| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7: wie entferne ich Profiler.gen.ac und Win32/Matsnu.L?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.01.2015, 16:51
| #1 |
 |  Windows 7: wie entferne ich Profiler.gen.ac und Win32/Matsnu.L? Hallo, unser PC ist seit einiger Zeit sehr langsam geworden. Das Antivirusprogramm McAfee meldet bei jedem Neustart den Trojaner Profiler.gen.ac, allerdings immer an einem anderen Ort. Im Nachhinein weiß ich, dass wir eine eMail mit einer Mahnung aufgemacht haben... Das Schlimmste ist, wir können beim OnlineBanking uns zwar einloggen, aber dann kommt eine Meldung (eine Maske, die nicht zu schließen ist), die wir nicht übergehen können. Es wird verlangt etweder sofort 4.850 Euro zurück zu überweisen oder den Zugriff auf das komplette Konto zu erlauben. Auf den anderen Trojaner Win 32/Matsnu.L hat mich "Microsoft Tools zum Entfernen bösartiger Software" aufmerksam gemacht, wenn es denn eine echte Microsoftmeldung war. Ich habe die Informationen zusammengestellt, allerdings wurde GMER plötzlich abgebrochen mit dem z.Z. häufigem Hinweis "Programm funktioniert jetzt nicht mehr". Bitte, wenn Ihr etwas für uns tun könnt... Danke! defogger_disable.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:20 on 13/01/2015 (*****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by ***** (administrator) on PAULUSSCHWESTER on 13-01-2015 15:32:52
Running from C:\Users\*****\Desktop
Loaded Profile: ***** (Available profiles: *****)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
() C:\Program Files\MaxUp Video Downloader\maxup.exe
(EasyBits Software AS) C:\ProgramData\GameXN\GameXNGO.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\authority_key_identifier\search_icon.exe
() C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\health_record.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Windows\System32\find.exe
(Microsoft Corporation) C:\Windows\System32\label.exe
(Microsoft Corporation) C:\Windows\System32\attrib.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\diskperf.exe
(Microsoft Corporation) C:\Windows\System32\runonce.exe
(Microsoft Corporation) C:\Windows\System32\doskey.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
() C:\Users\*****\Desktop\Defogger.exe
(Ipswitch) C:\Program Files\WS_FTP Pro\WsftpCOMHelper.exe
(Company 'gora-sah') C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\live_export.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [514832 2014-10-06] (McAfee, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [MaxUp Video Downloader] => C:\Program Files\MaxUp Video Downloader\maxup.exe [30720 2010-02-11] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [GameXN GO] => C:\ProgramData\GameXN\GameXNGO.exe [347008 2012-02-25] (EasyBits Software AS)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [kkiiweuu] => C:\Users\*****\AppData\Local\Lpsgds\kvsewweuu.exe [80384 2014-10-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [sfjeyykp] => C:\Users\*****\AppData\Local\Temp\Gubfc\ctthhrpyykp.exe [58880 2014-10-11] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [uvkvdwyw] => C:\Users\*****\AppData\Local\Gorebxesay\elenidwyw.exe [58880 2014-10-11] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ohpjimak] => C:\Users\*****\AppData\Local\Temp\Khybp\cqgfcimak.exe [179200 2015-01-10] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [cmomffmv] => C:\Users\*****\AppData\Local\Temp\Piaiohqqbm\pgwcyqfffmv.exe [64512 2014-10-13] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [scriptplugin32] => C:\Users\*****\AppData\Roaming\Script\scriptplugin32.exe [135168 2014-10-30] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [script-dll] => C:\Users\*****\AppData\Roaming\Script\script-dll.exe [55808 2014-10-31] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [update] => C:\Users\*****\AppData\Roaming\Update\update.exe [72704 2014-11-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [updateservice32] => C:\Users\*****\AppData\Local\Temp\Update\updateservice32.exe [72704 2014-11-10] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [updatestage] => C:\Users\*****\AppData\Local\Temp\Update\updatestage.exe [71680 2014-11-06] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [sim_pin] => C:\Program Files\Adobe\Reader 11.0\Reader\Browser\question\social_updates.exe [150016 2012-10-23] (American Megatrends, Inc)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [run] => C:\Users\*****\AppData\Roaming\Run\run.exe [90112 2014-11-22] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [loader-help] => C:\Users\*****\AppData\Roaming\Loader\loader-help.exe [90112 2014-11-22] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [firefox64-print64] => C:\Users\*****\AppData\Local\Firefox64\firefox64-print64.exe [78336 2014-11-24] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [avira32frame] => C:\Users\*****\AppData\Roaming\Avira32\avira32frame.exe [78336 2014-11-24] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] (Лаборатория Касперского НО ПУТИН ВСЕ РАВНО ХУЙЛО)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [data_sense] => C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1031-7B44-AB0000000001}\mjgbgq\inventory_order\refresh.exe [336384 2010-10-19] (Glarysoft Ltd)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mortgage-plant] => C:\Users\*****\AppData\Roaming\Mortgage_imagine\mortgage_station.exe [151040 2015-01-10] (Лаборатория Касперского НО ПУТИН ВСЕ РАВНО ХУЙЛО)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mountain-choose] => C:\Users\*****\AppData\Local\Temp\Mountain-task\mountain_appear.exe [251904 2015-01-13] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [space] => C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\authority_key_identifier\search_icon.exe [255488 2014-09-12] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [emergency_room] => C:\ProgramData\GameXN\Chat\windows_calendar\web_filtering.exe [350208 2011-09-19] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [validation] => C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\health_record.exe [350208 2014-12-28] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] (Лаборатория Касперского НО ПУТИН ВСЕ РАВНО ХУЙЛО)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [mortgage-plant] => C:\Users\*****\AppData\Roaming\Mortgage_imagine\mortgage_station.exe [151040 2015-01-10] (Лаборатория Касперского НО ПУТИН ВСЕ РАВНО ХУЙЛО)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [mountain-choose] => C:\Users\*****\AppData\Local\Temp\Mountain-task\mountain_appear.exe [251904 2015-01-13] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\MountPoints2: {e9c492e8-c7fe-11e1-b6ec-002421af38dd} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000 -> DefaultScope {3A28514C-0D87-4C90-A786-E1FE060B9784} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140325&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000 -> {3A28514C-0D87-4C90-A786-E1FE060B9784} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140325&p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {142DC14B-63E4-453E-8B4B-AE36A52BF049} hxxp://appdown.naver.com/naver/sports/Cabs/NLiveCastX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\5hgb4j72.default
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: hxxp://www.paulus-schwestern.de
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE0D20140325&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/O1DPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-12-10]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-03-25]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-25]
FF HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-12-18]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\Mcafee\ActWiz\McAWFwk.exe [287728 2013-04-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [40448 2009-08-28] (Apple, Inc.) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-13 15:32 - 2015-01-13 15:34 - 00023550 _____ () C:\Users\*****\Desktop\FRST.txt
2015-01-13 15:32 - 2015-01-13 15:32 - 00000000 ____D () C:\FRST
2015-01-13 15:31 - 2015-01-13 15:31 - 01115648 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2015-01-13 15:20 - 2015-01-13 15:20 - 00000496 _____ () C:\Users\*****\Desktop\defogger_disable.log
2015-01-13 15:20 - 2015-01-13 15:20 - 00000000 _____ () C:\Users\*****\defogger_reenable
2015-01-13 15:18 - 2015-01-13 15:18 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2015-01-10 16:14 - 2015-01-10 16:14 - 00000000 ___HD () C:\Users\*****\AppData\Local\Price-deposit
2015-01-10 15:55 - 2015-01-10 15:55 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage_imagine
2015-01-09 09:15 - 2015-01-09 09:15 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-command
2015-01-09 09:06 - 2015-01-09 09:06 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-joke
2015-01-08 09:23 - 2015-01-08 09:28 - 00785408 _____ () C:\Users\*****\Desktop\Formular Inventur Düsseldorf 2014.xls
2015-01-08 09:12 - 2015-01-10 16:16 - 00000000 ___HD () C:\Users\*****\AppData\Local\Cpecwmjid
2015-01-08 08:40 - 2015-01-08 08:40 - 00000000 ___HD () C:\Users\*****\AppData\Local\Pin-phase
2015-01-06 10:37 - 2015-01-08 17:17 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Farmer-cook
2015-01-05 18:40 - 2015-01-05 18:40 - 00005816 _____ () C:\Users\*****\AppData\Roaming\out.bin
2015-01-05 15:18 - 2015-01-05 15:18 - 00182784 _____ () C:\Users\*****\AppData\Roaming\salmagundis.c
2015-01-02 08:17 - 2015-01-02 08:17 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-golf
2014-12-26 08:26 - 2015-01-05 10:00 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Ppqbxpput
2014-12-19 21:10 - 2014-12-23 20:56 - 00000000 ____D () C:\Users\*****\Desktop\Presentazione Düsseldorf -
2014-12-19 09:26 - 2014-12-19 09:26 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-shoulder
2014-12-18 11:08 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:47 - 2014-12-18 11:23 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Fbkkan
2014-12-18 10:45 - 2014-12-18 10:47 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Wiyuws
2014-12-18 10:35 - 2014-12-18 10:45 - 00000000 ___HD () C:\Users\*****\AppData\Local\Nfnbbvqez
2014-12-15 10:05 - 2014-12-18 10:35 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Ktaqfpqp
2014-12-15 09:55 - 2014-12-24 10:46 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage-explain
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-13 15:31 - 2012-02-25 19:45 - 00000000 ____D () C:\ProgramData\GameXN
2015-01-13 15:29 - 2010-12-12 13:09 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job
2015-01-13 15:27 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 15:27 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 15:20 - 2009-12-11 11:59 - 00000000 ____D () C:\Users\*****
2015-01-13 15:18 - 2009-12-11 11:40 - 01382871 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 15:11 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 15:10 - 2009-12-11 12:35 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-13 15:10 - 2009-12-11 12:10 - 00853394 _____ () C:\Windows\PFRO.log
2015-01-13 15:10 - 2009-07-14 05:39 - 00251262 _____ () C:\Windows\setupact.log
2015-01-13 15:04 - 2009-12-11 14:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-01-13 14:03 - 2014-10-16 15:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Win
2015-01-13 13:56 - 2012-02-25 19:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\go
2015-01-12 17:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-10 21:32 - 2013-08-15 09:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-10 16:35 - 2009-12-11 14:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Apple Computer
2015-01-06 15:46 - 2009-12-11 11:54 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 18:34 - 2014-10-10 14:47 - 00000000 ____D () C:\ProgramData\kjsdym
2014-12-22 14:50 - 2013-06-23 09:48 - 00000000 ____D () C:\Users\*****\Documents\Agnes
2014-12-20 16:55 - 2012-10-27 09:57 - 00000000 ____D () C:\Users\*****\Documents\Gabriela
2014-12-19 10:33 - 2013-02-27 13:02 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-12-19 10:33 - 2011-12-04 21:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-15 16:07 - 2011-10-20 21:01 - 00000000 ____D () C:\Users\*****\Desktop\gemeinschaft
Files to move or delete:
====================
C:\Users\*****\AppData\Local\Temp\Gubfc\ctthhrpyykp.exe
C:\Users\*****\AppData\Local\Temp\Khybp\cqgfcimak.exe
C:\Users\*****\AppData\Local\Temp\Piaiohqqbm\pgwcyqfffmv.exe
C:\Users\*****\AppData\Local\Temp\Update\updateservice32.exe
C:\Users\*****\AppData\Local\Temp\Update\updatestage.exe
C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe
C:\Users\*****\AppData\Local\Temp\Mountain-task\mountain_appear.exe
C:\Users\*****\install_reader11_de_ltr5x32d_awc_aih.exe
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\camera.exe
C:\Users\*****\AppData\Local\Temp\contentDATs.exe
C:\Users\*****\AppData\Local\Temp\FileSystemView.dll
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate12.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate13.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate14.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate15.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate16.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate17.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate18.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate19.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate20.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate21.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate22.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate23.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate24.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate25.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate26.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate27.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate28.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate29.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate30.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate31.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate32.exe
C:\Users\*****\AppData\Local\Temp\GUR5F06.exe
C:\Users\*****\AppData\Local\Temp\GUR98D5.exe
C:\Users\*****\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\*****\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\_is11FB.exe
C:\Users\*****\AppData\Local\Temp\_is37A.exe
C:\Users\*****\AppData\Local\Temp\_is453B.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-12 17:07
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02
Ran by Paulus Schwestern at 2015-01-13 15:35:00
Running from C:\Users\Paulus Schwestern\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
d71kibj5usy (HKLM\...\{2028b740-5aa6-4f26-b77c-db4d43d458a2}.sdb) (Version: - )
Epson Easy Photo Print 2 (HKLM\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EPSON Stylus Office BX300F_TX300F Handbuch (HKLM\...\EPSON Stylus Office BX300F_TX300F Benutzerhandbuch) (Version: - )
GameXN GO (HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Game Organizer) (Version: - GameXN AS)
Garmin City Navigator Europe NT 2010.31 Update (HKLM\...\{D22F5242-773E-4270-AB1F-492021BCABBE}) (Version: 13.31.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{15F4085A-BC98-4590-AFFD-03BBBE49524E}) (Version: 2.9.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Ipswitch WS_FTP 12 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.4 - Ipswitch)
Ipswitch WS_FTP Pro Uninstall (HKLM\...\WS_FTPPro) (Version: - )
iTunes (HKLM\...\{81063354-9060-42B2-A000-1EBE96778AA9}) (Version: 9.0.3.15 - Apple Inc.)
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
MaxUp Video Downloader 1.0 (HKLM\...\MaxUp Video Downloader_is1) (Version: - )
McAfee Internet Security (HKLM\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero 7 Essentials (HKLM\...\{F17F7703-1E72-40C1-A0DD-E5B365661031}) (Version: 7.02.0794 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
oryvs1aqn (HKLM\...\{9d31bfce-bd21-4218-bb95-90d535e179ad}.sdb) (Version: - )
Pacchetto di compatibilità per Office System 2007 (HKLM\...\{90120000-0020-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skype Toolbars (HKLM\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.19045 - TeamViewer)
Voipwise (HKLM\...\Voipwise_is1) (Version: 4.04 build 550 - Finarea S.A. Switzerland)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
==================== Restore Points =========================
09-08-2014 08:56:16 Windows Update
10-08-2014 02:00:42 Windows Update
13-08-2014 08:13:20 Windows Update
13-08-2014 11:42:12 Windows Update
14-08-2014 15:45:31 Windows Update
15-08-2014 02:00:59 Windows Update
15-08-2014 06:39:58 Windows Update
15-08-2014 08:56:54 Windows Update
15-08-2014 15:46:44 Windows Update
15-08-2014 18:52:37 Windows Update
16-08-2014 15:21:32 Windows Update
16-08-2014 17:29:54 Windows Update
24-08-2014 14:29:40 Windows Update
24-08-2014 16:58:16 Windows Update
25-08-2014 19:56:20 Windows Update
26-08-2014 04:55:22 Windows Update
26-08-2014 20:07:12 Windows Update
27-08-2014 03:41:53 Windows Update
27-08-2014 11:03:58 Windows Update
27-08-2014 11:19:31 Windows Update
27-08-2014 17:48:37 Windows Update
28-08-2014 11:03:42 Windows Update
28-08-2014 12:06:41 Windows Update
28-08-2014 15:41:36 Windows Update
28-08-2014 19:15:34 Windows Update
28-08-2014 20:18:58 Windows Update
29-08-2014 08:11:48 Windows Update
29-08-2014 18:57:49 Windows Update
30-08-2014 09:36:02 Windows Update
30-08-2014 17:54:55 Windows Update
31-08-2014 09:25:08 Windows Update
31-08-2014 17:07:02 Windows Update
01-09-2014 10:50:30 Windows Update
01-09-2014 18:26:52 Windows Update
02-09-2014 18:45:20 Windows Update
03-09-2014 17:21:59 Windows Update
04-09-2014 10:50:38 Windows Update
04-09-2014 19:08:12 Windows Update
05-09-2014 10:58:22 Windows Update
05-09-2014 16:46:13 Windows Update
05-09-2014 17:28:20 Windows Update
06-09-2014 18:48:51 Windows Update
07-09-2014 05:58:34 Windows Update
07-09-2014 11:08:41 Windows Update
07-09-2014 18:05:49 Windows Update
08-09-2014 06:57:55 Windows Update
08-09-2014 07:46:53 Windows Update
08-09-2014 19:23:15 Windows Update
10-09-2014 02:00:40 Windows Update
11-09-2014 09:48:30 Windows Update
19-09-2014 18:28:52 Geplanter Prüfpunkt
24-09-2014 13:25:20 Windows Update
01-10-2014 17:52:13 Windows Update
09-10-2014 17:36:19 Geplanter Prüfpunkt
17-10-2014 10:53:55 Windows Update
28-10-2014 11:30:44 Geplanter Prüfpunkt
10-11-2014 09:42:48 Geplanter Prüfpunkt
23-11-2014 16:49:01 Windows Update
09-12-2014 12:41:10 Geplanter Prüfpunkt
11-12-2014 17:16:41 Windows Update
12-12-2014 11:19:46 Windows Update
18-12-2014 11:56:46 Windows Update
12-01-2015 17:15:48 Geplanter Prüfpunkt
13-01-2015 14:55:35 Pacchetto di compatibilità per Office System 2007 rimosso
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {206CE3E2-8524-4F1C-B7FF-CDE721B58C9E} - System32\Tasks\{B442546E-03F9-4483-BC3C-58AA2C567E8A} => C:\Program Files\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {43404FC0-9F2A-45FE-AD73-62205FC36867} - System32\Tasks\{7146788D-B689-4C90-9E0F-54F548C2E2C3} => pcalua.exe -a "C:\Users\Paulus Schwestern\Desktop\garmin_rmu_cneunt2010_30c.exe" -d "C:\Users\Paulus Schwestern\Desktop"
Task: {6D19F507-D68A-44A8-8607-57C33CAA7633} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA => C:\Users\Paulus Schwestern\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {99AE1380-A9DE-4929-ABEC-236142A35B77} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9DFC69C3-8097-41C6-B432-ED2B1334BB5C} - System32\Tasks\{EBF9F240-B55D-44CE-B449-5BF99E3F757B} => pcalua.exe -a "E:\WS_FTP Pro 6.0 GER\wsftpsup.exe" -d "E:\WS_FTP Pro 6.0 GER"
Task: {F21621DF-23FF-4F93-B32B-9B421CF7A1FE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core => C:\Users\Paulus Schwestern\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {F5C0661C-94A5-4F91-92D3-2EA7CFEE4519} - System32\Tasks\{579295C0-AD4F-418C-A9F7-C0C85BCB4C22} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {F7BF453F-D5E8-4E5E-8ECB-C7A3E9BFC313} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core.job => C:\Users\Paulus Schwestern\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job => C:\Users\Paulus Schwestern\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
1999-07-23 08:08 - 1999-07-23 08:08 - 00045568 _____ () C:\Program Files\WS_FTP Pro\nsftpch.dll
2014-04-22 18:06 - 2012-10-12 15:39 - 06622288 _____ () C:\Program Files\WS_FTP Pro\res0407.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-07-16 15:34 - 2009-07-16 15:34 - 02140944 _____ () C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 07704336 _____ () C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00968976 _____ () C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00475408 _____ () C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00363792 _____ () C:\Program Files\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00199952 _____ () C:\Program Files\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00027408 _____ () C:\Program Files\Logitech\Logitech Vid\SDL.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 11311888 _____ () C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00291600 _____ () C:\Program Files\Logitech\Logitech Vid\phonon4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00028944 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00035088 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00138000 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 00181592 _____ () C:\Program Files\Common Files\LogiShrd\LvApi11\LvApi11.dll
2010-04-11 12:45 - 2010-02-11 22:26 - 00030720 _____ () C:\Program Files\MaxUp Video Downloader\maxup.exe
2010-04-11 12:45 - 2009-11-03 13:03 - 00043008 _____ () C:\Program Files\MaxUp Video Downloader\_socket.pyd
2010-04-11 12:45 - 2009-11-03 13:03 - 00805376 _____ () C:\Program Files\MaxUp Video Downloader\_ssl.pyd
2010-04-11 12:45 - 2009-11-20 17:23 - 01169920 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtCore.pyd
2010-04-11 12:45 - 2009-10-22 19:52 - 01951744 _____ () C:\Program Files\MaxUp Video Downloader\QtCore4.dll
2010-04-11 12:45 - 2009-11-20 17:10 - 00059904 _____ () C:\Program Files\MaxUp Video Downloader\sip.pyd
2010-04-11 12:45 - 2009-11-20 17:28 - 04477952 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtGui.pyd
2010-04-11 12:45 - 2009-10-22 20:00 - 07236608 _____ () C:\Program Files\MaxUp Video Downloader\QtGui4.dll
2010-04-11 12:45 - 2009-11-20 17:29 - 00151040 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtWebKit.pyd
2010-04-11 12:45 - 2009-10-22 20:38 - 08476672 _____ () C:\Program Files\MaxUp Video Downloader\QtWebKit4.dll
2010-04-11 12:45 - 2009-10-22 20:04 - 00241664 _____ () C:\Program Files\MaxUp Video Downloader\phonon4.dll
2010-04-11 12:45 - 2009-10-22 19:53 - 00875520 _____ () C:\Program Files\MaxUp Video Downloader\QtNetwork4.dll
2010-04-11 12:45 - 2009-11-20 17:28 - 00343040 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtNetwork.pyd
2010-04-11 12:45 - 2009-11-03 12:35 - 00092160 _____ () C:\Program Files\MaxUp Video Downloader\win32api.pyd
2010-04-11 12:45 - 2009-11-03 13:04 - 00107520 _____ () C:\Program Files\MaxUp Video Downloader\pywintypes26.dll
2010-04-11 12:45 - 2009-11-03 13:04 - 00353792 _____ () C:\Program Files\MaxUp Video Downloader\pythoncom26.dll
2010-04-11 12:45 - 2009-11-03 12:43 - 00244736 _____ () C:\Program Files\MaxUp Video Downloader\win32com.shell.shell.pyd
2010-01-23 11:22 - 2014-09-12 08:20 - 00255488 _____ () C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\authority_key_identifier\search_icon.exe
2014-12-17 05:57 - 2014-12-28 09:48 - 00350208 _____ () C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\health_record.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-12-10 10:18 - 2014-12-10 10:18 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-01-13 15:18 - 2015-01-13 15:18 - 00050477 _____ () C:\Users\Paulus Schwestern\Desktop\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2950267747-3488905677-2633809525-500 - Administrator - Disabled)
Gast (S-1-5-21-2950267747-3488905677-2633809525-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2950267747-3488905677-2633809525-1005 - Limited - Enabled)
Paulus Schwestern (S-1-5-21-2950267747-3488905677-2633809525-1000 - Administrator - Enabled) => C:\Users\Paulus Schwestern
==================== Faulty Device Manager Devices =============
Name: H:\
Description: Multi-Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (01/13/2015 03:15:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17496, Zeitstempel: 0x546fddcc
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000001
ID des fehlerhaften Prozesses: 0x22d8
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (01/13/2015 03:13:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mortgage_station.exe, Version: 8.5.0.7, Zeitstempel: 0x54775874
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x8d8
Startzeit der fehlerhaften Anwendung: 0xmortgage_station.exe0
Pfad der fehlerhaften Anwendung: mortgage_station.exe1
Pfad des fehlerhaften Moduls: mortgage_station.exe2
Berichtskennung: mortgage_station.exe3
Error: (01/13/2015 03:05:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: lodctr.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc107
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7ff80050
ID des fehlerhaften Prozesses: 0x2184
Startzeit der fehlerhaften Anwendung: 0xlodctr.exe0
Pfad der fehlerhaften Anwendung: lodctr.exe1
Pfad des fehlerhaften Moduls: lodctr.exe2
Berichtskennung: lodctr.exe3
Error: (01/13/2015 03:05:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chkntfs.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bbff9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7ff80050
ID des fehlerhaften Prozesses: 0x718
Startzeit der fehlerhaften Anwendung: 0xchkntfs.exe0
Pfad der fehlerhaften Anwendung: chkntfs.exe1
Pfad des fehlerhaften Moduls: chkntfs.exe2
Berichtskennung: chkntfs.exe3
Error: (01/13/2015 03:05:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wiaacmgr.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bce11
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7ff80050
ID des fehlerhaften Prozesses: 0x1d3c
Startzeit der fehlerhaften Anwendung: 0xwiaacmgr.exe0
Pfad der fehlerhaften Anwendung: wiaacmgr.exe1
Pfad des fehlerhaften Moduls: wiaacmgr.exe2
Berichtskennung: wiaacmgr.exe3
Error: (01/13/2015 03:05:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: expand.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bbf6d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7ff80050
ID des fehlerhaften Prozesses: 0x1a44
Startzeit der fehlerhaften Anwendung: 0xexpand.exe0
Pfad der fehlerhaften Anwendung: expand.exe1
Pfad des fehlerhaften Moduls: expand.exe2
Berichtskennung: expand.exe3
Error: (01/13/2015 03:04:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475e0b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000001
ID des fehlerhaften Prozesses: 0x1c68
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (01/13/2015 03:04:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475e0b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000001
ID des fehlerhaften Prozesses: 0x304
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (01/13/2015 03:04:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475e0b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000001
ID des fehlerhaften Prozesses: 0xd1c
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (01/13/2015 03:03:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mortgage_station.exe, Version: 8.5.0.7, Zeitstempel: 0x54775874
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x10b4
Startzeit der fehlerhaften Anwendung: 0xmortgage_station.exe0
Pfad der fehlerhaften Anwendung: mortgage_station.exe1
Pfad des fehlerhaften Moduls: mortgage_station.exe2
Berichtskennung: mortgage_station.exe3
System errors:
=============
Error: (01/13/2015 03:15:08 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (01/13/2015 03:14:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/13/2015 03:14:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.
Error: (01/13/2015 03:04:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
Error: (01/13/2015 03:04:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/13/2015 03:04:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.
Error: (01/13/2015 03:03:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error: (01/13/2015 03:02:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht.
Error: (01/13/2015 02:08:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/13/2015 02:08:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.
Microsoft Office Sessions:
=========================
Error: (01/13/2015 03:15:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17496546fddccunknown0.0.0.000000000c00000050000000122d801d02f3b62ea44eeC:\Program Files\Internet Explorer\iexplore.exeunknownab61c98c-9b2e-11e4-a070-002421af38dd
Error: (01/13/2015 03:13:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mortgage_station.exe8.5.0.754775874unknown0.0.0.000000000c0000005000000008d801d02f3ae0d6ef0eC:\Users\Paulus Schwestern\AppData\Roaming\Mortgage_imagine\mortgage_station.exeunknown61b09291-9b2e-11e4-a070-002421af38dd
Error: (01/13/2015 03:05:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: lodctr.exe6.1.7600.163854a5bc107unknown0.0.0.000000000c00000057ff80050218401d02f39e518cd3aC:\Windows\system32\lodctr.exeunknown45b083e6-9b2d-11e4-afc1-002421af38dd
Error: (01/13/2015 03:05:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chkntfs.exe6.1.7600.163854a5bbff9unknown0.0.0.000000000c00000057ff8005071801d02f39df01b8d5C:\Windows\system32\chkntfs.exeunknown439479ce-9b2d-11e4-afc1-002421af38dd
Error: (01/13/2015 03:05:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wiaacmgr.exe6.1.7600.163854a5bce11unknown0.0.0.000000000c00000057ff800501d3c01d02f39de6130bcC:\Windows\system32\wiaacmgr.exeunknown404b0edc-9b2d-11e4-afc1-002421af38dd
Error: (01/13/2015 03:05:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: expand.exe6.1.7600.163854a5bbf6dunknown0.0.0.000000000c00000057ff800501a4401d02f39de786293C:\Windows\system32\expand.exeunknown3edc373d-9b2d-11e4-afc1-002421af38dd
Error: (01/13/2015 03:04:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe34.0.5.54435475e0b9unknown0.0.0.000000000c0000005000000011c6801d02f39b872663bC:\Program Files\Mozilla Firefox\firefox.exeunknown0bd359e0-9b2d-11e4-afc1-002421af38dd
Error: (01/13/2015 03:04:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe34.0.5.54435475e0b9unknown0.0.0.000000000c00000050000000130401d02f39984b7d86C:\Program Files\Mozilla Firefox\firefox.exeunknown0a29c255-9b2d-11e4-afc1-002421af38dd
Error: (01/13/2015 03:04:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe34.0.5.54435475e0b9unknown0.0.0.000000000c000000500000001d1c01d02f3997e0d346C:\Program Files\Mozilla Firefox\firefox.exeunknown08aba83d-9b2d-11e4-afc1-002421af38dd
Error: (01/13/2015 03:03:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mortgage_station.exe8.5.0.754775874unknown0.0.0.000000000c00000050000000010b401d02f395efe87acC:\Users\Paulus Schwestern\AppData\Roaming\Mortgage_imagine\mortgage_station.exeunknown01deaeaf-9b2d-11e4-afc1-002421af38dd
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 47%
Total physical RAM: 3070.18 MB
Available physical RAM: 1622.18 MB
Total Pagefile: 6138.65 MB
Available Pagefile: 4087.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1875.79 MB
==================== Drives ================================
Drive c: (COMPAQ) (Fixed) (Total:583.49 GB) (Free:468.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.67 GB) (Free:1.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=583.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
| Themen zu Windows 7: wie entferne ich Profiler.gen.ac und Win32/Matsnu.L? |
| avira, bonjour, browser, downloader, ebanking, email, entfernen, euro, firefox, flash player, google, home, homepage, iexplore.exe, langsam, mozilla, profiler.gen.ac, registry, required, rundll, scan, security, siteadvisor, software, svchost.exe, system, trojaner, win 32/matsnu.l, windows |
Baum-Darstellung