.A (Engine B) Adware & Co. deinstallieren
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu W 8.1,Trojaner kann von mir nicht entfernt werden.Virus: Trojan.GenericKD.1673711 (Engine A),Virus: Win32.Trojan.Pirpi.A (Engine B) |
| anzeige, anzeigen, dateien, defender, fehler, festplatte, folge, free, gmx, infizierte, logfiles, mail, probleme, prozesse, prüfen, recovery, schutz, security, speicher, system volume information, system32, trojaner, virus, windows, wmi |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Linear-Darstellung
