| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Rechner blockiert kurz nach dem StartWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
| |
18.11.2014, 10:00
| #1 |
 |  Windows 7: Rechner blockiert kurz nach dem Start Hallo zusammen, ich habe den Rechner einers Freundes von XP auf Windows 7 "umgerüstet". Das sowie die Installation einiger Programme ging problemlos. Seit kurzem ist es allerdings so, dass der Rechner wenige Minuten, manchmal schon wenige Sekunden nach dem Einloggen des Benutzers (egal welches Benutzers) zunächst die Maus blockiert, wenige Sekunden später erscheint ein Bildschirm unterschiedlicher Farbgebung, manchmal auch leicht gemustert oder zusätzlich mit einem kleinen Bild versehen, das einem Stück Laubsägeblatt ähnelt. Dann geht nichts mehr, nur noch gewaltsames Herunterfahren. Auch das Zurückgehen auf einen früheren Systemwiederherstellungspunkt hilft nichts. Ich habe folgende Programme installiert: GData capella7.1 Firefox Thunderbird Winamp Teamviewer Nero 9 Adobe Reader Adobe Flash Player defogger_disable.log, FRST.txt und Addition.txt folgen. Ein gmer.txt liess sich nicht speichern; der Scan schloss mit der Bemerkung, dass sich keine Veränderung des Systems feststellen ließe. FRST und GMER musste ich im abgesicherten Zustand durchführen, weil sonst der erwähnte Fehler den Vorgang unterbrach. Kann mir bitte jemand bei der Beseitigung des Problems helfen? Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:21 on 18/11/2014 (Hans-Dieter)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Hans-Dieter (administrator) on ARBEITSZIMMER on 18-11-2014 09:29:15
Running from H:\trojanerboard
Loaded Profile: Hans-Dieter (Available profiles: Wolfgang & UpdatusUser & Hans-Dieter)
Platform: Windows 7 Professional (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
HKU\S-1-5-21-755609862-3370036123-842588921-1004\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-755609862-3370036123-842588921-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-755609862-3370036123-842588921-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D103114-A510D0E105D5B4CC49CF&form=CONBDF&conlogo=CT3330941&q={searchTerms}
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\a20z0ldc.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG)
S2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
S2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
S3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG)
S3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-05-22] (C-Media Inc)
S3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [26856 2014-02-17] (CPUID)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-11-17] (G Data Software AG)
S1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-11-17] (G Data Software AG)
S1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-11-17] (G Data Software AG)
S3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-11-17] (G Data Software AG)
S1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2014-11-17] (G Data Software AG)
S1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-11-17] (G Data Software AG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-18 09:28 - 2014-11-18 09:28 - 00262144 ____N () C:\Windows\Minidump\111814-17706-01.dmp
2014-11-18 09:23 - 2014-11-18 09:23 - 00262144 ____N () C:\Windows\Minidump\111814-22698-01.dmp
2014-11-18 09:22 - 2014-11-18 09:29 - 00000000 ____D () C:\FRST
2014-11-18 09:21 - 2014-11-18 09:21 - 00000000 _____ () C:\Users\Hans-Dieter\defogger_reenable
2014-11-18 09:19 - 2014-11-18 09:19 - 00262144 ____N () C:\Windows\Minidump\111814-20217-01.dmp
2014-11-17 20:58 - 2014-11-17 20:58 - 00008192 __RSH () C:\BOOTSECT.BAK
2014-11-17 20:58 - 2014-11-17 12:09 - 00000000 ____D () C:\Windows\Panther
2014-11-17 20:58 - 2009-08-15 11:26 - 00000025 ___RH () C:\Windows\DELL_version
2014-11-17 20:58 - 2009-08-15 11:26 - 00000013 ____R () C:\Windows\csup.txt
2014-11-17 20:58 - 2009-07-14 02:38 - 00383562 __RSH () C:\bootmgr
2014-11-17 20:57 - 2014-11-17 20:57 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-11-17 20:57 - 2014-11-17 20:57 - 00000000 ____D () C:\Windows\SysWOW64\0407
2014-11-17 20:57 - 2014-11-17 20:57 - 00000000 ____D () C:\Windows\system32\0407
2014-11-17 20:57 - 2014-11-17 20:56 - 00295922 _____ () C:\Windows\system32\perfi007.dat
2014-11-17 20:57 - 2014-11-17 20:56 - 00038104 _____ () C:\Windows\system32\perfd007.dat
2014-11-17 20:57 - 2014-11-17 17:59 - 00643628 _____ () C:\Windows\system32\perfh007.dat
2014-11-17 20:57 - 2014-11-17 17:59 - 00126188 _____ () C:\Windows\system32\perfc007.dat
2014-11-17 20:57 - 2014-11-17 17:52 - 00000000 ____D () C:\Windows\SysWOW64\de
2014-11-17 20:57 - 2014-11-17 17:52 - 00000000 ____D () C:\Windows\system32\de
2014-11-17 20:10 - 2014-11-18 09:28 - 00000000 ____D () C:\Windows\Minidump
2014-11-17 20:10 - 2014-11-17 20:10 - 00262144 ____N () C:\Windows\Minidump\111714-33774-01.dmp
2014-11-17 18:14 - 2014-11-17 18:14 - 00001160 _____ () C:\Users\Hans-Dieter\Desktop\PC Wizard 2013.lnk
2014-11-17 18:14 - 2014-11-17 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-11-17 18:14 - 2014-11-17 18:14 - 00000000 ____D () C:\Program Files (x86)\CPUID
2014-11-17 18:14 - 2012-02-14 12:49 - 00114176 _____ (CPUID) C:\Windows\SysWOW64\PCWizard.cpl
2014-11-17 18:12 - 2014-11-17 18:12 - 01125200 _____ () C:\Users\Hans-Dieter\Downloads\PC Wizard 2014 - CHIP-Installer.exe
2014-11-17 18:12 - 2014-11-17 18:12 - 00059960 _____ () C:\Users\Hans-Dieter\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-17 18:11 - 2014-11-17 18:10 - 06821496 _____ (TomTom International B.V.) C:\Users\Hans-Dieter\Downloads\InstallMyDriveConnect_3_3_0_1812.exe
2014-11-17 18:07 - 2014-11-17 18:07 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-11-17 18:07 - 2014-11-17 18:07 - 00001162 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-11-17 18:05 - 2014-11-17 18:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-17 18:05 - 2014-11-17 18:05 - 06626832 _____ (TeamViewer GmbH) C:\Users\Wolfgang\Downloads\TeamViewer_Setup_de.exe
2014-11-17 18:05 - 2014-11-17 18:05 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-17 18:05 - 2014-11-17 18:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-17 18:05 - 2014-11-17 18:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-17 18:04 - 2014-11-17 18:04 - 00000000 ____D () C:\Windows\system32\Macromed
2014-11-17 18:03 - 2014-11-17 18:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-17 18:03 - 2014-11-17 18:03 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-11-17 17:42 - 2014-11-17 17:42 - 00000000 ____D () C:\Users\Hans-Dieter\AppData\Roaming\Macromedia
2014-11-17 17:42 - 2014-11-17 17:42 - 00000000 ____D () C:\Users\Hans-Dieter\AppData\Roaming\Adobe
2014-11-17 17:42 - 2014-11-17 17:42 - 00000000 ____D () C:\Users\Hans-Dieter\AppData\Local\Macromedia
2014-11-17 17:38 - 2014-11-17 17:39 - 00000000 ____D () C:\Users\Wolfgang\AppData\Roaming\Nero
2014-11-17 17:06 - 2014-11-17 17:06 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-11-17 16:56 - 2014-11-17 18:04 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-11-17 16:53 - 2014-11-17 16:53 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-17 16:52 - 2014-11-17 17:30 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-17 16:51 - 2014-11-17 18:05 - 00000000 ____D () C:\Users\Hans-Dieter\AppData\Local\Adobe
2014-11-17 16:42 - 2014-11-17 16:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-17 16:38 - 2014-11-17 16:38 - 00000000 ____D () C:\Users\Hans-Dieter\AppData\Roaming\Mozilla
2014-11-17 16:38 - 2014-11-17 16:38 - 00000000 ____D () C:\Users\Hans-Dieter\AppData\Local\Mozilla
2014-11-17 16:37 - 2014-11-17 16:37 - 00000000 ____D () C:\Users\Hans-Dieter\AppData\Local\TomTom
2014-11-17 16:03 - 2014-11-17 16:03 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-11-17 15:52 - 2014-11-17 15:52 - 00000000 ____D () C:\Users\Wolfgang\AppData\Roaming\capella-software
2014-11-17 15:48 - 2014-11-17 17:52 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-11-17 15:47 - 2014-11-17 17:52 - 00000000 ____D () C:\ProgramData\Nero
2014-11-17 15:47 - 2014-11-17 15:47 - 00000475 _____ () C:\Windows\DirectX.log
2014-11-17 15:34 - 2014-11-17 15:34 - 00000000 ____D () C:\Users\Wolfgang\AppData\Local\G DATA
2014-11-17 15:30 - 2014-11-17 15:30 - 00000188 _____ () C:\Windows\Cmicnfg3.ini.cfl
2014-11-17 15:30 - 2014-11-17 15:30 - 00000138 _____ () C:\Windows\system\Dlap.pfx
2014-11-17 15:30 - 2009-09-07 16:18 - 08151040 _____ (C-Media Corporation) C:\Windows\SysWOW64\CMICNFG3.dll
2014-11-17 15:30 - 2009-08-19 16:03 - 00787456 _____ () C:\Windows\system32\Cmeaupci.exe
2014-11-17 15:30 - 2009-04-02 16:59 - 00143360 _____ () C:\Windows\SysWOW64\VmixP6.dll
2014-11-17 15:30 - 2008-07-23 18:59 - 00389120 _____ () C:\Windows\system32\CMICNFG3.cpl
2014-11-17 15:30 - 2007-11-05 01:30 - 01144983 _____ () C:\Windows\SysWOW64\KB936225x64.msu
2014-11-17 15:30 - 2006-09-14 02:21 - 00200704 _____ (C-Media) C:\Windows\SysWOW64\CMPaOxy.dll
2014-11-17 15:29 - 2014-11-17 15:30 - 00000620 _____ () C:\Windows\Cmicnfg3.ini.imi
2014-11-17 15:29 - 2014-11-17 15:29 - 00000559 _____ () C:\Windows\system\Cmicnfg3.ini
2014-11-17 15:29 - 2014-11-17 15:29 - 00000000 ____D () C:\TerraTec
2014-11-17 15:29 - 2009-08-19 16:00 - 00359424 _____ () C:\Windows\system32\CmiInstallResAll64.dll
2014-11-17 15:29 - 2009-05-07 12:05 - 00002641 _____ () C:\Windows\cmudax3.ini
2014-11-17 15:29 - 2008-10-15 15:41 - 00002123 _____ () C:\Windows\Cmicnfg3.ini.cfg
2014-11-17 15:29 - 2006-10-06 05:45 - 00524768 _____ (Microsoft Corporation) C:\Windows\difxapi.dll
2014-11-17 15:08 - 2014-11-17 15:34 - 00000000 ____D () C:\Users\Wolfgang\AppData\Roaming\Winamp
2014-11-17 15:08 - 2014-11-17 15:08 - 00000979 _____ () C:\Users\Public\Desktop\Winamp.lnk
2014-11-17 15:08 - 2014-11-17 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2014-11-17 15:08 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-11-17 15:08 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-11-17 15:07 - 2014-11-17 15:08 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-11-17 15:07 - 2014-11-17 15:07 - 00000000 ____D () C:\Users\Hans-Dieter\AppData\Roaming\Winamp
2014-11-17 14:04 - 2014-11-17 14:04 - 00002098 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-11-17 14:04 - 2014-11-17 14:04 - 00002086 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-11-17 14:04 - 2014-11-17 14:04 - 00000000 ____D () C:\Users\Wolfgang\AppData\Roaming\Thunderbird
2014-11-17 14:04 - 2014-11-17 14:04 - 00000000 ____D () C:\Users\Wolfgang\AppData\Local\Thunderbird
2014-11-17 14:04 - 2014-11-17 14:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-11-17 14:02 - 2014-11-17 15:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-17 14:02 - 2014-11-17 14:02 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-17 14:02 - 2014-11-17 14:02 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-17 14:02 - 2014-11-17 14:02 - 00000000 ____D () C:\Users\Wolfgang\AppData\Roaming\Mozilla
2014-11-17 14:02 - 2014-11-17 14:02 - 00000000 ____D () C:\Users\Wolfgang\AppData\Local\Mozilla
2014-11-17 14:02 - 2014-11-17 14:02 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-17 14:02 - 2014-11-17 14:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-17 14:01 - 2014-11-17 18:11 - 00000000 ____D () C:\Program Files (x86)\MyDrive Connect
2014-11-17 14:01 - 2014-11-17 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-11-17 14:01 - 2014-11-17 14:01 - 00000000 ____D () C:\Users\Wolfgang\AppData\Local\TomTom
2014-11-17 14:01 - 2014-11-17 14:01 - 00000000 ____D () C:\Program Files (x86)\TomTom International B.V
2014-11-17 13:57 - 2014-11-17 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2014-11-17 13:34 - 2014-11-17 13:34 - 00000000 ____D () C:\Users\Hans-Dieter\AppData\Roaming\capella-software
2014-11-17 13:33 - 2014-11-17 13:33 - 00001954 _____ () C:\Users\Public\Desktop\capella 7.lnk
2014-11-17 13:33 - 2014-11-17 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\capella-software
2014-11-17 13:33 - 2014-11-17 13:33 - 00000000 ____D () C:\Program Files (x86)\capella-software
2014-11-17 12:57 - 2014-11-17 12:57 - 00001439 _____ () C:\Users\Hans-Dieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-17 12:57 - 2014-11-17 12:57 - 00001405 _____ () C:\Users\Hans-Dieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-11-17 12:57 - 2014-11-17 12:57 - 00000020 ___SH () C:\Users\Hans-Dieter\ntuser.ini
2014-11-17 12:57 - 2014-11-17 12:57 - 00000000 ____D () C:\Users\Hans-Dieter\AppData\Local\VirtualStore
2014-11-17 12:50 - 2014-11-17 13:57 - 00064512 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2014-11-17 12:50 - 2014-11-17 13:57 - 00020992 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2014-11-17 12:50 - 2014-11-17 13:57 - 00001978 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2014-11-17 12:50 - 2014-11-17 12:50 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2014-11-17 12:50 - 2014-11-17 12:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2014-11-17 12:49 - 2014-11-17 13:56 - 00004018 _____ () C:\Windows\DPINST.LOG
2014-11-17 12:49 - 2014-11-17 12:49 - 00142336 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-11-17 12:49 - 2014-11-17 12:49 - 00061440 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2014-11-17 12:49 - 2014-11-17 12:49 - 00055808 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-11-17 12:49 - 2014-11-17 12:49 - 00000779 _____ () C:\Users\Wolfgang\AppData\Roaming\gdscan.log
2014-11-17 12:49 - 2014-11-17 12:49 - 00000000 _____ () C:\Users\Wolfgang\AppData\Roaming\gdfw.log
2014-11-17 12:48 - 2014-11-17 12:48 - 00000000 ____D () C:\Program Files (x86)\G DATA
2014-11-17 12:46 - 2014-11-17 13:04 - 00000000 ____D () C:\ProgramData\G Data
2014-11-17 12:43 - 2014-11-17 12:43 - 00000418 _____ () C:\Windows\PFRO.log
2014-11-17 12:36 - 2014-11-04 14:30 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-17 12:27 - 2014-11-17 12:27 - 00000762 _____ () C:\Windows\comsetup.log
2014-11-17 12:26 - 2014-11-18 09:21 - 00000000 ____D () C:\Users\Hans-Dieter
2014-11-17 12:26 - 2014-11-17 12:26 - 00000000 _SHDL () C:\Users\Hans-Dieter\Vorlagen
2014-11-17 12:26 - 2014-11-17 12:26 - 00000000 _SHDL () C:\Users\Hans-Dieter\Startmenü
2014-11-17 12:26 - 2014-11-17 12:26 - 00000000 _SHDL () C:\Users\Hans-Dieter\Netzwerkumgebung
2014-11-17 12:26 - 2014-11-17 12:26 - 00000000 _SHDL () C:\Users\Hans-Dieter\Lokale Einstellungen
2014-11-17 12:26 - 2014-11-17 12:26 - 00000000 _SHDL () C:\Users\Hans-Dieter\Eigene Dateien
2014-11-17 12:26 - 2014-11-17 12:26 - 00000000 _SHDL () C:\Users\Hans-Dieter\Druckumgebung
2014-11-17 12:26 - 2014-11-17 12:26 - 00000000 _SHDL () C:\Users\Hans-Dieter\Documents\Eigene Musik
2014-11-17 12:26 - 2014-11-17 12:26 - 00000000 _SHDL () C:\Users\Hans-Dieter\Documents\Eigene Bilder
2014-11-17 12:26 - 2014-11-17 12:26 - 00000000 _SHDL () C:\Users\Hans-Dieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-17 12:26 - 2014-11-17 12:26 - 00000000 _SHDL () C:\Users\Hans-Dieter\AppData\Local\Verlauf
2014-11-17 12:26 - 2014-11-17 12:26 - 00000000 _SHDL () C:\Users\Hans-Dieter\AppData\Local\Anwendungsdaten
2014-11-17 12:26 - 2014-11-17 12:26 - 00000000 _SHDL () C:\Users\Hans-Dieter\Anwendungsdaten
2014-11-17 12:26 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Hans-Dieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-17 12:26 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Hans-Dieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-17 12:25 - 2014-11-17 15:03 - 00059960 _____ () C:\Users\Wolfgang\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-17 12:25 - 2014-11-17 12:25 - 00000000 ___DC () C:\Users\Wolfgang\AppData\Local\MigWiz
2014-11-17 12:24 - 2014-11-17 12:24 - 00000000 ____D () C:\NVIDIA
2014-11-17 12:22 - 2014-11-17 12:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-11-17 12:16 - 2014-11-17 12:16 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-11-17 12:16 - 2014-11-17 12:16 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen
2014-11-17 12:16 - 2014-11-17 12:16 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-11-17 12:16 - 2014-11-17 12:16 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-11-17 12:16 - 2014-11-17 12:16 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen
2014-11-17 12:16 - 2014-11-17 12:16 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien
2014-11-17 12:16 - 2014-11-17 12:16 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-11-17 12:16 - 2014-11-17 12:16 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-11-17 12:16 - 2014-11-17 12:16 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-11-17 12:16 - 2014-11-17 12:16 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-17 12:16 - 2014-11-17 12:16 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-11-17 12:16 - 2014-11-17 12:16 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2014-11-17 12:16 - 2014-11-17 12:16 - 00000000 _SHDL () C:\Users\UpdatusUser\Anwendungsdaten
2014-11-17 12:16 - 2014-11-17 12:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-17 12:16 - 2014-11-17 12:16 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-17 12:16 - 2013-02-19 22:32 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-11-17 12:16 - 2013-02-19 22:32 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-11-17 12:16 - 2013-01-31 10:25 - 06207776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-17 12:16 - 2013-01-31 10:25 - 03300640 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-17 12:16 - 2013-01-31 10:24 - 02558240 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-17 12:16 - 2013-01-31 10:24 - 00878368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-17 12:16 - 2013-01-31 10:24 - 00118560 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-17 12:16 - 2013-01-31 10:24 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-17 12:16 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-17 12:16 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-17 12:15 - 2014-11-17 12:16 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-17 12:15 - 2014-11-17 12:15 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-17 12:10 - 2014-11-17 12:10 - 00001439 _____ () C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-17 12:10 - 2014-11-17 12:10 - 00001405 _____ () C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-11-17 12:10 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-17 12:10 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-17 12:10 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-17 12:10 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-17 12:10 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-17 12:10 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-17 12:10 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-17 12:10 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-17 12:10 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-17 12:09 - 2014-11-17 17:54 - 00000000 ____D () C:\Users\Wolfgang
2014-11-17 12:09 - 2014-11-17 12:29 - 00000000 ____D () C:\Users\Wolfgang\AppData\Local\VirtualStore
2014-11-17 12:09 - 2014-11-17 12:09 - 00000020 ___SH () C:\Users\Wolfgang\ntuser.ini
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Wolfgang\Vorlagen
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Wolfgang\Startmenü
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Wolfgang\Netzwerkumgebung
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Wolfgang\Lokale Einstellungen
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Wolfgang\Eigene Dateien
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Wolfgang\Druckumgebung
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Wolfgang\Documents\Eigene Musik
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Wolfgang\Documents\Eigene Bilder
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Wolfgang\AppData\Local\Verlauf
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Wolfgang\AppData\Local\Anwendungsdaten
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Wolfgang\Anwendungsdaten
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Programme
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 __SHD () C:\Recovery
2014-11-17 12:09 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-17 12:09 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-17 12:02 - 2014-11-17 12:02 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-11-17 12:02 - 2014-11-17 12:02 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-11-17 12:02 - 2014-11-17 12:02 - 00001313 _____ () C:\Windows\TSSysprep.log
2014-11-17 12:01 - 2014-11-17 20:12 - 00184939 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 18:27 - 2014-11-11 18:26 - 00015511 _____ () C:\Users\Wolfgang\Documents\Taizé - Andacht am 16.11.14.odt
2014-11-10 18:33 - 2014-11-10 18:34 - 06727680 _____ () C:\Users\Wolfgang\Downloads\10063-64.exe
2014-11-02 14:09 - 2014-11-17 13:34 - 00000000 ____D () C:\Users\Hans-Dieter\Documents\capella
2014-11-02 12:53 - 2014-11-02 12:53 - 00638888 _____ (Oracle Corporation) C:\Users\Hans-Dieter\Downloads\jxpiinstall.exe
2014-11-02 10:08 - 2014-11-02 10:08 - 06656512 _____ () C:\Users\Wolfgang\Downloads\TerraTec_Aureon_5.1_PCI_Fun_Drv_App_6.12.8.1738.exe
2014-10-30 15:54 - 2014-11-17 12:30 - 00000000 ____D () C:\Users\Wolfgang\Desktop\Kemals Songs
2014-10-30 11:51 - 2014-10-30 11:52 - 08782120 _____ (Tobit.Software) C:\Users\Wolfgang\Downloads\radiorecorder-setup.exe
2014-10-29 19:51 - 2014-11-17 12:32 - 00000000 ____D () C:\Users\Wolfgang\Documents\Cyberlink
2014-10-29 15:28 - 2014-10-29 15:30 - 76360088 _____ (Adobe Systems Incorporated) C:\Users\Wolfgang\Downloads\AdbeRdr11009_de_DE.exe
2014-10-29 13:36 - 2014-11-17 12:27 - 00000000 ____D () C:\Users\Hans-Dieter\Downloads\redist
2014-10-29 13:36 - 2014-11-17 12:27 - 00000000 ____D () C:\Users\Hans-Dieter\Downloads\readmes
2014-10-29 13:36 - 2014-11-17 12:27 - 00000000 ____D () C:\Users\Hans-Dieter\Downloads\licenses
2014-10-28 17:01 - 2014-10-28 17:01 - 09625160 _____ () C:\Users\Wolfgang\Downloads\qm__-win-2_4_1-ea31_2.exe
2014-10-28 12:59 - 2014-10-28 12:59 - 01125200 _____ () C:\Users\Wolfgang\Downloads\AIDA64 - CHIP-Installer.exe
2014-10-27 17:36 - 2014-10-27 17:36 - 00001280 _____ () C:\Users\Hans-Dieter\Desktop\Command Prompt.lnk
2014-10-27 16:09 - 2014-10-27 16:09 - 12855384 _____ (Nullsoft, Inc.) C:\Users\Wolfgang\Downloads\winamp5666_full_de-de_b3516.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-18 09:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-18 09:23 - 2009-07-14 05:51 - 00018057 _____ () C:\Windows\setupact.log
2014-11-17 20:58 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-11-17 20:58 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-11-17 20:58 - 2009-07-14 05:45 - 00000000 ____D () C:\Windows\Setup
2014-11-17 20:57 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-11-17 20:57 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-11-17 20:57 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-11-17 20:57 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-11-17 20:57 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-11-17 20:57 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\winrm
2014-11-17 20:57 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\WCN
2014-11-17 20:57 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\slmgr
2014-11-17 20:57 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-11-17 20:57 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-11-17 20:57 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-11-17 20:57 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-11-17 20:57 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-11-17 20:57 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-11-17 20:57 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-17 20:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-11-17 20:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-11-17 20:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-11-17 20:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\com
2014-11-17 20:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\IME
2014-11-17 20:12 - 2009-07-14 05:45 - 00018624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-17 20:12 - 2009-07-14 05:45 - 00018624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-17 20:10 - 2009-07-14 05:45 - 00271904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-17 17:59 - 2009-07-14 06:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-17 17:52 - 2009-07-14 08:47 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-17 17:52 - 2009-07-14 08:46 - 00000000 ____D () C:\Windows\ShellNew
2014-11-17 17:52 - 2009-07-14 08:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-17 17:52 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-17 17:52 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-11-17 17:52 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\ras
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\uk-UA
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\th-TH
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sppui
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ras
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ias
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\he-IL
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\et-EE
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\servicing
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Services
2014-11-17 17:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-11-17 15:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system
2014-11-17 12:42 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-17 12:42 - 2008-10-03 08:51 - 00000000 ____D () C:\Users\Wolfgang\WINDOWS
2014-11-17 12:33 - 2013-03-27 17:26 - 00000000 ____D () C:\Users\Wolfgang\Documents\My Kindle Content
2014-11-17 12:33 - 2011-02-16 12:04 - 00000000 ____D () C:\Users\Wolfgang\Documents\restore
2014-11-17 12:33 - 2009-02-11 18:39 - 00000000 ____D () C:\Users\Wolfgang\Documents\Meine PSP-Dateien
2014-11-17 12:33 - 2008-10-08 17:20 - 00000000 ____D () C:\Users\Wolfgang\Documents\Outlook
2014-11-17 12:33 - 2008-10-08 16:47 - 00000000 ____D () C:\Users\Wolfgang\Documents\Dokumente
2014-11-17 12:32 - 2014-06-17 07:39 - 00000000 ____D () C:\Users\Wolfgang\Documents\capella
2014-11-17 12:32 - 2012-12-21 23:36 - 00000000 ____D () C:\Users\Wolfgang\Documents\Aufnahmen
2014-11-17 12:32 - 2012-11-11 14:17 - 00000000 ____D () C:\Users\Wolfgang\Documents\CD-Zusammenstellungen
2014-11-17 12:32 - 2012-11-01 16:56 - 00000000 ____D () C:\Users\Wolfgang\Documents\Amazon MP3
2014-11-17 12:32 - 2012-03-23 12:54 - 00000000 ____D () C:\Users\Wolfgang\Desktop\Lumix TZ 25
2014-11-17 12:32 - 2009-02-06 18:31 - 00000000 ____D () C:\Users\Wolfgang\Documents\Albums
2014-11-17 12:30 - 2009-09-16 12:30 - 00000000 ____D () C:\Users\Wolfgang\AVM_Driver
2014-11-17 12:29 - 2013-03-29 19:26 - 00000000 ____D () C:\Users\Wolfgang\.swt
2014-11-17 12:29 - 2013-03-29 19:26 - 00000000 ____D () C:\Users\Wolfgang\.phase-6
2014-11-17 12:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-11-17 12:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-17 12:09 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2014-11-17 12:09 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-17 12:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-11-17 12:02 - 2009-07-14 05:46 - 00001774 _____ () C:\Windows\DtcInstall.log
2014-11-17 12:02 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-17 12:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-11-17 11:59 - 2009-07-14 08:46 - 00000000 ____D () C:\Windows\CSC
2014-10-24 11:39 - 2009-04-06 14:13 - 15728640 _____ () C:\Users\Wolfgang\ntuser (1).dat
Files to move or delete:
====================
C:\Users\Wolfgang\ntuser (1).dat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-17 19:04
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Hans-Dieter at 2014-11-18 09:27:01
Running from H:\trojanerboard
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Aureon 5.1 PCI (HKLM\...\C-Media PCI Audio Driver) (Version: - )
capella 7 (HKLM-x32\...\{C956D350-CC58-4649-8902-FCEC7FCA6244}) (Version: 7.1.24 - capella software AG)
G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.3 - G DATA Software AG)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
PC Wizard 2013.2.12 (HKLM-x32\...\PC Wizard 2013_is1) (Version: - CPUID)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
|
| Themen zu Windows 7: Rechner blockiert kurz nach dem Start |
| .dll, administrator, adware, beseitigung, bildschirm, blockiert, desktop, einloggen, explorer, fehler, iexplore.exe, installation, maus, mozilla, programme, registry, rundll, scan, security, sekunden, services.exe, software, svchost.exe, windows, winlogon.exe |
Baum-Darstellung