|
Log-Analyse und Auswertung: Windows 7: UPS Paketankündigungsmail bekommen und (leider) Link angeklicktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.03.2015, 13:51 | #1 |
| Windows 7: UPS Paketankündigungsmail bekommen und (leider) Link angeklickt Hallo, ich habe heute eine UPS-Paketankündigungsmail erhalten und (leider) auf den Link bzw. die angezeigte Paketnummer geklickt. Dabei wurde letztendlich eine exe-Datei ausgeführt... Auch wenn GData mir einen Virus meldete und diesen in Quarantäne schob, wurden zumindestens einige Desktop-Links verändert (diese landeten auch in Quarantäne). Der Trojaner/Virus war also aktiv, bevor er von GData entdeckt wurde und ich bin mir nicht sicher, ob noch andere Änderungen am PC erfolgten.... Hoffe mal, Ihr könnt mir weiterhelfen. Danke schon mal im Voraus!! Hier die Logfiles (leider musste ich die anderen Logs anhängen, da mein Text zu ang wurde und sich dadurch kein neues Thema erstellen liess) .... GData-Logfile: Code:
ATTFilter *** Prozess *** Prozess: 7288 Dateiname: ups_de_de_tracknum_1r63l0375986420300_2015_03_z_ectaid_ct1_eml_tracking_000390395782.exe Pfad: c:\users\jb\appdata\local\temp\temp1_ups_de_de_tracknum_1r63l0375986420300.zip\ups_de_de_tracknum_1r63l0375986420300_2015_03_z_ectaid_ct1_eml_tracking_000390395782.exe Herausgeber: Unbekannter Herausgeber Gestartet von: ups_de_de_tracknum_1r63l0375986420300_2015_03_z_ectaid_ct1_eml_tracking_000390395782.exe Herausgeber: Unbekannter Herausgeber *** Aktionen *** Das Programm hat Aktionen im Namen eines anderen Programmes ausgeführt. Es wurde auf einen fremden Prozess zugegriffen. Das Programm kann genutzt werden um beliebigen Programmcode auszuführen. Das Programm hat eine Kopie von sich selbst angelegt. Das Programm hat ein anderes Programm gestartet um sich selbst zu löschen. *** Quarantäne *** Folgende Dateien wurden in Quarantäne verschoben: C:\Users\JB\AppData\Local\Temp\10b1069a~ C:\Users\JB\AppData\Local\Temp\3907252~.bat C:\Users\JB\AppData\Local\Temp\Temp1_ups_de_DE_tracknum_1R63L0375986420300.zip\ups_de_DE_tracknum_1R63L0375986420300_2015_03_z_eCTAid_ct1_eml_Tracking_000390395782.exe c:\users\jb\appdata\local\temp\10b1069a~ c:\users\jb\appdata\local\temp\3907252~.bat c:\users\jb\appdata\local\temp\temp1_ups_de_de_tracknum_1r63l0375986420300.zip\ups_de_de_tracknum_1r63l0375986420300_2015_03_z_ectaid_ct1_eml_tracking_000390395782.exe c:\users\jb\appdata\local\temp\temp1_ups_de_de_tracknum_1r63l0375986420300.zip\ups_de_de_tracknum_1r63l0375986420300_2015_03_z_ectaid_ct1_eml_tracking_000390395782.exe:zone.identifier c:\users\jb\appdata\roaming\microsoft\msdbf7fcf46.exe c:\users\jb\appdata\roaming\microsoft\windows\recent\041000(12) heike neu postbank.xml.lnk c:\users\jb\appdata\roaming\microsoft\windows\recent\041000(20).xml.lnk c:\users\jb\appdata\roaming\microsoft\windows\recent\041001(31).xml.lnk c:\users\jb\appdata\roaming\microsoft\windows\recent\downloads.lnk c:\users\jb\appdata\roaming\microsoft\windows\recent\eigene dateien april 08 (aspireh341jb benutzerordner) (z).lnk c:\users\jb\appdata\roaming\microsoft\windows\recent\signal kv belege februar 15.xlsx.lnk c:\users\jb\appdata\roaming\microsoft\windows\recent\wiso mein geld.lnk c:\users\jb\appdata\roaming\microsoft\windows\recent\wiso_2011_datenbank.mgd.lnk Folgende Registry Einträge wurden gelöscht: YGLhLn+wcoIpJiYnmMBygmJicoLQcpJygnJy4HKCJictJ5dwKnRyQicnJga3cnJycmJigCwnJycnJgbocnJiYnJykCsW7sIK2XJykC4nLSYmJw2KcnJiYnJyoCwnKyYmJwvacpJiYnKSsCknKCYmJwjbcnJiYnJywConZ3JycvLALycnJiYnB21ygnKCYmLQKCcqJiYnCr1ycmJicnLQLicoJiYnCM9ycnJyYmJwp3JycKhycmJicnJwuHKCcoJiYnDYcnJiYnJycOhycmJicnJwaXJycnJiYnB5cnJiYnJycIlycnJyYmJw+XKCYmJygnC6kmFZY7aCgtFaY7ZykmFZY7ZycNpycmJicnJwe3JycnJiYnD7coJycnJycOxycmJicnJw/HJyKCYmJ4dwnXKCcoJiYnCtcnJycmJicI5ysg/3KScnJiYnB2gpJw8A Version der Regeln: 4.7.5 OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 64bit OS Version der dll: 40166 C:\Users\JB\AppData\Local\Temp\Temp1_ups_de_DE_tracknum_1R63L0375986420300.zip\ups_de_DE_tracknum_1R63L0375986420300_2015_03_z_eCTAid_ct1_eml_Tracking_000390395782.exe MD5: "C:\Users\JB\AppData\Local\Temp\Temp1_ups_de_DE_tracknum_1R63L0375986420300.zip\ups_de_DE_tracknum_1R63L0375986420300_2015_03_z_eCTAid_ct1_eml_Tracking_000390395782.exe" MD5: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-03-04 13:00:12 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP1T0L0-1 Samsung_SSD_840_PRO_Series rev.DXM06B0Q 238,47GB Running: ndjxpd8r.exe; Driver: C:\Users\JB\AppData\Local\Temp\pxldypoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000134900 7 bytes [00, 99, F3, FF, 41, AC, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000134908 3 bytes [00, 07, 02] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076731401 2 bytes JMP 7627b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe[2184] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076731419 2 bytes JMP 7627b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076731431 2 bytes JMP 762f8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007673144a 2 bytes CALL 762548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe[2184] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767314dd 2 bytes JMP 762f87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767314f5 2 bytes JMP 762f8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe[2184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007673150d 2 bytes JMP 762f8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076731525 2 bytes JMP 762f8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007673153d 2 bytes JMP 7626fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe[2184] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076731555 2 bytes JMP 762768ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007673156d 2 bytes JMP 762f8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076731585 2 bytes JMP 762f8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe[2184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007673159d 2 bytes JMP 762f865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767315b5 2 bytes JMP 7626fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767315cd 2 bytes JMP 7627b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767316b2 2 bytes JMP 762f8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767316bd 2 bytes JMP 762f85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076731401 2 bytes JMP 7627b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2424] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076731419 2 bytes JMP 7627b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076731431 2 bytes JMP 762f8ea9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007673144a 2 bytes CALL 762548ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2424] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767314dd 2 bytes JMP 762f87a2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767314f5 2 bytes JMP 762f8978 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007673150d 2 bytes JMP 762f8698 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076731525 2 bytes JMP 762f8a62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007673153d 2 bytes JMP 7626fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2424] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076731555 2 bytes JMP 762768ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007673156d 2 bytes JMP 762f8f61 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076731585 2 bytes JMP 762f8ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007673159d 2 bytes JMP 762f865c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767315b5 2 bytes JMP 7626fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767315cd 2 bytes JMP 7627b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767316b2 2 bytes JMP 762f8e24 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767316bd 2 bytes JMP 762f85f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076731401 2 bytes JMP 7627b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2820] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076731419 2 bytes JMP 7627b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076731431 2 bytes JMP 762f8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007673144a 2 bytes CALL 762548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2820] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767314dd 2 bytes JMP 762f87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767314f5 2 bytes JMP 762f8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2820] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007673150d 2 bytes JMP 762f8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076731525 2 bytes JMP 762f8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007673153d 2 bytes JMP 7626fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2820] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076731555 2 bytes JMP 762768ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007673156d 2 bytes JMP 762f8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076731585 2 bytes JMP 762f8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2820] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007673159d 2 bytes JMP 762f865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767315b5 2 bytes JMP 7626fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767315cd 2 bytes JMP 7627b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767316b2 2 bytes JMP 762f8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767316bd 2 bytes JMP 762f85f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000737417fa 2 bytes CALL 762511a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073741860 2 bytes CALL 762511a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073741942 2 bytes JMP 776a7089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007374194d 2 bytes JMP 776acba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076731401 2 bytes JMP 7627b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076731419 2 bytes JMP 7627b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076731431 2 bytes JMP 762f8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007673144a 2 bytes CALL 762548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767314dd 2 bytes JMP 762f87a2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767314f5 2 bytes JMP 762f8978 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007673150d 2 bytes JMP 762f8698 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076731525 2 bytes JMP 762f8a62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007673153d 2 bytes JMP 7626fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076731555 2 bytes JMP 762768ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007673156d 2 bytes JMP 762f8f61 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076731585 2 bytes JMP 762f8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007673159d 2 bytes JMP 762f865c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767315b5 2 bytes JMP 7626fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767315cd 2 bytes JMP 7627b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767316b2 2 bytes JMP 762f8e24 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767316bd 2 bytes JMP 762f85f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\vmnat.exe[3436] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 00000000666a13b0 2 bytes JMP 75675660 C:\Windows\syswow64\SHELL32.dll .text C:\Windows\SysWOW64\vmnat.exe[3436] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 00000000666a13c0 2 bytes CALL 76fe9cee C:\Windows\syswow64\msvcrt.dll .text ... * 20 .text C:\Windows\SysWOW64\vmnat.exe[3436] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 00000000666a153e 2 bytes CALL 7570777c C:\Windows\syswow64\SHELL32.dll .text C:\Windows\SysWOW64\vmnat.exe[3436] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 00000000666a1553 2 bytes CALL 762510ff C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076731401 2 bytes JMP 7627b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4044] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076731419 2 bytes JMP 7627b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076731431 2 bytes JMP 762f8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007673144a 2 bytes CALL 762548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4044] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767314dd 2 bytes JMP 762f87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767314f5 2 bytes JMP 762f8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007673150d 2 bytes JMP 762f8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076731525 2 bytes JMP 762f8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007673153d 2 bytes JMP 7626fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4044] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076731555 2 bytes JMP 762768ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007673156d 2 bytes JMP 762f8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076731585 2 bytes JMP 762f8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007673159d 2 bytes JMP 762f865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767315b5 2 bytes JMP 7626fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767315cd 2 bytes JMP 7627b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767316b2 2 bytes JMP 762f8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767316bd 2 bytes JMP 762f85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076731401 2 bytes JMP 7627b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6884] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076731419 2 bytes JMP 7627b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076731431 2 bytes JMP 762f8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007673144a 2 bytes CALL 762548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6884] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767314dd 2 bytes JMP 762f87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767314f5 2 bytes JMP 762f8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007673150d 2 bytes JMP 762f8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076731525 2 bytes JMP 762f8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007673153d 2 bytes JMP 7626fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6884] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076731555 2 bytes JMP 762768ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007673156d 2 bytes JMP 762f8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076731585 2 bytes JMP 762f8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007673159d 2 bytes JMP 762f865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767315b5 2 bytes JMP 7626fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767315cd 2 bytes JMP 7627b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767316b2 2 bytes JMP 762f8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767316bd 2 bytes JMP 762f85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Garmin\Express Tray\tray.exe[6308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076731401 2 bytes JMP 7627b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Express Tray\tray.exe[6308] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076731419 2 bytes JMP 7627b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Express Tray\tray.exe[6308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076731431 2 bytes JMP 762f8ea9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Express Tray\tray.exe[6308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007673144a 2 bytes CALL 762548ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Garmin\Express Tray\tray.exe[6308] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767314dd 2 bytes JMP 762f87a2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Express Tray\tray.exe[6308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767314f5 2 bytes JMP 762f8978 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Express Tray\tray.exe[6308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007673150d 2 bytes JMP 762f8698 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Express Tray\tray.exe[6308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076731525 2 bytes JMP 762f8a62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Express Tray\tray.exe[6308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007673153d 2 bytes JMP 7626fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Express Tray\tray.exe[6308] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076731555 2 bytes JMP 762768ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Express Tray\tray.exe[6308] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007673156d 2 bytes JMP 762f8f61 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Express Tray\tray.exe[6308] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076731585 2 bytes JMP 762f8ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Express Tray\tray.exe[6308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007673159d 2 bytes JMP 762f865c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Express Tray\tray.exe[6308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767315b5 2 bytes JMP 7626fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Express Tray\tray.exe[6308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767315cd 2 bytes JMP 7627b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Express Tray\tray.exe[6308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767316b2 2 bytes JMP 762f8e24 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Express Tray\tray.exe[6308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767316bd 2 bytes JMP 762f85f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe[3832] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000076731401 2 bytes JMP 7627b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe[3832] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000076731419 2 bytes JMP 7627b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe[3832] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000076731431 2 bytes JMP 762f8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe[3832] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007673144a 2 bytes CALL 762548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe[3832] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000767314dd 2 bytes JMP 762f87a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe[3832] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000767314f5 2 bytes JMP 762f8978 C:\Windows\syswow64\kernel32.dll .text C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe[3832] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007673150d 2 bytes JMP 762f8698 C:\Windows\syswow64\kernel32.dll .text C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe[3832] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076731525 2 bytes JMP 762f8a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe[3832] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007673153d 2 bytes JMP 7626fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe[3832] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000076731555 2 bytes JMP 762768ef C:\Windows\syswow64\kernel32.dll .text C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe[3832] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007673156d 2 bytes JMP 762f8f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe[3832] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000076731585 2 bytes JMP 762f8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe[3832] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007673159d 2 bytes JMP 762f865c C:\Windows\syswow64\kernel32.dll .text C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe[3832] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000767315b5 2 bytes JMP 7626fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe[3832] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000767315cd 2 bytes JMP 7627b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe[3832] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000767316b2 2 bytes JMP 762f8e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe[3832] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000767316bd 2 bytes JMP 762f85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076731401 2 bytes JMP 7627b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2620] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076731419 2 bytes JMP 7627b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076731431 2 bytes JMP 762f8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007673144a 2 bytes CALL 762548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2620] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767314dd 2 bytes JMP 762f87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767314f5 2 bytes JMP 762f8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007673150d 2 bytes JMP 762f8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076731525 2 bytes JMP 762f8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007673153d 2 bytes JMP 7626fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2620] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076731555 2 bytes JMP 762768ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007673156d 2 bytes JMP 762f8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076731585 2 bytes JMP 762f8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007673159d 2 bytes JMP 762f865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767315b5 2 bytes JMP 7626fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767315cd 2 bytes JMP 7627b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767316b2 2 bytes JMP 762f8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767316bd 2 bytes JMP 762f85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076731401 2 bytes JMP 7627b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe[2488] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076731419 2 bytes JMP 7627b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076731431 2 bytes JMP 762f8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007673144a 2 bytes CALL 762548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe[2488] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767314dd 2 bytes JMP 762f87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767314f5 2 bytes JMP 762f8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe[2488] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007673150d 2 bytes JMP 762f8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076731525 2 bytes JMP 762f8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007673153d 2 bytes JMP 7626fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe[2488] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076731555 2 bytes JMP 762768ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007673156d 2 bytes JMP 762f8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076731585 2 bytes JMP 762f8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe[2488] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007673159d 2 bytes JMP 762f865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767315b5 2 bytes JMP 7626fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767315cd 2 bytes JMP 7627b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767316b2 2 bytes JMP 762f8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767316bd 2 bytes JMP 762f85f1 C:\Windows\syswow64\kernel32.dll ---- Processes - GMER 2.1 ---- Library C:\Users\JB\AppData\Local\Microsoft\Windows Sidebar\Gadgets\QuadCoreUsage18.gadget\SharedMemoryReader.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [5824] (SharedMemoryReader/Orbmu2k)(2013-12-09 16:25:55) 0000000072840000 Library C:\Users\JB\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:28) 0000000072360000 Library C:\Users\JB\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000067db0000 Library C:\Users\JB\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832](2015-02-10 21:00:30) 00000000722a0000 Library C:\Users\JB\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 00000000679c0000 Library C:\Users\JB\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832] (ICU I18N DLL/The ICU Project)(2015-02-10 21:00:30) 000000004a900000 Library C:\Users\JB\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832] (ICU Common DLL/The ICU Project)(2015-02-10 21:00:30) 00000000040a0000 Library C:\Users\JB\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832] (ICU Data DLL/The ICU Project)(2015-02-10 21:00:30) 000000004ad00000 Library c:\users\jb\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnjgm2z.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832](2015-03-04 11:54:51) 0000000003b30000 Library C:\Users\JB\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 00000000677e0000 Library C:\Users\JB\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 0000000061200000 Library C:\Users\JB\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 00000000675c0000 Library C:\Users\JB\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000060fa0000 Library C:\Users\JB\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000072810000 Library C:\Users\JB\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832](2015-02-10 21:00:30) 0000000072800000 Library C:\Users\JB\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 00000000727d0000 Library C:\Users\JB\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000072210000 Library C:\Users\JB\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000069990000 Library C:\Users\JB\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832](2015-02-10 21:00:28) 00000000698b0000 Library C:\Users\JB\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe [3832](2015-02-10 21:00:28) 0000000069870000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk3\DR3 unknown MBR code ---- EOF - GMER 2.1 ---- Geändert von JoeBec (04.03.2015 um 14:03 Uhr) |
04.03.2015, 13:56 | #2 |
/// TB-Ausbilder | Windows 7: UPS Paketankündigungsmail bekommen und (leider) Link angeklickt Hallo JoeBec
__________________Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg. Wir arbeiten hier alle freiwillig und meist auch nur in unserer Freizeit. Daher kann es bei Antworten zu Verzögerungen kommen. Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist. Führe sämtliche Tools mit administrativen Rechten aus, Vista, Win7,Win8 User mit Rechtsklick "als Administrator starten". KEINE LINKS ZU SCHADSOFTWARE POSTEN ! BITTE DIE URL LÖSCHEN ! Die Logdateien nicht anhängen sondern in #-Klammern posten.
__________________ |
04.03.2015, 14:05 | #3 |
| Windows 7: UPS Paketankündigungsmail bekommen und (leider) Link angeklickt Hallo,
__________________sorry - den link habe ich gelöscht. Die logs liessen sich aber leider nicht in #-Klammern posten, da mein Text dann zu lang wird... defogger hat keine Fehlermeldung ausgegeben und daher auch kein log erstellt. Gruss, Jörg |
04.03.2015, 15:37 | #4 |
/// TB-Ausbilder | Windows 7: UPS Paketankündigungsmail bekommen und (leider) Link angeklickt Dann bitte die Logs aufteilen auf mehrere Antworten. Vereinfacht das Lesen, zudem kann nicht jeder Dateianhänge öffnen, weil z.b. an der Arbeit o.ä. ;-)
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
04.03.2015, 15:57 | #5 |
| Windows 7: UPS Paketankündigungsmail bekommen und (leider) Link angeklickt okay. dann hier die beiden anderen logfiles: FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015 Ran by JB (administrator) on JB-PC on 04-03-2015 12:46:46 Running from C:\Users\JB\Downloads Loaded Profiles: JB & postgres (Available profiles: JB & Tim & postgres) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Authentec Inc.) C:\Program Files\Protector Suite\upeksvr.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe () C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (PFU LIMITED) C:\Windows\twain_32\fjscan32\FJTWMKSV.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe () C:\Windows\SysWOW64\PnkBstrA.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe (Microsoft Corporation) C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (G DATA Software) C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Microsoft Corporation) C:\Program Files\Windows Server\Bin\WhsMcClient.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe (LaCrosse Technology) C:\Program Files (x86)\HeavyWeatherWV5\HeavyWeatherService.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (Microsoft Corporation) C:\Program Files\Windows Server\Bin\LANConfigSvc.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Authentec Inc.) C:\Program Files\Protector Suite\psqltray.exe () C:\Program Files\Rainlendar2\Rainlendar2.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\ScanToPCActivationApp.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\tray.exe (Dropbox, Inc.) C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\HPNetworkCommunicatorCom.exe (G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-10] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Launchpad] => C:\Program Files\Windows Server\Bin\Launchpad.exe [1099360 2012-11-02] (Microsoft Corporation) HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation) HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite\launcher.exe [85320 2012-02-13] (Authentec Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\totalprotection\avkkid\avkcks.exe,C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe, Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (Authentec Inc.) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-4163750108-508488768-3939969033-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [4411488 2014-03-16] () HKU\S-1-5-21-4163750108-508488768-3939969033-1000\...\Run: [HP Officejet Pro 276dw MFP (NET)] => C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.) HKU\S-1-5-21-4163750108-508488768-3939969033-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [707416 2015-03-02] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-4163750108-508488768-3939969033-1000\...\Run: [msdbf7fcf46.exe] => "C:\Users\JB\AppData\Roaming\Microsoft\msdbf7fcf46.exe" IFEO\gladinetclient.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\gladlauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\gtaskmmc.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\lifecam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\paragon extfs for windows.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\woshiddenlauncher32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll Startup: C:\Users\JB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll (Gladinet, INC) ShellIconOverlayIdentifiers: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll (Gladinet, INC) ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite\farchns.dll (Authentec Inc.) ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite\farchns.dll (Authentec Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll (Gladinet, INC) ShellIconOverlayIdentifiers-x32: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll (Gladinet, INC) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4163750108-508488768-3939969033-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4163750108-508488768-3939969033-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4163750108-508488768-3939969033-1010 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: CBAbzockschutz.InitToolbarBHO -> {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDFViewer\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Create 8\Bin\GZeonIEFavClient.dll (Zeon Corporation) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Create 8\Bin\GZeonIEFavClient.dll (Zeon Corporation) DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} hxxp://192.168.178.32/aplugLiteDL.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\JB\AppData\Roaming\Mozilla\Firefox\Profiles\8l7plzzj.default-1417879077939 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDFViewer\bin\nppdf.dll (Zeon Corporation) FF Plugin HKU\S-1-5-21-4163750108-508488768-3939969033-1000: @citrixonline.com/appdetectorplugin -> C:\Users\JB\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKU\S-1-5-21-4163750108-508488768-3939969033-1000: @tools.google.com/Google Update;version=3 -> C:\Users\JB\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-4163750108-508488768-3939969033-1000: @tools.google.com/Google Update;version=9 -> C:\Users\JB\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-4163750108-508488768-3939969033-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF Plugin HKU\S-1-5-21-4163750108-508488768-3939969033-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF Extension: Adblock Plus - C:\Users\JB\AppData\Roaming\Mozilla\Firefox\Profiles\8l7plzzj.default-1417879077939\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-26] FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi FF Extension: No Name - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18] Chrome: ======= CHR Profile: C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-09] CHR Extension: (Google Docs) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-09] CHR Extension: (Google Drive) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-09] CHR Extension: (YouTube) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-09] CHR Extension: (Google Cast) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-09] CHR Extension: (Google Search) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-09] CHR Extension: (Google Sheets) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-09] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-02-10] CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2015-01-09] CHR Extension: (Google Wallet) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-09] CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2015-01-09] CHR Extension: (Gmail) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-09] CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18] CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-02-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe [2683760 2014-05-20] (G Data Software AG) R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Berlin) R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Berlin) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [242664 2012-05-09] (CyberLink) R2 DiskBoss Service; C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe [114688 2014-07-23] () [File not signed] R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2013-08-13] () [File not signed] R2 FJTWMKSV; C:\Windows\twain_32\fjscan32\FJTWMKSV.exe [36864 2011-07-20] (PFU LIMITED) [File not signed] R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [693256 2015-03-02] (Garmin Ltd. or its subsidiaries) R2 GDBackupSvc; C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [3844216 2014-08-21] (G Data Software AG) R3 GDFwSvc; C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG) S3 GDTunerSvc; C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [1637496 2014-05-28] (G Data Software AG) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation) S4 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [30032 2013-03-22] (Gladinet, INC) R2 HealthAlertsSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed] S2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed] R2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation) R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Berlin) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-04-05] (Nuance Communications, Inc.) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-11] () R2 postgresql-x64-9.0; C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe [111104 2012-09-21] (PostgreSQL Global Development Group) [File not signed] R2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [41568 2012-11-02] (Microsoft Corporation) R2 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 TSNxGService; C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe [255608 2014-07-01] (G DATA Software) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) R2 WV5Communication; C:\Program Files (x86)\HeavyWeatherWV5\HeavyWeatherService.exe [1843712 2011-01-18] (LaCrosse Technology) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [237056 2010-03-24] (AVEO Corp) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2013-08-13] (Windows (R) Win 7 DDK provider) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed] S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed] S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed] R2 Ext2Fsd; C:\Windows\system32\Drivers\Ext2Fsd.sys [771224 2014-08-26] (www.ext2fsd.com) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-06-27] (G Data Software AG) R3 gddcd; C:\Windows\system32\drivers\gddcd64.sys [79872 2014-10-13] (G Data Software AG) R1 gddcv; C:\Windows\system32\drivers\gddcv64.sys [59904 2014-10-13] (G Data Software AG) R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-10-28] (G Data Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-08-12] (G Data Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-06-27] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-03-04] (G Data Software AG) R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-04-04] (G Data Software) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-06-27] (G Data Software AG) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-03-21] (Intel Corporation) R1 networx; C:\Windows\System32\drivers\networx.sys [60408 2014-08-01] (NetFilterSDK.com) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation) R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin) R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2013-12-04] (Audials AG) S3 SaiHFFB5; C:\Windows\System32\DRIVERS\SaiHFFB5.sys [171144 2007-05-01] (Saitek) S3 SaiIFFB5; C:\Windows\System32\DRIVERS\SaiIFFB5.sys [20608 2007-05-01] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek) S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated) R3 TcUsb; C:\Windows\System32\Drivers\tcusb.sys [63304 2011-08-19] (AuthenTec, Inc.) R0 TS4NT; C:\Windows\System32\Drivers\TS4nt.sys [98760 2015-03-04] (G Data Software) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116744 2015-02-12] (Oracle Corporation) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-04 12:44 - 2015-03-04 12:44 - 00001971 _____ () C:\Users\Public\Desktop\G DATA TOTAL PROTECTION.lnk 2015-03-04 12:44 - 2015-03-04 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA TOTAL PROTECTION 2015-03-04 12:36 - 2015-03-04 12:46 - 00032838 _____ () C:\Users\JB\Downloads\FRST.txt 2015-03-04 12:36 - 2015-03-04 12:37 - 00074072 _____ () C:\Users\JB\Downloads\Addition.txt 2015-03-04 12:35 - 2015-03-04 12:46 - 00000000 ____D () C:\FRST 2015-03-04 12:35 - 2015-03-04 12:35 - 02092544 _____ (Farbar) C:\Users\JB\Downloads\FRST64.exe 2015-03-04 12:33 - 2015-03-04 12:33 - 00050477 _____ () C:\Users\JB\Downloads\Defogger.exe 2015-03-04 12:33 - 2015-03-04 12:33 - 00000466 _____ () C:\Users\JB\Downloads\defogger_disable.log 2015-03-04 12:33 - 2015-03-04 12:33 - 00000000 _____ () C:\Users\JB\defogger_reenable 2015-03-04 10:13 - 2015-03-04 10:13 - 00011281 _____ () C:\Users\JB\Downloads\041001(31).xml 2015-03-04 10:09 - 2015-03-04 10:09 - 00001727 _____ () C:\Users\JB\Downloads\041000(20).xml 2015-03-04 09:17 - 2015-03-04 09:17 - 00000000 ____D () C:\Users\JB\AppData\Local\Garmin_Ltd._or_its_subsid 2015-03-04 09:17 - 2015-03-04 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2015-03-03 20:43 - 2015-03-03 20:43 - 00001969 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2015-03-03 20:42 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2015-03-03 20:42 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2015-03-03 20:41 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll 2015-03-03 20:06 - 2015-03-03 20:06 - 01203488 _____ () C:\Users\JB\Downloads\Samsung Kies - CHIP-Installer.exe 2015-03-03 14:22 - 2015-03-03 14:22 - 00003230 _____ () C:\Users\JB\Documents\paprika.ods 2015-03-02 10:44 - 2015-03-02 10:44 - 00001847 _____ () C:\Users\JB\Downloads\gp-cam-feed_0.4_all(1).rar 2015-03-01 19:21 - 2015-03-01 19:21 - 02126848 _____ () C:\Users\JB\Downloads\adwcleaner_4.111(1).exe 2015-03-01 19:19 - 2015-03-01 19:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-01 19:19 - 2015-03-01 19:19 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-01 19:19 - 2015-03-01 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-01 19:19 - 2015-03-01 19:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-01 19:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-01 19:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-01 19:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-01 19:18 - 2015-03-01 19:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\JB\Downloads\mbam-setup-2.0.4.1028.exe 2015-03-01 17:24 - 2015-03-01 17:24 - 02126848 _____ () C:\Users\JB\Downloads\adwcleaner_4.111.exe 2015-03-01 16:18 - 2015-03-01 16:18 - 00000513 _____ () C:\Users\JB\AppData\Roaming\Microsoft\Windows\Start Menu\SM.de - Die SuchMaschine.website 2015-02-28 22:23 - 2015-02-28 22:24 - 45193696 _____ () C:\Users\JB\Downloads\release-dm800-3.2.4(1).nfi 2015-02-26 17:58 - 2015-02-26 17:58 - 00004580 _____ () C:\Users\JB\Downloads\g3wizard_0.28-r0_all.ipk 2015-02-25 19:56 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-25 19:56 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-25 19:56 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-25 19:56 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-02-25 18:23 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 18:23 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-25 12:41 - 2015-02-25 12:41 - 00017998 _____ () C:\Users\JB\Downloads\flashexpander_0.31-r2_all.ipk 2015-02-23 08:57 - 2015-02-23 08:58 - 57578992 _____ () C:\Users\JB\Downloads\dreambox-image-dm800-20150105.nfi 2015-02-23 08:50 - 2015-02-23 08:50 - 00149488 _____ () C:\Users\JB\Downloads\secondstage-dm800-84.nfi 2015-02-22 20:27 - 2015-02-22 20:27 - 00000000 ____D () C:\library_uniteddiversity_coop 2015-02-22 19:24 - 2015-02-22 19:24 - 00000796 _____ () C:\Users\JB\Desktop\HTTrack Website Copier.lnk 2015-02-22 19:22 - 2015-02-22 19:23 - 04464640 _____ (HTTrack ) C:\Users\JB\Downloads\httrack_x64-3.48.19.exe 2015-02-22 19:21 - 2015-02-22 19:21 - 05009656 _____ () C:\Users\JB\Downloads\httrack_x64-noinst-3.48.19.zip 2015-02-19 17:48 - 2015-02-20 08:31 - 00000000 ____D () C:\Program Files (x86)\altes Firefox 2015-02-19 17:40 - 2015-02-19 17:42 - 00000000 ____D () C:\Users\JB\Downloads\FirefoxPortable 2015-02-17 11:34 - 2015-02-17 11:34 - 00002047 _____ () C:\Users\JB\Desktop\VirusTotal Uploader 2.0.lnk 2015-02-17 11:34 - 2015-02-17 11:34 - 00000000 ____D () C:\Users\JB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0 2015-02-17 11:34 - 2015-02-17 11:34 - 00000000 ____D () C:\Program Files (x86)\VirusTotalUploader2 2015-02-16 21:18 - 2015-02-16 21:18 - 00000000 ____D () C:\Users\JB\AppData\Local\Garmin 2015-02-16 21:17 - 2015-03-04 09:17 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask 2015-02-16 21:17 - 2015-03-04 09:17 - 00001890 _____ () C:\Users\Public\Desktop\Garmin Express.lnk 2015-02-16 21:17 - 2015-03-04 09:17 - 00000000 ____D () C:\ProgramData\Garmin 2015-02-16 21:17 - 2015-03-04 09:17 - 00000000 ____D () C:\Program Files (x86)\Garmin 2015-02-16 21:17 - 2015-02-16 21:20 - 00000000 ____D () C:\Users\JB\AppData\Roaming\Garmin 2015-02-15 21:32 - 2015-02-15 21:32 - 00000000 ____D () C:\Users\JB\Downloads\tools_v6.1.0 2015-02-15 21:27 - 2015-02-15 21:27 - 01798638 _____ () C:\Users\JB\Downloads\tools_v6.1.0.zip 2015-02-15 21:17 - 2015-02-15 21:17 - 00001036 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk 2015-02-15 21:17 - 2015-02-15 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2015-02-15 21:17 - 2015-02-12 16:54 - 00921144 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2015-02-15 21:17 - 2015-02-12 16:53 - 00128592 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2015-02-15 16:53 - 2015-02-15 17:24 - 2146169532 _____ () C:\Users\JB\Downloads\Die_lange_Stunksitzung_2015_15.02.15_00-15_wdr_180_TVOON_DE.mpg.avi 2015-02-15 12:26 - 2015-02-15 12:26 - 00011280 _____ () C:\Users\JB\Downloads\041001(30).xml 2015-02-15 12:19 - 2015-02-15 12:19 - 00001710 _____ () C:\Users\JB\Downloads\041000(19).xml 2015-02-15 12:18 - 2015-02-15 12:18 - 00013398 _____ () C:\Users\JB\Downloads\041001(29).xml 2015-02-15 12:07 - 2015-02-15 12:07 - 00013398 _____ () C:\Users\JB\Downloads\041001(28).xml 2015-02-15 11:52 - 2015-02-15 11:52 - 00001563 _____ () C:\Users\JB\Downloads\041000(18).xml 2015-02-14 16:32 - 2015-02-14 16:32 - 00002095 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2015.lnk 2015-02-14 16:30 - 2015-02-14 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015 2015-02-14 16:29 - 2015-02-14 16:29 - 00000000 ____D () C:\Program Files (x86)\WISO 2015-02-14 16:04 - 2015-02-14 16:16 - 00000000 ____D () C:\Users\JB\Desktop\WISO Steuer-Sparbuch 2015 2015-02-14 14:20 - 2015-02-14 14:20 - 00003025 _____ () C:\Users\JB\Desktop\DVR-Studio HD 3.lnk 2015-02-14 14:20 - 2015-02-14 14:20 - 00000000 ____D () C:\Users\JB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVR-Studio HD 3 2015-02-13 14:01 - 2015-02-13 14:01 - 00029084 _____ () C:\Users\JB\Downloads\enigma2-plugin-systemplugins-nfiflash_2.6git20090628-r1_mipsel.ipk 2015-02-12 22:06 - 2015-02-19 17:54 - 00000000 ____D () C:\Users\JB\AppData\Roaming\Opera Software 2015-02-12 22:06 - 2015-02-19 17:54 - 00000000 ____D () C:\Users\JB\AppData\Local\Opera Software 2015-02-12 22:05 - 2015-02-19 17:55 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-02-12 22:05 - 2015-02-12 22:05 - 00713176 _____ (Opera Software) C:\Users\JB\Downloads\Opera_NI_stable.exe 2015-02-12 21:44 - 2015-02-12 21:44 - 00000000 ____D () C:\Users\JB\Documents\DM800_cccam 2015-02-12 21:42 - 2015-02-12 21:43 - 45193696 _____ () C:\Users\JB\Downloads\release-dm800-3.2.4.nfi 2015-02-12 16:53 - 2015-02-12 16:53 - 00204264 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll 2015-02-12 16:53 - 2015-02-12 16:53 - 00156360 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys 2015-02-12 16:53 - 2015-02-12 16:53 - 00141440 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys 2015-02-12 16:53 - 2015-02-12 16:53 - 00116744 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSB.sys 2015-02-12 10:50 - 2015-02-12 10:50 - 00928690 _____ () C:\Users\JB\Downloads\DreamUP133_11.zip 2015-02-12 08:48 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-02-12 08:48 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-12 08:48 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-02-12 08:48 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-11 08:48 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 08:48 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 08:48 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 08:48 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 08:48 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 08:48 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 08:48 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 08:48 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 08:48 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 08:48 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-11 08:48 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 08:48 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-11 08:48 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-11 08:48 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-11 08:48 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-11 08:48 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-11 08:48 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 08:48 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-11 08:48 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 08:48 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-02-11 08:48 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-02-11 08:48 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-02-11 08:48 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 08:48 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-02-11 08:48 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 08:48 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 08:48 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 08:48 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 08:48 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 08:48 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 08:48 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 08:48 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 08:48 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-02-11 08:48 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-02-11 08:48 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 08:48 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 08:48 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-02-11 08:48 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 08:48 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 08:48 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-02-11 08:48 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 08:48 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-11 08:48 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-02-11 08:48 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 08:48 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-02-11 08:48 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-02-11 08:48 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 08:48 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-02-11 08:48 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 08:48 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-02-11 08:48 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 08:48 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-02-11 08:48 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-02-11 08:48 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 08:48 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 08:48 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 08:48 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-02-11 08:48 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-02-11 08:48 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-02-11 08:48 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-02-11 08:48 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 08:48 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 08:48 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 08:48 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-02-11 08:48 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 08:48 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 08:48 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-02-11 08:48 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-02-11 08:48 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-02-11 08:48 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-02-11 08:48 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 08:48 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 08:48 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 08:48 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-02-11 08:48 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 08:48 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 08:48 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 08:48 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 08:48 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 08:48 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 08:48 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-02-11 08:48 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 08:48 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-02-11 08:48 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-02-11 08:48 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-02-11 08:48 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-02-11 08:48 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-02-11 08:48 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-02-11 08:48 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-02-11 08:48 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-11 08:48 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-02-11 08:48 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-02-11 08:48 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-02-11 08:48 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-02-11 08:48 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-11 08:48 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-02-11 08:48 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 08:48 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 08:48 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 08:48 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 08:47 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 08:47 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-02-11 08:47 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-02-11 08:47 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-02-11 08:47 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-11 08:47 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-11 08:47 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-02-11 08:47 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-09 20:54 - 2015-02-09 20:54 - 00000216 _____ () C:\Users\JB\Desktop\Dreambox WebControl.URL 2015-02-04 20:23 - 2015-02-04 20:23 - 00002139 _____ () C:\Users\Public\Desktop\Google Earth Pro.lnk 2015-02-04 20:23 - 2015-02-04 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro 2015-02-04 20:22 - 2015-02-04 20:22 - 00880784 _____ (Google Inc.) C:\Users\JB\Downloads\GoogleEarthProSetup.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-04 12:45 - 2015-01-09 23:16 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-04 12:45 - 2014-10-20 07:35 - 00187298 _____ () C:\Windows\setupact.log 2015-03-04 12:45 - 2014-05-16 09:41 - 00000000 ____D () C:\ProgramData\VMware 2015-03-04 12:45 - 2014-01-12 20:34 - 00000000 ___RD () C:\Users\JB\Dropbox 2015-03-04 12:45 - 2014-01-12 20:18 - 00000000 ____D () C:\Users\JB\AppData\Roaming\Dropbox 2015-03-04 12:45 - 2013-02-04 18:20 - 00000000 ____D () C:\Users\JB\.rainlendar2 2015-03-04 12:45 - 2013-02-04 16:50 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-04 12:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-04 12:44 - 2013-02-04 16:42 - 01521436 _____ () C:\Windows\WindowsUpdate.log 2015-03-04 12:44 - 2009-07-14 05:45 - 00031200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-04 12:44 - 2009-07-14 05:45 - 00031200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-04 12:43 - 2014-10-28 08:41 - 00004114 _____ () C:\Windows\DPINST.LOG 2015-03-04 12:43 - 2013-02-04 18:06 - 00098760 _____ (G Data Software) C:\Windows\system32\Drivers\TS4nt.sys 2015-03-04 12:43 - 2013-02-04 18:06 - 00064512 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys 2015-03-04 12:33 - 2012-09-02 08:02 - 00000000 ____D () C:\Users\JB 2015-03-04 12:32 - 2015-01-09 23:19 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4163750108-508488768-3939969033-1000UA.job 2015-03-04 12:30 - 2013-08-19 13:27 - 00001039 _____ () C:\ProgramData\currdat.lst.tmp 2015-03-04 12:30 - 2013-08-19 13:27 - 00001039 _____ () C:\ProgramData\currdat.lst 2015-03-04 12:29 - 2013-06-19 05:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-04 12:27 - 2015-01-09 23:16 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-04 12:24 - 2013-02-05 01:35 - 00702138 _____ () C:\Windows\system32\perfh007.dat 2015-03-04 12:24 - 2013-02-05 01:35 - 00150804 _____ () C:\Windows\system32\perfc007.dat 2015-03-04 12:24 - 2009-07-14 06:13 - 01628890 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-04 12:17 - 2014-01-20 14:32 - 00000000 ____D () C:\Users\postgres 2015-03-04 12:16 - 2013-02-04 18:24 - 00000000 ____D () C:\Users\JB\AppData\Roaming\KeePass 2015-03-04 12:14 - 2014-03-05 13:53 - 00000600 _____ () C:\Users\JB\AppData\Roaming\winscp.rnd 2015-03-04 11:32 - 2015-01-09 23:19 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4163750108-508488768-3939969033-1000Core.job 2015-03-04 10:00 - 2013-02-04 19:41 - 00000000 ____D () C:\WISO Mein Geld 2015-03-04 09:17 - 2014-02-11 13:05 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-03 20:41 - 2013-11-24 19:59 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-03-03 13:24 - 2013-02-05 09:56 - 00000000 ____D () C:\Users\JB\AppData\Local\FRITZ! 2015-03-03 08:50 - 2013-02-04 18:14 - 00098526 _____ () C:\Users\JB\Documents\JB_passwords.kdbx 2015-03-03 08:28 - 2014-10-20 07:35 - 00057110 _____ () C:\Windows\PFRO.log 2015-03-02 10:05 - 2013-02-05 10:17 - 00000000 ____D () C:\Users\JB\AppData\Roaming\HpUpdate 2015-03-01 19:34 - 2014-03-24 10:52 - 00000000 ____D () C:\AdwCleaner 2015-03-01 19:19 - 2014-03-24 10:45 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-01 15:07 - 2013-02-04 18:41 - 00000000 ____D () C:\temp 2015-02-28 19:53 - 2013-02-16 17:54 - 00000000 ____D () C:\Users\JB\AppData\Local\Nero 2015-02-28 15:14 - 2013-02-14 11:41 - 00000000 ____D () C:\Users\JB\AppData\Roaming\.oit 2015-02-28 12:40 - 2013-02-14 11:17 - 00000000 ____D () C:\Users\JB\.VirtualBox 2015-02-28 11:26 - 2013-02-14 10:57 - 00000000 ____D () C:\ProgramData\TEMP 2015-02-27 22:50 - 2014-05-24 19:53 - 00000000 ____D () C:\Users\JB\AppData\Roaming\vlc 2015-02-26 22:22 - 2014-04-11 20:01 - 00000000 ____D () C:\Users\JB\AppData\Local\QuickPar 2015-02-26 08:29 - 2015-01-09 23:16 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-26 08:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-02-25 14:49 - 2015-01-26 20:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-02-25 14:49 - 2013-04-03 10:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-24 16:38 - 2013-06-22 17:26 - 00000000 ____D () C:\Users\Tim\.rainlendar2 2015-02-24 16:38 - 2013-05-29 13:25 - 00127424 _____ () C:\Users\Tim\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-22 19:24 - 2013-12-18 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack 2015-02-22 19:24 - 2013-12-18 12:25 - 00000000 ____D () C:\Program Files\WinHTTrack 2015-02-21 12:34 - 2014-03-11 10:33 - 00000000 ____D () C:\Users\JB\Documents\My Kindle Content 2015-02-19 17:48 - 2013-04-03 10:07 - 00000000 ____D () C:\Users\JB\AppData\Roaming\Mozilla 2015-02-17 11:03 - 2014-01-20 20:58 - 00000000 ____D () C:\Users\JB\Desktop\hydroponic 2015-02-16 21:17 - 2013-03-11 10:06 - 00000000 ____D () C:\Program Files\DIFX 2015-02-15 21:58 - 2013-02-16 20:12 - 00000000 ____D () C:\Users\JB\AppData\Roaming\calibre 2015-02-15 21:21 - 2013-02-16 20:12 - 00000890 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2015-02-15 21:21 - 2013-02-16 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2015-02-15 21:21 - 2013-02-16 20:12 - 00000000 ____D () C:\Program Files\Calibre2 2015-02-15 11:40 - 2009-07-14 05:45 - 00465416 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-14 16:32 - 2013-02-21 15:20 - 00000638 _____ () C:\Windows\wiso.ini 2015-02-14 16:32 - 2013-02-21 15:20 - 00000000 ____D () C:\Users\JB\AppData\Local\Buhl 2015-02-14 16:32 - 2013-02-04 18:39 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH 2015-02-14 16:30 - 2013-02-04 16:55 - 00127424 _____ () C:\Users\JB\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-14 16:29 - 2013-02-04 16:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-14 14:20 - 2013-05-19 17:51 - 00000000 ____D () C:\Program Files (x86)\DVR-STUDIO HD 3 2015-02-13 10:12 - 2013-04-08 12:16 - 00000000 ____D () C:\Users\JB\AppData\Local\Apple Computer 2015-02-13 10:12 - 2013-02-15 08:59 - 00000000 ____D () C:\Users\JB\AppData\Roaming\Apple Computer 2015-02-13 09:01 - 2014-12-10 11:38 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-13 09:01 - 2014-05-06 21:14 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-12 10:50 - 2013-07-17 15:18 - 00936448 _____ (Dream Multimedia TV) C:\Users\JB\Downloads\DreamUP_1_3_3_11.exe 2015-02-12 08:46 - 2014-01-12 20:18 - 00000000 ____D () C:\Users\JB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-02-12 08:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-02-11 22:48 - 2013-02-07 12:03 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-11 22:45 - 2013-08-15 15:55 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-11 22:45 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini 2015-02-11 22:41 - 2013-02-04 17:11 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-10 15:46 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-09 20:20 - 2013-04-04 14:11 - 00000000 ____D () C:\Users\JB\BWINCOMPokerDir 2015-02-07 11:27 - 2015-01-09 23:19 - 00004072 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4163750108-508488768-3939969033-1000UA 2015-02-07 11:27 - 2015-01-09 23:19 - 00003676 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4163750108-508488768-3939969033-1000Core 2015-02-06 13:22 - 2015-01-09 23:16 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-06 13:22 - 2015-01-09 23:16 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-05 18:34 - 2013-06-19 05:55 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-05 18:34 - 2013-02-04 17:53 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 18:34 - 2013-02-04 17:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-05 12:11 - 2013-03-11 10:20 - 00000000 ____D () C:\Users\JB\Documents\Eigene PaperPort-Dokumente 2015-02-04 20:23 - 2015-01-09 23:16 - 00000000 ____D () C:\Program Files (x86)\Google ==================== Files in the root of some directories ======= 2013-09-27 14:24 - 2005-12-09 03:52 - 0000060 ____R () C:\Program Files (x86)\BRINST.INI 2013-08-27 12:40 - 2013-08-27 12:42 - 0000159 ____H () C:\Users\JB\AppData\Roaming\eSReg.ini 2014-03-05 13:53 - 2015-03-04 12:14 - 0000600 _____ () C:\Users\JB\AppData\Roaming\winscp.rnd 2014-03-26 11:13 - 2014-12-08 13:02 - 0186304 _____ () C:\Users\JB\AppData\Local\ars.cache 2014-03-26 11:13 - 2014-12-08 16:48 - 0460091 _____ () C:\Users\JB\AppData\Local\census.cache 2013-02-25 12:45 - 2014-12-15 22:20 - 0051712 _____ () C:\Users\JB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-26 10:03 - 2014-03-26 10:03 - 0000036 _____ () C:\Users\JB\AppData\Local\housecall.guid.cache 2014-01-19 16:39 - 2014-01-21 09:50 - 0000128 _____ () C:\Users\JB\AppData\Local\MagicHoldem_SettingsPath.txt 2014-02-05 11:03 - 2014-02-05 11:03 - 0000041 _____ () C:\ProgramData\.SimImages 2014-12-15 22:19 - 2014-12-15 22:19 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-08-19 13:27 - 2015-03-04 12:30 - 0001039 _____ () C:\ProgramData\currdat.lst 2013-08-19 13:27 - 2015-03-04 12:30 - 0001039 _____ () C:\ProgramData\currdat.lst.tmp 2014-01-20 14:27 - 2014-01-20 14:27 - 0005052 _____ () C:\ProgramData\flwjycbm.bab 2013-08-19 12:58 - 2013-08-19 12:58 - 10485760 _____ () C:\ProgramData\WV5DataStore Files to move or delete: ==================== C:\Users\JB\AutoRun.exe C:\Users\JB\Runner.exe Some content of TEMP: ==================== C:\Users\JB\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplxj_me.dll C:\Users\JB\AppData\Local\Temp\Execute2App.exe C:\Users\JB\AppData\Local\Temp\Kies3RemoveAll.exe C:\Users\JB\AppData\Local\Temp\msvcp90.dll C:\Users\JB\AppData\Local\Temp\msvcr90.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2013-12-13 11:56 ==================== End Of Log ============================ |
04.03.2015, 16:02 | #6 |
| Windows 7: UPS Paketankündigungsmail bekommen und (leider) Link angeklickt und das Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015 Ran by JB at 2015-03-04 12:36:41 Running from C:\Users\JB\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: G DATA TOTAL PROTECTION (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0} AS: G DATA TOTAL PROTECTION (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.01) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated) AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design) Amazon Cloud Player (HKU\S-1-5-21-4163750108-508488768-3939969033-1000\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC) Amazon Kindle (HKU\S-1-5-21-4163750108-508488768-3939969033-1000\...\Amazon Kindle) (Version: - Amazon) Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC) Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3.2 - Angry IP Scanner) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audials (HKLM-x32\...\{9DDE35B3-AAD2-496F-84F0-66F66FCC49F7}) (Version: 11.0.46200.0 - Audials AG) AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2003254526.48.56.38212986 - Audible, Inc.) avi.NET 3.5.1.0 (HKLM-x32\...\avi.NET 3.5.1.0) (Version: - ) AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin) Badaboom 2.0 (HKLM-x32\...\Badaboom2) (Version: 2.0 - Elemental Technologies) Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team) BOINC (HKLM\...\{D0183F8F-46BB-409F-9CD7-FB43F1A4279B}) (Version: 7.2.42 - Space Sciences Laboratory, U.C. Berkeley) Bouquet Editor Suite v1.22 Uninstall (HKLM-x32\...\Bouquet Editor Suite_is1) (Version: 1.2.2.0 - ) Brother Driver Deployment Wizard (HKLM-x32\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother) bwin Poker (HKLM-x32\...\bwincomPoker) (Version: - bwincom) calibre 64bit (HKLM\...\{5E838BAE-E05B-418D-ABBC-56C222E77435}) (Version: 2.19.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform) CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.34 - Abelssoft) ChromecastApp (HKU\S-1-5-21-4163750108-508488768-3939969033-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.) Citrix Online Launcher (HKLM-x32\...\{3318B54A-B5A8-49B1-8016-753DC6CAC63B}) (Version: 1.0.110 - Citrix) CM Installer (HKLM-x32\...\{681544C2-FFA2-4CFD-A9AD-2A3D25DF8D22}) (Version: 1.0.0.0 - Cyanogen Inc.) COMPUTERBILD-Abzockschutz (HKLM-x32\...\{AB592087-78A7-424D-A81F-98A922942F73}) (Version: 1.0.52 - J3S) COOLINGTECH SOFTWARE R&D CENTER (HKLM-x32\...\{99F9C248-7881-4F4B-8FA4-216F05287A9F}) (Version: 1.0.0.0 - COOLINGTECH SOFTWARE R&D CENTER) CoolingTech version 2.0 (HKLM-x32\...\{9D9DC4E4-BFFA-491B-9A25-25FBE27DF5A0}_is1) (Version: 2.0 - CoolingTech) CrystalDiskInfo 5.3.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.3.1 - Crystal Dew World) CyberLink BD_3D Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.5425 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.3402_45529 - CyberLink Corp.) CyberLink PowerProducer 5.5 (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.5.3.4118 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) DiskBoss 4.8.32 (HKLM-x32\...\DiskBoss) (Version: 4.8.32 - Flexense Computing Systems Ltd.) DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.2 - DivX, Inc.) DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC) Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.00.100 - Nuance Communications Inc.) DreamBoxEdit -- The one and only settings editor for your Dreambox (HKLM-x32\...\DreamBoxEdit) (Version: - ) Dropbox (HKU\S-1-5-21-4163750108-508488768-3939969033-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.) Duke Nukem Forever (HKLM-x32\...\Steam App 57900) (Version: - Gearbox Software) DVR-Studio HD 3 (HKLM-x32\...\{E93B2BED-6583-4847-BBFD-A60C00508E91}) (Version: 3.0 - Haenlein-Software) DVR-Transfer Dreambox (HKLM-x32\...\{BD60F72E-3F2F-4AE1-9C41-3CF75B2CA59A}) (Version: - Haenlein Software) EaseUS Partition Master 10.1 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS) Emsisoft HiJackFree 4.5 (HKLM-x32\...\Emsisoft HiJackFree_is1) (Version: 4.5 - Emsi Software GmbH) ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) Ext2Fsd 0.53 (HKLM\...\Ext2Fsd_is1) (Version: 0.53 - Matt Wu) Folderico 4.0 RC12 (HKLM-x32\...\Folderico) (Version: 4.0 RC12 - Shedko ( www.softq.org )) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Free Download Manager 3.9.3 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG) Free Video to Samsung Phones Converter version 5.0.28.827 (HKLM-x32\...\Free Video to Samsung Phones Converter_is1) (Version: 5.0.28.827 - DVDVideoSoft Ltd.) Free YouTube Download version 3.2.11.812 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.11.812 - DVDVideoSoft Ltd.) FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski) FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin) FRITZ!Fernzugang (HKLM\...\{5001E5BC-C9BF-4598-AB89-E7318C76C5F4}) (Version: 1.2.6 - AVM Berlin) FRITZ!Fernzugang (HKLM\...\{DD57CC22-8864-4CCA-94D4-600D024C1207}) (Version: 1.3.1 - AVM Berlin) FUJITSU Scanner USB HotFix (HKLM-x32\...\{F7FFF37F-DB74-408C-840F-BD8B8E955B5B}) (Version: 1.00.0000 - PFU) G DATA TOTAL PROTECTION (HKLM-x32\...\{6715BEB5-01F1-41AC-B44B-0A78CD50C433}) (Version: 25.0.2.3 - G DATA Software AG) Garmin Express (HKLM-x32\...\{c222089d-e1b2-4e0e-876b-b8d197333598}) (Version: 4.0.6.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.0.6.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.0.6.0 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.74 - Google Inc.) Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden GoToMeeting 5.7.0.1172 (HKU\S-1-5-21-4163750108-508488768-3939969033-1000\...\GoToMeeting) (Version: 5.7.0.1172 - CitrixOnline) HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - ) Heavy Weather Pro WS 2800 EU (HKLM-x32\...\Heavy Weather Pro WS 2800_is1) (Version: - LaCrosse Technology EU) Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod) herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.) HomeMatic Config (x32 Version: 1.506 - eQ-3 Entwicklung GmbH) Hidden HP FWUpdateEDO3 (HKLM-x32\...\{A82D0C46-EBDF-4B27-A731-D06EF2056E81}) (Version: 1.0.0.0 - Hewlett-Packard Company) HP Officejet Pro 276dw MFP - Grundlegende Software für das Gerät (HKLM\...\{464BE3CC-B845-474F-A377-408F417050E9}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) HP Officejet Pro 276dw MFP Hilfe (HKLM-x32\...\{C57FD65E-430E-4922-92F7-A8B529769A55}) (Version: 29.0.0 - Hewlett Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) IP Camera Client (HKLM-x32\...\{73B21EB1-4610-4191-9B2D-22CB3B8A693D}) (Version: 1.0.7 - Foscam) IP Camera Tool (HKLM-x32\...\{0C141E39-BFED-40B3-ADA2-C58A6DC055E5}) (Version: 1.00.0000 - IP Camera Tool) IPCamSetup (HKLM-x32\...\{02C39DE9-B03A-4FE7-89F9-61E224FE65CC}) (Version: 1.00.0000 - FOSCAM) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) JFD Brokers MetaTrader 4 (HKLM-x32\...\JFD Brokers MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.) JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.59.0 - JMicron Technology Corp.) KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl) Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM) Konz 2013 (x32 Version: 1.00.0000 - USM) Hidden LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - ) Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech) Logitech Harmony Remote Software (x86) (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Marketsplash Shortcuts (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard) Mathemakustik Version 1.3.2.2 (HKLM-x32\...\Mathemakustik_is1) (Version: 1.3.2.2 - be-amazed) Microscope 3.5e (HKLM-x32\...\Microscope) (Version: - ) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation) Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation) Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nero 12 (HKLM-x32\...\{D529E699-7753-46E7-8B73-C5556EF5B486}) (Version: 12.0.03500 - Nero AG) Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG) Nero 2014 Content Pack (HKLM-x32\...\{204A26F0-01B8-4656-8607-5CCEDE820BC2}) (Version: 15.0.00200 - Nero AG) NetWorx 5.3.3 (HKLM\...\NetWorx_is1) (Version: - Softperfect Research) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team) Nuance Cloud Connector (HKLM-x32\...\{4C99EAAA-A846-4029-B500-312C5937D714}) (Version: 3.2.1026 - Nuance Communications, Inc.) Nuance OmniPage Ultimate (HKLM-x32\...\{419512F9-D5E7-4ED2-BF99-E7F2C0176B6A}) (Version: 19.00.0000 - Nuance Communications, Inc.) Nuance PaperPort 14 (HKLM-x32\...\{B2E8EFDC-E4FF-42A8-B305-FE06D29BB33C}) (Version: 14.5.0000 - Nuance Communications, Inc.) Nuance PDF Create 8 (HKLM\...\{D8AD8411-A273-4560-B756-A418ED4910AD}) (Version: 8.10.6293 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{5B28CD4A-ADCF-4B39-BB67-F2F398818F2F}) (Version: 7.20.3208 - Nuance Communications, Inc.) NVIDIA 3D Vision Controller-Treiber 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.65 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.65 - NVIDIA Corporation) NVIDIA CUDA Toolkit v5.0 (64 bit) (HKLM\...\{03EF0B6E-6C0F-4939-9E3B-58A75C850A10}) (Version: 5.0.35.3 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation) NVIDIA Grafiktreiber 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.65 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Oracle VM VirtualBox 4.3.22 (HKLM\...\{F053F74A-A631-4CFA-A271-6D0747599BC9}) (Version: 4.3.22 - Oracle Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.) P2PFilter 3.0.5 (HKLM-x32\...\P2PFilter) (Version: 3.0.5 - SopCast.com) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.) Paragon ExtFS for Windows (HKLM-x32\...\DokanLibrary) (Version: - ) PDF-Analyzer 3.5 (HKU\S-1-5-21-4163750108-508488768-3939969033-1000\...\PDF-Analyzer 3.5) (Version: - ) Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.) Plustek SmartOffice PS286 (HKLM-x32\...\{D9A717D8-6C94-43EA-9E83-7C2A5B7DFA65}) (Version: 4.0.1 - ) PostgreSQL 9.0 (HKLM\...\PostgreSQL 9.0) (Version: 9.0 - PostgreSQL Global Development Group) Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden Protector Suite 2011 (HKLM\...\{343ECC49-09E4-4E4B-88A3-93F03B1E2714}) (Version: 5.9.6.7124 - Authentec Inc.) QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6886 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) Scanner Utility for Microsoft Windows V09L21 (HKLM-x32\...\{580E9BBC-A51E-4AE9-A977-7B0939BEDAD3}) (Version: 9.11.2.0 - FUJITSU) Scansoft PDF Professional (x32 Version: - ) Hidden SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden SimilarImages (HKLM-x32\...\SimilarImages) (Version: 2013.11 - Nils Maier) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Smart Cutter (HKLM-x32\...\{F98B37D9-AF2A-4CD3-8215-0C2F509F8FAE}) (Version: 1.8.6 - FameRing) Software Operation Panel (HKLM-x32\...\{28A0ED9D-73BF-4F9D-8CDC-A2FD3E96B6E8}) (Version: 3.5.20.0 - PFU LIMITED) SopCast 3.2.9 (HKLM-x32\...\SopCast) (Version: 3.2.9 - www.sopcast.com) SSD Fresh (HKLM-x32\...\SSD Fresh_is1) (Version: 2013 - Abelssoft) SSD Tweaker version 3.4 (HKLM-x32\...\{83FA601A-241A-4956-8A21-F7D525C4422F}_is1) (Version: 3.4 - Elpamsoft.com) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Stellarium 0.12.4 (HKLM\...\Stellarium_is1) (Version: 0.12.4 - Stellarium team) Steuer 2012 (HKU\S-1-5-21-4163750108-508488768-3939969033-1000\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH) TreeSize Personal V6.1.1 (HKLM-x32\...\TreeSize Personal_is1) (Version: 6.1.1 - JAM Software) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.122 - TuneUp Software) Hidden Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.) TV-Browser 3.4 (HKLM-x32\...\tvbrowser) (Version: 3.4 - TV-Browser Team) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VirusTotal Uploader 2.0 (HKLM-x32\...\VirusTotalUploader2.0) (Version: - ) VisiPics V1.31 (HKLM-x32\...\VisiPics_is1) (Version: - Ozone) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.2 - VMware, Inc) VMware Player (Version: 6.0.2 - VMware, Inc.) Hidden Weather Display 8.27m Aprs lite (HKLM-x32\...\Weather Display_is1) (Version: - ) Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Home Server 2011 Connector (HKLM\...\{C1E4D639-4A33-4314-809E-89BD0EF48522}) (Version: 6.1.8800.16400 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Product Image (05/21/2009 3.0.0.0) (HKLM\...\2457CA397D0AF83EE779A5C826EA65022CE724B5) (Version: 05/21/2009 3.0.0.0 - Product) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinHTTrack Website Copier 3.48-19 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.19 - HTTrack) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinSCP 5.5.1 (HKLM-x32\...\winscp3_is1) (Version: 5.5.1 - Martin Prikryl) Wireshark 1.12.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.1 - The Wireshark developer community, hxxp://www.wireshark.org) WISO Mein Geld 2014 Professional (HKLM-x32\...\WISO Mein Geld 2014 Professional) (Version: - Buhl Data Service GmbH) WISO Mein Geld 2014 Professional (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{AE033508-A74B-455D-A428-F1A518F70A46}) (Version: 22.00.8811 - Buhl Data Service GmbH) WsWin V2.97.7 - 2013-06-11 (HKLM-x32\...\PC-Wetterstation_is1) (Version: 2.97.7 - Werner Krenn) Xaldon WebSpider2 (HKLM-x32\...\WebSpider2) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4163750108-508488768-3939969033-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4163750108-508488768-3939969033-1000_Classes\CLSID\{2F5DA951-82C6-471e-90BD-CAB15552A932}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4163750108-508488768-3939969033-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1172\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-4163750108-508488768-3939969033-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\JB\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-4163750108-508488768-3939969033-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JB\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-4163750108-508488768-3939969033-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4163750108-508488768-3939969033-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4163750108-508488768-3939969033-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4163750108-508488768-3939969033-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4163750108-508488768-3939969033-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4163750108-508488768-3939969033-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4163750108-508488768-3939969033-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4163750108-508488768-3939969033-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4163750108-508488768-3939969033-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 04-03-2015 09:17:27 Garmin Express ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2013-12-28 17:05 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0164E513-66D8-44F5-A3DA-FDA3C3340E7F} - System32\Tasks\Microsoft\Windows\Windows Server\Backup => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation) Task: {10269AC6-CE25-4DE3-893B-1266E0DAC871} - System32\Tasks\Google Updater and Installer => C:\Users\JB\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-09] (Google Inc.) Task: {15A2F664-6FA5-4A7E-AE42-A49A6BAA3104} - System32\Tasks\{027CFA03-B345-4781-87EC-24AE440BB330} => pcalua.exe -a "C:\Program Files (x86)\TubeSaver-1\Uninstall.exe" -d "C:\Program Files (x86)\TuneUp Utilities 2013" -c /fromcontrolpanel=1 Task: {17D50833-A20B-4ADA-A36B-48A3B208F71A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-09] (Google Inc.) Task: {1B589414-FA81-4B56-8C9B-0DB7B411A9C8} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.) Task: {1D5A07A5-89B8-4E90-9993-C8CB217D5F04} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation) Task: {2796F20C-F62B-41D4-BEEA-5820F4E43092} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {365EDE13-E0B1-40B5-BADF-5D30B7E4346F} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2014-01-10] () Task: {389B8867-E745-4C66-A216-AE9C7A80F66A} - System32\Tasks\Microsoft\Windows\Windows Server\InstallAddIns => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation) Task: {3DC85083-2560-4F93-BACC-F6E7DF8439F8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4163750108-508488768-3939969033-1000UA => C:\Users\JB\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-09] (Google Inc.) Task: {43DA180C-2203-4486-ACC8-3955BB1F542C} - System32\Tasks\Microsoft\Windows\Windows Server\Alert Evaluations => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation) Task: {4979CDAF-A8F9-4D26-BEEC-1B7A5376BBD5} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe Task: {4E75D7A5-B214-42B6-9472-71819B5F2D2F} - System32\Tasks\{31484832-4655-4795-80F4-8DD181C69E86} => pcalua.exe -a C:\Users\JB\Downloads\VirtualBox-4.3.20-96997-Win.exe -d C:\Users\JB\Downloads Task: {53242608-55B7-4CE2-8034-A842628823E2} - System32\Tasks\{A5231381-5934-47C6-8517-DDD3E1BADCB2} => C:\Users\JB\Downloads\physdiskwrite-0.5.2-PhysGUI-bundle\PhysGUI.exe [2009-02-17] () Task: {55520C63-62B2-4E94-9402-B7EDAD1F3B51} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software) Task: {5A07B439-C23C-4733-9886-488ACD734DC7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4163750108-508488768-3939969033-1000Core => C:\Users\JB\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-09] (Google Inc.) Task: {5EF603F2-FF1D-4204-833C-7C07BE180AF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {605A8445-FF8B-4BB4-9BC3-903030C816C3} - System32\Tasks\Microsoft\Windows\Windows Server\SaveCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation) Task: {71B6977D-260C-458C-87DB-CA49C0EED15A} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard) Task: {80884C7D-9DA8-4638-808F-5183973459CD} - System32\Tasks\Microsoft\Windows\Windows Server\Health Definition Updates => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation) Task: {89030A12-E800-4FE0-A061-5D5F96DE208E} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation) Task: {8BD60100-38CA-4031-A1E1-A29370442569} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-09] (Google Inc.) Task: {8C71289D-3AC8-4A04-8104-492741952CF1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {91A41722-746F-44BC-BC9B-67CAAE9870BE} - System32\Tasks\{7EDCA208-679A-48A3-AAEA-F39F2895351A} => pcalua.exe -a C:\Users\JB\Downloads\VirtualBox-4.3.8-92456-Win.exe -d C:\Users\JB\Downloads Task: {A4BF5A27-6F79-4185-B963-6F74B7F21FF2} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG) Task: {A6A97066-5697-43E7-AFF0-84E3730199E3} - System32\Tasks\{16858776-B269-4A43-AF07-A155411CF82E} => pcalua.exe -a C:\Users\JB\Downloads\Saitek_Cyborg_Evo_Force_SD6_64(1).exe -d C:\Users\JB\Downloads Task: {B9F9E9C5-69AC-478D-B84F-A9679520DC87} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {BB2533A0-27EA-434F-B9F2-17582D367FE2} - System32\Tasks\{082CF606-7DAD-4901-AB6E-46D4EEF212D5} => pcalua.exe -a C:\Users\JB\Downloads\SetupHD3(1).exe -d C:\Users\JB\Downloads Task: {BC150AB0-C2B9-4F7C-99A2-96BAF076514F} - System32\Tasks\Microsoft\Windows\Windows Server\Backup_On_Idle => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation) Task: {C0B2F07B-9DA4-408C-9BCB-59ADBF82814C} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe Task: {C3505487-7DA3-4333-A743-04A89DC3F59F} - System32\Tasks\Microsoft\Windows\Windows Server\RenewClientCertificate => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation) Task: {C6C8CF58-6F3C-42EC-82C8-8C08161A4751} - System32\Tasks\Microsoft\Windows\Windows Server\UploadCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation) Task: {CF8A5791-29AE-48AD-8CCD-7D4F5BDB2DBF} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-10-04] (CyberLink) Task: {E6FB7BED-B315-4A14-B3F2-6C363EC3041A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd) Task: {E7D8DCF1-3B93-4327-8091-2C3F9FA32DD1} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-18] (Adobe Systems Incorporated) Task: {ED3B3653-E063-489B-A181-181964EA905A} - System32\Tasks\{4925E4D5-B7AB-4EBF-BDA2-3A9DA0873B3A} => pcalua.exe -a C:\Users\JB\Downloads\HiJackThis204.exe -d C:\Users\JB\Downloads Task: {EF320C40-2ECE-401D-8703-3BC9403484B2} - System32\Tasks\Paragon ExtFS for Windows => C:\Program Files (x86)\Paragon Software\Paragon ExtFS for Windows\Paragon ExtFS for Windows.exe [2013-11-29] () Task: {F4F18361-32CE-47F2-887A-CC8CCD6DB69B} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-11-05] (CHIP) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4163750108-508488768-3939969033-1000Core.job => C:\Users\JB\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4163750108-508488768-3939969033-1000UA.job => C:\Users\JB\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2013-02-05 09:56 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll 2013-02-05 09:56 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll 2014-11-13 12:32 - 2014-11-03 23:02 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-07-23 08:41 - 2014-07-23 08:41 - 00114688 _____ () C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe 2013-08-13 10:34 - 2013-08-13 10:34 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe 2013-02-14 17:31 - 2014-02-11 18:24 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-01-20 14:31 - 2012-09-21 08:55 - 00217600 _____ () C:\Program Files\PostgreSQL\9.0\bin\LIBPQ.dll 2014-01-20 14:32 - 2012-08-14 13:02 - 02258432 _____ () C:\Program Files\PostgreSQL\9.0\bin\libxml2.dll 2014-07-16 09:24 - 2014-07-16 09:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll 2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll 2014-03-16 18:42 - 2014-03-16 18:42 - 04411488 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe 2012-05-16 20:12 - 2012-05-16 20:12 - 00179200 _____ () C:\Program Files\Rainlendar2\lua52.dll 2014-03-14 11:24 - 2014-03-14 11:24 - 00324608 _____ () C:\Program Files\Rainlendar2\libical.dll 2014-03-16 18:42 - 2014-03-16 18:42 - 00082528 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll 2014-03-14 11:24 - 2014-03-14 11:24 - 00080384 _____ () C:\Program Files\Rainlendar2\libicalss.dll 2014-03-16 18:44 - 2014-03-16 18:44 - 00346208 _____ () C:\Program Files\Rainlendar2\plugins\GoogleCalendarPlugin.dll 2012-06-17 14:21 - 2012-06-17 14:21 - 00015360 _____ () C:\Program Files\Rainlendar2\lfs.dll 2009-11-10 18:09 - 2009-11-10 18:09 - 00157184 _____ () C:\Program Files (x86)\VirusTotalUploader2\VirusTotalUpload2.exe 2014-07-23 08:33 - 2014-07-23 08:33 - 02408448 _____ () C:\Program Files (x86)\DiskBoss\bin\libdbs.dll 2014-07-23 08:31 - 2014-07-23 08:31 - 00720896 _____ () C:\Program Files (x86)\DiskBoss\bin\libpal.dll 2013-08-19 12:58 - 2009-08-27 19:04 - 00159744 _____ () C:\Program Files (x86)\HeavyWeatherWV5\sHID.dll 2014-04-14 15:41 - 2014-04-14 15:41 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\JB\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-04 12:18 - 2015-03-04 12:18 - 00043008 _____ () c:\users\jb\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg3cgkv.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\JB\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\JB\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\JB\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2014-01-26 17:50 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung SSD Magician\SAMSUNG_SSD.dll 2014-10-16 09:49 - 2014-10-16 09:49 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll 2013-02-04 16:46 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB AlternateDataStreams: C:\ProgramData\TEMP:A303874F AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3 AlternateDataStreams: C:\Users\JB\Downloads\Kundenkonto_gesperrt.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4163750108-508488768-3939969033-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\JB\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-4163750108-508488768-3939969033-500 - Administrator - Disabled) Gast (S-1-5-21-4163750108-508488768-3939969033-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4163750108-508488768-3939969033-1003 - Limited - Enabled) JB (S-1-5-21-4163750108-508488768-3939969033-1000 - Administrator - Enabled) => C:\Users\JB postgres (S-1-5-21-4163750108-508488768-3939969033-1010 - Limited - Enabled) => C:\Users\postgres Tim (S-1-5-21-4163750108-508488768-3939969033-1009 - Limited - Enabled) => C:\Users\Tim ==================== Faulty Device Manager Devices ============= Name: WPD-Dateisystem-Volumetreiber Description: WPD-Dateisystem-Volumetreiber Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Microsoft Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/04/2015 00:19:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/04/2015 00:18:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Launchpad.exe, Version: 6.1.8800.16400, Zeitstempel: 0x5094946f Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x5315a05a Ausnahmecode: 0xe0434352 Fehleroffset: 0x000000000000940d ID des fehlerhaften Prozesses: 0x1b54 Startzeit der fehlerhaften Anwendung: 0xLaunchpad.exe0 Pfad der fehlerhaften Anwendung: Launchpad.exe1 Pfad des fehlerhaften Moduls: Launchpad.exe2 Berichtskennung: Launchpad.exe3 Error: (03/04/2015 00:18:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Launchpad.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException Stapel: Server stack trace: bei System.Configuration.ConfigurationManager.GetSection(String sectionName) bei System.ServiceModel.Activation.AspNetEnvironment.UnsafeGetSectionFromConfigurationManager(String sectionPath) bei System.ServiceModel.Configuration.ConfigurationHelpers.UnsafeGetAssociatedSection(ContextInformation evalContext, String sectionPath) bei System.ServiceModel.Diagnostics.MessageLogger.Initialize() bei System.ServiceModel.Diagnostics.MessageLogger.EnsureInitialized() bei System.ServiceModel.Diagnostics.MessageLogger.get_LogMessagesAtServiceLevel() bei System.ServiceModel.Channels.ServiceChannel.PrepareCall(ProxyOperationRuntime operation, Boolean oneway, ProxyRpc& rpc) bei System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.IProviderRegistry.Query(Microsoft.WindowsServerSolutions.Common.ProviderFramework.QuerySpecification) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistryProxy+<>c__DisplayClassf.<QueryList>b__e() bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistryConnectionMgmt`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].WaitAndExecuteOperation[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Func`1<System.__Canon>) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistryProxy.QueryList(System.Func`2<Microsoft.WindowsServerSolutions.Common.ProviderFramework.IProviderRegistry,System.Collections.Generic.IList`1<Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderInfo>>) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.internal.ConnectorInternals.AsyncProviderQuerySender.DoQuery(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() Error: (03/04/2015 08:28:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Launchpad.exe, Version: 6.1.8800.16400, Zeitstempel: 0x5094946f Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x5315a05a Ausnahmecode: 0xe0434352 Fehleroffset: 0x000000000000940d ID des fehlerhaften Prozesses: 0x58c Startzeit der fehlerhaften Anwendung: 0xLaunchpad.exe0 Pfad der fehlerhaften Anwendung: Launchpad.exe1 Pfad des fehlerhaften Moduls: Launchpad.exe2 Berichtskennung: Launchpad.exe3 Error: (03/04/2015 08:28:14 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Launchpad.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException Stapel: Server stack trace: bei System.Configuration.ConfigurationManager.GetSection(String sectionName) bei System.ServiceModel.Activation.AspNetEnvironment.UnsafeGetSectionFromConfigurationManager(String sectionPath) bei System.ServiceModel.Configuration.ConfigurationHelpers.UnsafeGetAssociatedSection(ContextInformation evalContext, String sectionPath) bei System.ServiceModel.Diagnostics.MessageLogger.Initialize() bei System.ServiceModel.Diagnostics.MessageLogger.EnsureInitialized() bei System.ServiceModel.Diagnostics.MessageLogger.get_LogMessagesAtServiceLevel() bei System.ServiceModel.Channels.ServiceChannel.PrepareCall(ProxyOperationRuntime operation, Boolean oneway, ProxyRpc& rpc) bei System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.IProviderRegistry.Query(Microsoft.WindowsServerSolutions.Common.ProviderFramework.QuerySpecification) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistryProxy+<>c__DisplayClassf.<QueryList>b__e() bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistryConnectionMgmt`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].WaitAndExecuteOperation[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Func`1<System.__Canon>) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistryProxy.QueryList(System.Func`2<Microsoft.WindowsServerSolutions.Common.ProviderFramework.IProviderRegistry,System.Collections.Generic.IList`1<Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderInfo>>) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.internal.ConnectorInternals.AsyncProviderQuerySender.DoQuery(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() Error: (03/04/2015 08:24:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/03/2015 03:40:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/03/2015 03:39:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Launchpad.exe, Version: 6.1.8800.16400, Zeitstempel: 0x5094946f Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x5315a05a Ausnahmecode: 0xe0434352 Fehleroffset: 0x000000000000940d ID des fehlerhaften Prozesses: 0x1e58 Startzeit der fehlerhaften Anwendung: 0xLaunchpad.exe0 Pfad der fehlerhaften Anwendung: Launchpad.exe1 Pfad des fehlerhaften Moduls: Launchpad.exe2 Berichtskennung: Launchpad.exe3 Error: (03/03/2015 03:39:14 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Launchpad.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException Stapel: bei System.Configuration.ConfigurationManager.GetSection(System.String) bei System.ServiceModel.Activation.AspNetEnvironment.UnsafeGetSectionFromConfigurationManager(System.String) bei System.ServiceModel.Configuration.ConfigurationHelpers.UnsafeGetSectionNoTrace(System.String) bei System.ServiceModel.Diagnostics.TraceUtility.SetEtwProviderId() bei System.ServiceModel.ChannelFactory`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.Type) bei System.ServiceModel.DuplexChannelFactory`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.Object, System.ServiceModel.Description.ServiceEndpoint) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.Internal.ProviderFrameworkConfigurator.GetDuplexChannelFactory[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.ICollection`1<System.ServiceModel.Description.IEndpointBehavior>, Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderInfo, System.Object, System.Net.NetworkCredential) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistryClient.GetDuplexChannelFactory[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderInfo, System.Object, System.Net.NetworkCredential) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistryClient.CreateWithCallback[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderInfo, System.Object, System.Net.NetworkCredential) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.internal.ConnectorInternals.AsyncConnector`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Connect(Microsoft.WindowsServerSolutions.Common.ProviderFramework.internal.ConnectorInternals.ProviderConnectionInfo) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderConnector`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Microsoft.WindowsServerSolutions.Common.ProviderFramework.internal.ConnectorInternals.IProviderQueryListener.HandleResult(Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderInfo) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() Error: (03/03/2015 08:30:50 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (03/04/2015 09:17:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Garmin Core Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/03/2015 07:51:33 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "M:" den Befehl "chkdsk" aus. Error: (03/03/2015 07:51:33 PM) (Source: Ntfs) (EventID: 137) (User: ) Description: Auf dem Volume "\Device\HarddiskVolume11" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Error: (03/03/2015 02:22:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "G Data Personal Firewall" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (03/03/2015 02:22:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst G Data Personal Firewall erreicht. Error: (03/03/2015 02:22:52 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053GDFwSvc-Service{1DED95CA-C567-464A-B405-087EDDF0B095} Error: (03/03/2015 08:29:37 AM) (Source: VDS Basic Provider) (EventID: 1) (User: ) Description: Unerwarteter Fehler. Fehlercode: D@01010004 Error: (03/02/2015 10:22:42 PM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Die Anforderung wird nicht unterstützt.SCM Microsystems Inc. SCR33x USB Smart Card Reader 0EJECTXX XX XX XX Error: (03/02/2015 10:22:20 PM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Die Anforderung wird nicht unterstützt.SCM Microsystems Inc. SCR33x USB Smart Card Reader 0EJECTXX XX XX XX Error: (03/02/2015 10:22:12 PM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Die Anforderung wird nicht unterstützt.SCM Microsystems Inc. SCR33x USB Smart Card Reader 0EJECTXX XX XX XX Microsoft Office Sessions: ========================= Error: (03/04/2015 00:19:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/04/2015 00:18:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Launchpad.exe6.1.8800.164005094946fKERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d1b5401d0566ce8089083C:\Program Files\Windows Server\Bin\Launchpad.exeC:\Windows\system32\KERNELBASE.dll26efaee7-c260-11e4-a351-005056c00008 Error: (03/04/2015 00:18:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Launchpad.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException Stapel: Server stack trace: bei System.Configuration.ConfigurationManager.GetSection(String sectionName) bei System.ServiceModel.Activation.AspNetEnvironment.UnsafeGetSectionFromConfigurationManager(String sectionPath) bei System.ServiceModel.Configuration.ConfigurationHelpers.UnsafeGetAssociatedSection(ContextInformation evalContext, String sectionPath) bei System.ServiceModel.Diagnostics.MessageLogger.Initialize() bei System.ServiceModel.Diagnostics.MessageLogger.EnsureInitialized() bei System.ServiceModel.Diagnostics.MessageLogger.get_LogMessagesAtServiceLevel() bei System.ServiceModel.Channels.ServiceChannel.PrepareCall(ProxyOperationRuntime operation, Boolean oneway, ProxyRpc& rpc) bei System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.IProviderRegistry.Query(Microsoft.WindowsServerSolutions.Common.ProviderFramework.QuerySpecification) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistryProxy+<>c__DisplayClassf.<QueryList>b__e() bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistryConnectionMgmt`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].WaitAndExecuteOperation[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Func`1<System.__Canon>) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistryProxy.QueryList(System.Func`2<Microsoft.WindowsServerSolutions.Common.ProviderFramework.IProviderRegistry,System.Collections.Generic.IList`1<Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderInfo>>) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.internal.ConnectorInternals.AsyncProviderQuerySender.DoQuery(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() Error: (03/04/2015 08:28:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Launchpad.exe6.1.8800.164005094946fKERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d58c01d0564cc5cae663C:\Program Files\Windows Server\Bin\Launchpad.exeC:\Windows\system32\KERNELBASE.dll04cc33c7-c240-11e4-8923-005056c00008 Error: (03/04/2015 08:28:14 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Launchpad.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException Stapel: Server stack trace: bei System.Configuration.ConfigurationManager.GetSection(String sectionName) bei System.ServiceModel.Activation.AspNetEnvironment.UnsafeGetSectionFromConfigurationManager(String sectionPath) bei System.ServiceModel.Configuration.ConfigurationHelpers.UnsafeGetAssociatedSection(ContextInformation evalContext, String sectionPath) bei System.ServiceModel.Diagnostics.MessageLogger.Initialize() bei System.ServiceModel.Diagnostics.MessageLogger.EnsureInitialized() bei System.ServiceModel.Diagnostics.MessageLogger.get_LogMessagesAtServiceLevel() bei System.ServiceModel.Channels.ServiceChannel.PrepareCall(ProxyOperationRuntime operation, Boolean oneway, ProxyRpc& rpc) bei System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.IProviderRegistry.Query(Microsoft.WindowsServerSolutions.Common.ProviderFramework.QuerySpecification) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistryProxy+<>c__DisplayClassf.<QueryList>b__e() bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistryConnectionMgmt`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].WaitAndExecuteOperation[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Func`1<System.__Canon>) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistryProxy.QueryList(System.Func`2<Microsoft.WindowsServerSolutions.Common.ProviderFramework.IProviderRegistry,System.Collections.Generic.IList`1<Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderInfo>>) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.internal.ConnectorInternals.AsyncProviderQuerySender.DoQuery(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() Error: (03/04/2015 08:24:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/03/2015 03:40:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/03/2015 03:39:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Launchpad.exe6.1.8800.164005094946fKERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d1e5801d055bfd124d43cC:\Program Files\Windows Server\Bin\Launchpad.exeC:\Windows\system32\KERNELBASE.dll10c19693-c1b3-11e4-9bd3-005056c00008 Error: (03/03/2015 03:39:14 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Launchpad.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException Stapel: bei System.Configuration.ConfigurationManager.GetSection(System.String) bei System.ServiceModel.Activation.AspNetEnvironment.UnsafeGetSectionFromConfigurationManager(System.String) bei System.ServiceModel.Configuration.ConfigurationHelpers.UnsafeGetSectionNoTrace(System.String) bei System.ServiceModel.Diagnostics.TraceUtility.SetEtwProviderId() bei System.ServiceModel.ChannelFactory`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.Type) bei System.ServiceModel.DuplexChannelFactory`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.Object, System.ServiceModel.Description.ServiceEndpoint) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.Internal.ProviderFrameworkConfigurator.GetDuplexChannelFactory[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.ICollection`1<System.ServiceModel.Description.IEndpointBehavior>, Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderInfo, System.Object, System.Net.NetworkCredential) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistryClient.GetDuplexChannelFactory[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderInfo, System.Object, System.Net.NetworkCredential) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistryClient.CreateWithCallback[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderInfo, System.Object, System.Net.NetworkCredential) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.internal.ConnectorInternals.AsyncConnector`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Connect(Microsoft.WindowsServerSolutions.Common.ProviderFramework.internal.ConnectorInternals.ProviderConnectionInfo) bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderConnector`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Microsoft.WindowsServerSolutions.Common.ProviderFramework.internal.ConnectorInternals.IProviderQueryListener.HandleResult(Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderInfo) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() Error: (03/03/2015 08:30:50 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2700K CPU @ 3.50GHz Percentage of memory in use: 23% Total physical RAM: 16365.7 MB Available physical RAM: 12506.74 MB Total Pagefile: 32729.58 MB Available Pagefile: 24131.23 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:238.37 GB) (Free:18.73 GB) NTFS Drive d: (cruical) (Fixed) (Total:119.23 GB) (Free:35.5 GB) NTFS Drive e: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (Volume) (Fixed) (Total:1346.16 GB) (Free:106.9 GB) NTFS Drive g: (Recover) (Fixed) (Total:50 GB) (Free:30.63 GB) NTFS Drive i: (sicherung) (Fixed) (Total:1863.01 GB) (Free:71.81 GB) NTFS Drive l: (INTENSO) (Fixed) (Total:465.76 GB) (Free:8.97 GB) NTFS Drive t: () (Network) (Total:2793.53 GB) (Free:451.77 GB) Drive v: () (Network) (Total:1397.66 GB) (Free:1312.12 GB) Drive y: (Disk_3) (Network) (Total:1863.01 GB) (Free:943.5 GB) NTFS Drive z: (Disk_3) (Network) (Total:1863.01 GB) (Free:943.5 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 687F2BAA) Partition 1: (Not Active) - (Size=119.2 GB) - (Type=OF Extended) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 5E329BA2) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1346.2 GB) - (Type=OF Extended) Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: FC634A90) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 238.5 GB) (Disk ID: 43E72941) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (Size: 465.8 GB) (Disk ID: 5C99A7D6) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
06.03.2015, 11:52 | #7 |
/// TB-Ausbilder | Windows 7: UPS Paketankündigungsmail bekommen und (leider) Link angeklicktHinweis: Registry Cleaner Ich sehe, dass du sogenannte Registry Cleaner installiert hast. In deinem Fall TuneUp Utilities 2014, CCleaner. Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler. Zerstörst du die Registry, zerstörst du Windows. Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich. Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über Start --> Systemsteuerung --> Software (bei Windows XP)zu deinstallieren. Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Downloade Dir bitte Malwarebytes Anti-Malware
Starte noch einmal FRST.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
06.03.2015, 22:19 | #8 |
| Windows 7: UPS Paketankündigungsmail bekommen und (leider) Link angeklickt hier sind die logfiles (den Malwarebytes hab ich 'versehentlich' schon vor zwei tagen laufen lassen; daher zwei logs hiervon): adwcleaner: Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 05/03/2015 um 14:59:53 # Aktualisiert 18/02/2015 von Xplode # Datenbank : 2015-03-02.3 [Server] # Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64) # Benutzername : JB - JB-PC # Gestarted von : C:\Users\JB\Downloads\adwcleaner_4.111(2).exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother Personal Utilities\Brother Driver Deployment Wizard\Deinstallieren.lnk ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKCU\Software\OCS ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17631 -\\ Mozilla Firefox v36.0 (x86 de) -\\ Google Chrome v41.0.2272.74 ************************* AdwCleaner[R1].txt - [851 Bytes] - [24/03/2014 13:25:24] AdwCleaner[R2].txt - [3040 Bytes] - [01/03/2015 17:25:03] AdwCleaner[R3].txt - [1051 Bytes] - [01/03/2015 19:33:15] AdwCleaner[R4].txt - [1940 Bytes] - [05/03/2015 14:51:49] AdwCleaner[S1].txt - [911 Bytes] - [24/03/2014 14:01:54] AdwCleaner[S2].txt - [2762 Bytes] - [01/03/2015 17:26:33] AdwCleaner[S3].txt - [1968 Bytes] - [05/03/2015 14:59:53] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2027 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.3 (03.01.2015:1) OS: Windows 7 Ultimate x64 Ran by JB on 06.03.2015 at 12:21:29,84 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{551A852F-39A6-44A7-9C13-AFBEC9185A9D} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{551A852F-39A6-44A7-9C13-AFBEC9185A9D} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{551A852F-39A6-44A7-9C13-AFBEC9185A9D} ~~~ Files Successfully deleted: [File] "C:\Windows\wininit.ini" ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\JB\AppData\Roaming\mozilla\firefox\profiles\8l7plzzj.default-1417879077939\minidumps [18 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 06.03.2015 at 12:27:42,68 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.03.2015 Suchlauf-Zeit: 20:30:28 Logdatei: mbam_04_03-2015.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.04.05 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: JB Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 459076 Verstrichene Zeit: 7 Min, 4 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 1 Trojan.Agent.QAZ, HKU\S-1-5-21-4163750108-508488768-3939969033-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|msdbf7fcf46.exe, "C:\Users\JB\AppData\Roaming\Microsoft\msdbf7fcf46.exe", In Quarantäne, [c9bc5de48dfd1b1bdb8ab9e65ca7916f] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.03.2015 Suchlauf-Zeit: 12:33:46 Logdatei: mbam_06_03_2015.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.06.03 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: JB Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 459904 Verstrichene Zeit: 7 Min, 4 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015 Ran by JB (administrator) on JB-PC on 06-03-2015 22:15:43 Running from C:\Users\JB\Downloads Loaded Profiles: JB & postgres (Available profiles: JB & Tim & postgres) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Authentec Inc.) C:\Program Files\Protector Suite\upeksvr.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe () C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (PFU LIMITED) C:\Windows\twain_32\fjscan32\FJTWMKSV.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe () C:\Windows\SysWOW64\PnkBstrA.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (G DATA Software) C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Microsoft Corporation) C:\Program Files\Windows Server\Bin\WhsMcClient.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe (LaCrosse Technology) C:\Program Files (x86)\HeavyWeatherWV5\HeavyWeatherService.exe (Microsoft Corporation) C:\Program Files\Windows Server\Bin\LANConfigSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe (Authentec Inc.) C:\Program Files\Protector Suite\psqltray.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Program Files\Rainlendar2\Rainlendar2.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\ScanToPCActivationApp.exe (G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\HPNetworkCommunicatorCom.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Microsoft Corporation) C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDFViewer\PdfPro7Hook.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Create 8\PdfCreate8Hook.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltSur64.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-10] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Launchpad] => C:\Program Files\Windows Server\Bin\Launchpad.exe [1099360 2012-11-02] (Microsoft Corporation) HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation) HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite\launcher.exe [85320 2012-02-13] (Authentec Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\totalprotection\avkkid\avkcks.exe,C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe, Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (Authentec Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-4163750108-508488768-3939969033-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [4411488 2014-03-16] () HKU\S-1-5-21-4163750108-508488768-3939969033-1000\...\Run: [HP Officejet Pro 276dw MFP (NET)] => C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.) HKU\S-1-5-21-4163750108-508488768-3939969033-1000\...\Policies\system: [DisableLockWorkstation] 0 IFEO\gladinetclient.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\gladlauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\gtaskmmc.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\lifecam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\paragon extfs for windows.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\woshiddenlauncher32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll (Gladinet, INC) ShellIconOverlayIdentifiers: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll (Gladinet, INC) ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite\farchns.dll (Authentec Inc.) ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite\farchns.dll (Authentec Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll (Gladinet, INC) ShellIconOverlayIdentifiers-x32: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll (Gladinet, INC) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4163750108-508488768-3939969033-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4163750108-508488768-3939969033-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4163750108-508488768-3939969033-1010 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: CBAbzockschutz.InitToolbarBHO -> {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Create 8\Bin\GZeonIEFavClient.dll (Zeon Corporation) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Create 8\Bin\GZeonIEFavClient.dll (Zeon Corporation) DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} hxxp://192.168.178.32/aplugLiteDL.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\JB\AppData\Roaming\Mozilla\Firefox\Profiles\8l7plzzj.default-1417879077939 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDFViewer\bin\nppdf.dll (Zeon Corporation) FF Plugin HKU\S-1-5-21-4163750108-508488768-3939969033-1000: @citrixonline.com/appdetectorplugin -> C:\Users\JB\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKU\S-1-5-21-4163750108-508488768-3939969033-1000: @tools.google.com/Google Update;version=3 -> C:\Users\JB\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-4163750108-508488768-3939969033-1000: @tools.google.com/Google Update;version=9 -> C:\Users\JB\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-4163750108-508488768-3939969033-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF Plugin HKU\S-1-5-21-4163750108-508488768-3939969033-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF Extension: Adblock Plus - C:\Users\JB\AppData\Roaming\Mozilla\Firefox\Profiles\8l7plzzj.default-1417879077939\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-26] FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi FF Extension: No Name - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18] Chrome: ======= CHR Profile: C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-09] CHR Extension: (Google Docs) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-09] CHR Extension: (Google Drive) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-09] CHR Extension: (YouTube) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-09] CHR Extension: (Google Cast) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-09] CHR Extension: (Google Search) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-09] CHR Extension: (Google Sheets) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-09] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-02-10] CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2015-01-09] CHR Extension: (Google Wallet) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-09] CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2015-01-09] CHR Extension: (Gmail) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-09] CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18] CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-02-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe [2683760 2014-05-20] (G Data Software AG) R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Berlin) R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Berlin) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [242664 2012-05-09] (CyberLink) R2 DiskBoss Service; C:\Program Files (x86)\DiskBoss\bin\diskbsa.exe [114688 2014-07-23] () [File not signed] R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2013-08-13] () [File not signed] R2 FJTWMKSV; C:\Windows\twain_32\fjscan32\FJTWMKSV.exe [36864 2011-07-20] (PFU LIMITED) [File not signed] R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [693256 2015-03-02] (Garmin Ltd. or its subsidiaries) R2 GDBackupSvc; C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [3844216 2014-08-21] (G Data Software AG) R3 GDFwSvc; C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG) S3 GDTunerSvc; C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [1637496 2014-05-28] (G Data Software AG) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation) S4 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [30032 2013-03-22] (Gladinet, INC) R2 HealthAlertsSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed] S2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed] R2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation) R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Berlin) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-04-05] (Nuance Communications, Inc.) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-11] () R2 postgresql-x64-9.0; C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe [111104 2012-09-21] (PostgreSQL Global Development Group) [File not signed] R2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [41568 2012-11-02] (Microsoft Corporation) R2 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 TSNxGService; C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe [255608 2014-07-01] (G DATA Software) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) R2 WV5Communication; C:\Program Files (x86)\HeavyWeatherWV5\HeavyWeatherService.exe [1843712 2011-01-18] (LaCrosse Technology) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [237056 2010-03-24] (AVEO Corp) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2013-08-13] (Windows (R) Win 7 DDK provider) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] () S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] () S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] () R2 Ext2Fsd; C:\Windows\system32\Drivers\Ext2Fsd.sys [771224 2014-08-26] (www.ext2fsd.com) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-06-27] (G Data Software AG) R3 gddcd; C:\Windows\system32\drivers\gddcd64.sys [79872 2014-10-13] (G Data Software AG) R1 gddcv; C:\Windows\system32\drivers\gddcv64.sys [59904 2014-10-13] (G Data Software AG) R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-10-28] (G Data Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-08-12] (G Data Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-06-27] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-03-04] (G Data Software AG) R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-04-04] (G Data Software) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-06-27] (G Data Software AG) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-03-21] (Intel Corporation) R1 networx; C:\Windows\System32\drivers\networx.sys [60408 2014-08-01] (NetFilterSDK.com) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation) R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin) R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2013-12-04] (Audials AG) S3 SaiHFFB5; C:\Windows\System32\DRIVERS\SaiHFFB5.sys [171144 2007-05-01] (Saitek) S3 SaiIFFB5; C:\Windows\System32\DRIVERS\SaiIFFB5.sys [20608 2007-05-01] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek) S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated) R3 TcUsb; C:\Windows\System32\Drivers\tcusb.sys [63304 2011-08-19] (AuthenTec, Inc.) R0 TS4NT; C:\Windows\System32\Drivers\TS4nt.sys [98760 2015-03-04] (G Data Software) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116744 2015-03-02] (Oracle Corporation) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-06 22:13 - 2015-03-06 22:13 - 00001452 _____ () C:\Users\JB\Desktop\mbam_04_03-2015.txt 2015-03-06 22:13 - 2015-03-06 22:13 - 00001209 _____ () C:\Users\JB\Desktop\mbam_06_03_2015.txt 2015-03-06 21:29 - 2015-03-06 21:30 - 1259798528 _____ () C:\Users\JB\Downloads\20141217 2103 - TNT Serie - Klondike - S00E06 - Folge 6.ts 2015-03-06 13:09 - 2015-03-06 13:09 - 00000000 ____D () C:\Windows\Sun 2015-03-06 12:45 - 2015-03-06 12:45 - 00049796 _____ () C:\Users\JB\Downloads\Addition.txt 2015-03-06 12:43 - 2015-03-06 12:43 - 00001213 _____ () C:\malwarebyte20150306.txt 2015-03-06 12:32 - 2015-03-06 12:32 - 00001313 _____ () C:\malwarebyte20150304.txt 2015-03-06 12:30 - 2015-03-06 12:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\JB\Downloads\mbam-setup-2.0.4.1028(2).exe 2015-03-06 12:27 - 2015-03-06 12:27 - 00001681 _____ () C:\Users\JB\Desktop\JRT.txt 2015-03-06 12:20 - 2015-03-06 12:20 - 01388333 _____ (Thisisu) C:\Users\JB\Downloads\JRT.exe 2015-03-05 22:18 - 2015-03-05 22:18 - 00001043 _____ () C:\Users\Public\Desktop\SSD Tweaker.lnk 2015-03-05 22:12 - 2015-03-05 22:12 - 00001050 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk 2015-03-05 22:12 - 2015-03-05 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater 2015-03-05 22:04 - 2015-03-05 22:04 - 17084815 _____ (SWE Sven Ritter ) C:\Users\JB\Downloads\intel_rapid_storage_11x.exe 2015-03-05 22:04 - 2015-03-05 22:04 - 17084815 _____ (SWE Sven Ritter ) C:\Users\JB\Downloads\intel_rapid_storage_11x(1).exe 2015-03-05 22:02 - 2015-03-05 22:02 - 01665717 _____ (SWE Sven Ritter ) C:\Users\JB\Downloads\bio7667_ahci.exe 2015-03-05 21:13 - 2015-03-05 21:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-05 20:58 - 2015-03-05 20:58 - 00001384 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 10.2.lnk 2015-03-05 20:58 - 2015-03-05 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.2 2015-03-05 20:58 - 2014-11-18 14:46 - 03384928 _____ () C:\Windows\system32\BootMan.exe 2015-03-05 20:58 - 2014-11-18 14:46 - 02502240 _____ () C:\Windows\SysWOW64\BootMan.exe 2015-03-05 20:58 - 2014-11-18 14:46 - 00021088 _____ () C:\Windows\SysWOW64\EuEpmGdi.dll 2015-03-05 20:58 - 2014-11-18 14:46 - 00017504 _____ () C:\Windows\system32\EuEpmGdi.dll 2015-03-05 20:58 - 2014-11-18 14:39 - 00018528 _____ () C:\Windows\system32\epmntdrv.sys 2015-03-05 20:58 - 2014-11-18 14:39 - 00014944 _____ () C:\Windows\SysWOW64\epmntdrv.sys 2015-03-05 20:58 - 2014-11-18 14:39 - 00010848 _____ () C:\Windows\system32\EuGdiDrv.sys 2015-03-05 20:58 - 2014-11-18 14:39 - 00010208 _____ () C:\Windows\SysWOW64\EuGdiDrv.sys 2015-03-05 20:58 - 2014-11-18 14:38 - 00101984 _____ () C:\Windows\system32\setupempdrvx64.exe 2015-03-05 20:58 - 2014-11-18 14:38 - 00088160 _____ () C:\Windows\SysWOW64\setupempdrv03.exe 2015-03-05 20:54 - 2015-03-05 20:55 - 30603720 _____ (EaseUS ) C:\Users\JB\Downloads\epm.exe 2015-03-05 14:59 - 2015-03-05 14:59 - 00002115 _____ () C:\Users\JB\Desktop\AdwCleaner[S3].txt 2015-03-05 14:58 - 2015-03-05 14:58 - 09145849 _____ (SWE Sven Ritter ) C:\Users\JB\Downloads\usb3renvstw7.exe 2015-03-05 14:51 - 2015-03-05 14:51 - 02126848 _____ () C:\Users\JB\Downloads\adwcleaner_4.111(2).exe 2015-03-05 13:34 - 2015-03-05 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2015-03-05 13:34 - 2015-03-02 15:20 - 00922168 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2015-03-05 13:34 - 2015-03-02 15:18 - 00128592 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2015-03-05 12:35 - 2015-03-05 12:36 - 111197384 _____ (Oracle Corporation) C:\Users\JB\Downloads\VirtualBox-4.3.24-98716-Win.exe 2015-03-05 10:51 - 2015-03-05 10:51 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-03-05 10:51 - 2015-03-05 10:51 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2015-03-05 10:51 - 2015-03-05 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-03-05 10:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2015-03-05 10:49 - 2015-03-05 10:49 - 01203488 _____ () C:\Users\JB\Downloads\SpyBot Search Destroy - CHIP-Installer.exe 2015-03-04 21:55 - 2015-03-04 22:34 - 00000000 ____D () C:\Users\JB\Desktop\mbar 2015-03-04 21:55 - 2015-03-04 22:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-04 21:54 - 2015-03-04 21:54 - 16502728 _____ (Malwarebytes Corp.) C:\Users\JB\Downloads\mbar-1.09.1.1004.exe 2015-03-04 20:28 - 2015-03-04 20:29 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\JB\Downloads\mbam-setup-2.0.4.1028(1).exe 2015-03-04 13:06 - 2015-03-04 13:06 - 00003330 _____ () C:\Users\JB\Desktop\G DATA Protokoll ID 5585.txt 2015-03-04 12:52 - 2015-03-04 13:00 - 00067471 _____ () C:\Users\JB\Desktop\gmer.log 2015-03-04 12:49 - 2015-03-04 12:49 - 00380416 _____ () C:\Users\JB\Downloads\ndjxpd8r.exe 2015-03-04 12:47 - 2015-03-04 12:47 - 00068019 _____ () C:\Users\JB\Desktop\FRST.txt 2015-03-04 12:44 - 2015-03-04 12:44 - 00001971 _____ () C:\Users\Public\Desktop\G DATA TOTAL PROTECTION.lnk 2015-03-04 12:44 - 2015-03-04 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA TOTAL PROTECTION 2015-03-04 12:36 - 2015-03-06 22:15 - 00033273 _____ () C:\Users\JB\Downloads\FRST.txt 2015-03-04 12:36 - 2015-03-04 12:37 - 00074072 _____ () C:\Users\JB\Desktop\Addition.txt 2015-03-04 12:35 - 2015-03-06 22:15 - 00000000 ____D () C:\FRST 2015-03-04 12:35 - 2015-03-04 12:35 - 02092544 _____ (Farbar) C:\Users\JB\Downloads\FRST64.exe 2015-03-04 12:33 - 2015-03-04 12:33 - 00050477 _____ () C:\Users\JB\Downloads\Defogger.exe 2015-03-04 12:33 - 2015-03-04 12:33 - 00000466 _____ () C:\Users\JB\Downloads\defogger_disable.log 2015-03-04 12:33 - 2015-03-04 12:33 - 00000000 _____ () C:\Users\JB\defogger_reenable 2015-03-04 10:13 - 2015-03-04 10:13 - 00011281 _____ () C:\Users\JB\Downloads\041001(31).xml 2015-03-04 10:09 - 2015-03-04 10:09 - 00001727 _____ () C:\Users\JB\Downloads\041000(20).xml 2015-03-04 09:17 - 2015-03-04 09:17 - 00000000 ____D () C:\Users\JB\AppData\Local\Garmin_Ltd._or_its_subsid 2015-03-04 09:17 - 2015-03-04 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2015-03-03 20:43 - 2015-03-03 20:43 - 00001969 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2015-03-03 20:42 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2015-03-03 20:42 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2015-03-03 20:41 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll 2015-03-03 20:06 - 2015-03-03 20:06 - 01203488 _____ () C:\Users\JB\Downloads\Samsung Kies - CHIP-Installer.exe 2015-03-03 14:22 - 2015-03-03 14:22 - 00003230 _____ () C:\Users\JB\Documents\paprika.ods 2015-03-02 15:18 - 2015-03-02 15:18 - 00204264 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll 2015-03-02 15:18 - 2015-03-02 15:18 - 00156360 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys 2015-03-02 15:18 - 2015-03-02 15:18 - 00141440 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys 2015-03-02 15:18 - 2015-03-02 15:18 - 00116744 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSB.sys 2015-03-02 10:44 - 2015-03-02 10:44 - 00001847 _____ () C:\Users\JB\Downloads\gp-cam-feed_0.4_all(1).rar 2015-03-01 19:21 - 2015-03-01 19:21 - 02126848 _____ () C:\Users\JB\Downloads\adwcleaner_4.111(1).exe 2015-03-01 19:19 - 2015-03-06 22:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-01 19:19 - 2015-03-04 21:55 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-01 19:19 - 2015-03-04 20:29 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-01 19:19 - 2015-03-04 20:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-01 19:19 - 2015-03-01 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-01 19:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-01 19:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-01 19:18 - 2015-03-01 19:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\JB\Downloads\mbam-setup-2.0.4.1028.exe 2015-03-01 17:24 - 2015-03-01 17:24 - 02126848 _____ () C:\Users\JB\Downloads\adwcleaner_4.111.exe 2015-02-28 22:23 - 2015-02-28 22:24 - 45193696 _____ () C:\Users\JB\Downloads\release-dm800-3.2.4(1).nfi 2015-02-28 20:18 - 2013-04-30 17:23 - 00001782 _____ () C:\Users\JB\Downloads\gp-cam-feed_0.4_all.ipk 2015-02-28 20:16 - 2015-02-28 20:17 - 00001129 _____ () C:\Users\JB\Desktop\telnet.exe 192.168.178.25.lnk 2015-02-28 20:08 - 2015-02-28 20:08 - 00001847 _____ () C:\Users\JB\Downloads\gp-cam-feed_0.4_all.rar 2015-02-27 20:03 - 2015-02-27 20:03 - 02483886 _____ () C:\Users\JB\Downloads\CCcam-2.3.0.zip 2015-02-27 18:55 - 2015-02-27 18:55 - 57578992 _____ () C:\Users\JB\Downloads\dreambox-image-dm800-20150105(1).nfi 2015-02-27 10:05 - 2015-02-27 10:05 - 00001926 _____ () C:\Users\JB\Downloads\gp-cam-feed_0.5_all.ipk.zip 2015-02-26 17:58 - 2015-02-26 17:58 - 00004580 _____ () C:\Users\JB\Downloads\g3wizard_0.28-r0_all.ipk 2015-02-25 19:56 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-25 19:56 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-25 19:56 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-25 19:56 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-02-25 18:23 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 18:23 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-25 12:41 - 2015-02-25 12:41 - 00017998 _____ () C:\Users\JB\Downloads\flashexpander_0.31-r2_all.ipk 2015-02-23 08:57 - 2015-02-23 08:58 - 57578992 _____ () C:\Users\JB\Downloads\dreambox-image-dm800-20150105.nfi 2015-02-23 08:50 - 2015-02-23 08:50 - 00149488 _____ () C:\Users\JB\Downloads\secondstage-dm800-84.nfi 2015-02-22 20:27 - 2015-02-22 20:27 - 00000000 ____D () C:\library_uniteddiversity_coop 2015-02-22 19:24 - 2015-02-22 19:24 - 00000796 _____ () C:\Users\JB\Desktop\HTTrack Website Copier.lnk 2015-02-22 19:22 - 2015-02-22 19:23 - 04464640 _____ (HTTrack ) C:\Users\JB\Downloads\httrack_x64-3.48.19.exe 2015-02-22 19:21 - 2015-02-22 19:21 - 05009656 _____ () C:\Users\JB\Downloads\httrack_x64-noinst-3.48.19.zip 2015-02-19 17:48 - 2015-02-20 08:31 - 00000000 ____D () C:\Program Files (x86)\altes Firefox 2015-02-19 17:40 - 2015-02-19 17:42 - 00000000 ____D () C:\Users\JB\Downloads\FirefoxPortable 2015-02-17 11:34 - 2015-02-17 11:34 - 00002047 _____ () C:\Users\JB\Desktop\VirusTotal Uploader 2.0.lnk 2015-02-17 11:34 - 2015-02-17 11:34 - 00000000 ____D () C:\Users\JB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0 2015-02-17 11:34 - 2015-02-17 11:34 - 00000000 ____D () C:\Program Files (x86)\VirusTotalUploader2 2015-02-16 21:18 - 2015-02-16 21:18 - 00000000 ____D () C:\Users\JB\AppData\Local\Garmin 2015-02-16 21:17 - 2015-03-04 09:17 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask 2015-02-16 21:17 - 2015-03-04 09:17 - 00001890 _____ () C:\Users\Public\Desktop\Garmin Express.lnk 2015-02-16 21:17 - 2015-03-04 09:17 - 00000000 ____D () C:\ProgramData\Garmin 2015-02-16 21:17 - 2015-03-04 09:17 - 00000000 ____D () C:\Program Files (x86)\Garmin 2015-02-16 21:17 - 2015-02-16 21:20 - 00000000 ____D () C:\Users\JB\AppData\Roaming\Garmin 2015-02-15 21:32 - 2015-02-15 21:32 - 00000000 ____D () C:\Users\JB\Downloads\tools_v6.1.0 2015-02-15 21:27 - 2015-02-15 21:27 - 01798638 _____ () C:\Users\JB\Downloads\tools_v6.1.0.zip 2015-02-15 21:17 - 2015-03-05 13:34 - 00001036 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk 2015-02-15 16:53 - 2015-02-15 17:24 - 2146169532 _____ () C:\Users\JB\Downloads\Die_lange_Stunksitzung_2015_15.02.15_00-15_wdr_180_TVOON_DE.mpg.avi 2015-02-15 12:26 - 2015-02-15 12:26 - 00011280 _____ () C:\Users\JB\Downloads\041001(30).xml 2015-02-15 12:19 - 2015-02-15 12:19 - 00001710 _____ () C:\Users\JB\Downloads\041000(19).xml 2015-02-15 12:18 - 2015-02-15 12:18 - 00013398 _____ () C:\Users\JB\Downloads\041001(29).xml 2015-02-15 12:07 - 2015-02-15 12:07 - 00013398 _____ () C:\Users\JB\Downloads\041001(28).xml 2015-02-15 11:52 - 2015-02-15 11:52 - 00001563 _____ () C:\Users\JB\Downloads\041000(18).xml 2015-02-14 16:32 - 2015-02-14 16:32 - 00002095 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2015.lnk 2015-02-14 16:30 - 2015-02-14 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015 2015-02-14 16:29 - 2015-02-14 16:29 - 00000000 ____D () C:\Program Files (x86)\WISO 2015-02-14 16:04 - 2015-02-14 16:16 - 00000000 ____D () C:\Users\JB\Desktop\WISO Steuer-Sparbuch 2015 2015-02-14 14:20 - 2015-02-14 14:20 - 00003025 _____ () C:\Users\JB\Desktop\DVR-Studio HD 3.lnk 2015-02-14 14:20 - 2015-02-14 14:20 - 00000000 ____D () C:\Users\JB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVR-Studio HD 3 2015-02-13 14:01 - 2015-02-13 14:01 - 00029084 _____ () C:\Users\JB\Downloads\enigma2-plugin-systemplugins-nfiflash_2.6git20090628-r1_mipsel.ipk 2015-02-12 22:06 - 2015-02-19 17:54 - 00000000 ____D () C:\Users\JB\AppData\Roaming\Opera Software 2015-02-12 22:06 - 2015-02-19 17:54 - 00000000 ____D () C:\Users\JB\AppData\Local\Opera Software 2015-02-12 22:05 - 2015-02-19 17:55 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-02-12 22:05 - 2015-02-12 22:05 - 00713176 _____ (Opera Software) C:\Users\JB\Downloads\Opera_NI_stable.exe 2015-02-12 21:44 - 2015-02-12 21:44 - 00000000 ____D () C:\Users\JB\Documents\DM800_cccam 2015-02-12 21:42 - 2015-02-12 21:43 - 45193696 _____ () C:\Users\JB\Downloads\release-dm800-3.2.4.nfi 2015-02-12 10:50 - 2015-02-12 10:50 - 00928690 _____ () C:\Users\JB\Downloads\DreamUP133_11.zip 2015-02-12 08:48 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-02-12 08:48 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-12 08:48 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-02-12 08:48 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-11 08:48 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 08:48 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 08:48 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 08:48 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 08:48 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 08:48 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 08:48 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 08:48 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 08:48 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 08:48 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-11 08:48 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 08:48 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-11 08:48 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-11 08:48 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-11 08:48 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-11 08:48 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-11 08:48 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 08:48 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-11 08:48 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 08:48 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-02-11 08:48 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-02-11 08:48 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-02-11 08:48 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 08:48 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-02-11 08:48 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 08:48 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 08:48 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 08:48 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 08:48 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 08:48 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 08:48 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 08:48 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 08:48 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-02-11 08:48 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-02-11 08:48 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 08:48 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 08:48 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-02-11 08:48 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 08:48 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 08:48 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-02-11 08:48 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 08:48 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-11 08:48 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-02-11 08:48 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 08:48 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-02-11 08:48 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-02-11 08:48 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 08:48 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-02-11 08:48 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 08:48 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-02-11 08:48 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 08:48 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-02-11 08:48 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-02-11 08:48 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 08:48 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 08:48 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 08:48 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-02-11 08:48 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-02-11 08:48 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-02-11 08:48 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-02-11 08:48 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 08:48 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 08:48 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 08:48 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-02-11 08:48 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 08:48 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 08:48 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-02-11 08:48 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-02-11 08:48 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-02-11 08:48 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-02-11 08:48 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 08:48 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 08:48 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 08:48 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-02-11 08:48 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 08:48 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 08:48 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 08:48 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 08:48 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 08:48 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 08:48 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-02-11 08:48 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 08:48 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-02-11 08:48 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-02-11 08:48 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-02-11 08:48 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-02-11 08:48 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-02-11 08:48 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-02-11 08:48 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-02-11 08:48 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-11 08:48 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-02-11 08:48 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-02-11 08:48 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-02-11 08:48 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-02-11 08:48 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-11 08:48 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-02-11 08:48 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 08:48 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 08:48 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 08:48 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 08:47 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 08:47 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-02-11 08:47 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-02-11 08:47 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-02-11 08:47 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-11 08:47 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-11 08:47 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-02-11 08:47 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-09 20:54 - 2015-02-09 20:54 - 00000216 _____ () C:\Users\JB\Desktop\Dreambox WebControl.URL 2015-02-04 20:23 - 2015-02-04 20:23 - 00002139 _____ () C:\Users\Public\Desktop\Google Earth Pro.lnk 2015-02-04 20:23 - 2015-02-04 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro 2015-02-04 20:22 - 2015-02-04 20:22 - 00880784 _____ (Google Inc.) C:\Users\JB\Downloads\GoogleEarthProSetup.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-06 22:15 - 2014-03-24 10:52 - 00000000 ____D () C:\AdwCleaner 2015-03-06 22:00 - 2013-08-19 13:27 - 00001044 _____ () C:\ProgramData\currdat.lst.tmp 2015-03-06 22:00 - 2013-08-19 13:27 - 00001044 _____ () C:\ProgramData\currdat.lst 2015-03-06 21:32 - 2015-01-09 23:19 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4163750108-508488768-3939969033-1000UA.job 2015-03-06 21:29 - 2013-06-19 05:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-06 21:27 - 2015-01-09 23:16 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-06 16:23 - 2013-02-04 18:20 - 00000000 ____D () C:\Users\JB\.rainlendar2 2015-03-06 16:03 - 2014-10-20 07:35 - 00207781 _____ () C:\Windows\setupact.log 2015-03-06 13:27 - 2015-01-09 23:16 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-06 13:14 - 2013-02-04 19:41 - 00000000 ____D () C:\WISO Mein Geld 2015-03-06 12:40 - 2013-02-04 16:42 - 01926145 _____ () C:\Windows\WindowsUpdate.log 2015-03-06 11:32 - 2015-01-09 23:19 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4163750108-508488768-3939969033-1000Core.job 2015-03-06 10:04 - 2013-02-05 01:35 - 00702138 _____ () C:\Windows\system32\perfh007.dat 2015-03-06 10:04 - 2013-02-05 01:35 - 00150804 _____ () C:\Windows\system32\perfc007.dat 2015-03-06 10:04 - 2009-07-14 06:13 - 01628890 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-06 10:04 - 2009-07-14 05:45 - 00031200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-06 10:04 - 2009-07-14 05:45 - 00031200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-06 09:57 - 2014-05-16 09:41 - 00000000 ____D () C:\ProgramData\VMware 2015-03-06 09:57 - 2013-02-04 16:50 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-06 09:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-05 22:53 - 2013-04-03 10:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-05 22:18 - 2013-02-05 11:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSD Tweaker 2015-03-05 22:18 - 2013-02-05 11:14 - 00000000 ____D () C:\Program Files (x86)\SSD Tweaker 2015-03-05 22:13 - 2014-11-07 22:38 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2015-03-05 22:12 - 2014-11-07 22:38 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater 2015-03-05 22:06 - 2013-09-08 12:45 - 00000000 ____D () C:\Medion 2015-03-05 20:58 - 2013-02-05 20:43 - 00000000 ____D () C:\Program Files (x86)\EaseUS 2015-03-05 20:43 - 2014-03-11 10:33 - 00000000 ____D () C:\Users\JB\Documents\My Kindle Content 2015-03-05 20:10 - 2013-02-14 11:17 - 00000000 ____D () C:\Users\JB\.VirtualBox 2015-03-05 19:14 - 2014-08-08 12:12 - 00000000 _____ () C:\Users\JB\Documents\Nuance Image Printer Writer Port 2015-03-05 17:36 - 2014-01-12 20:34 - 00000000 ___RD () C:\Users\JB\Dropbox 2015-03-05 17:36 - 2014-01-12 20:18 - 00000000 ____D () C:\Users\JB\AppData\Roaming\Dropbox 2015-03-05 17:26 - 2013-02-04 18:24 - 00000000 ____D () C:\Users\JB\AppData\Roaming\KeePass 2015-03-05 14:57 - 2013-02-04 18:14 - 00098750 _____ () C:\Users\JB\Documents\JB_passwords.kdbx 2015-03-05 10:56 - 2014-04-07 20:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-03-05 10:51 - 2014-04-07 20:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-03-05 08:20 - 2014-10-20 07:35 - 00057456 _____ () C:\Windows\PFRO.log 2015-03-04 16:46 - 2013-02-14 11:41 - 00000000 ____D () C:\Users\JB\AppData\Roaming\.oit 2015-03-04 16:45 - 2013-02-14 10:57 - 00000000 ____D () C:\ProgramData\TEMP 2015-03-04 12:43 - 2014-10-28 08:41 - 00004114 _____ () C:\Windows\DPINST.LOG 2015-03-04 12:43 - 2013-02-04 18:06 - 00098760 _____ (G Data Software) C:\Windows\system32\Drivers\TS4nt.sys 2015-03-04 12:43 - 2013-02-04 18:06 - 00064512 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys 2015-03-04 12:33 - 2012-09-02 08:02 - 00000000 ____D () C:\Users\JB 2015-03-04 12:17 - 2014-01-20 14:32 - 00000000 ____D () C:\Users\postgres 2015-03-04 12:14 - 2014-03-05 13:53 - 00000600 _____ () C:\Users\JB\AppData\Roaming\winscp.rnd 2015-03-04 09:17 - 2014-02-11 13:05 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-03 20:41 - 2013-11-24 19:59 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-03-03 13:24 - 2013-02-05 09:56 - 00000000 ____D () C:\Users\JB\AppData\Local\FRITZ! 2015-03-02 10:05 - 2013-02-05 10:17 - 00000000 ____D () C:\Users\JB\AppData\Roaming\HpUpdate 2015-03-01 19:19 - 2014-03-24 10:45 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-01 15:07 - 2013-02-04 18:41 - 00000000 ____D () C:\temp 2015-02-28 19:53 - 2013-02-16 17:54 - 00000000 ____D () C:\Users\JB\AppData\Local\Nero 2015-02-27 22:50 - 2014-05-24 19:53 - 00000000 ____D () C:\Users\JB\AppData\Roaming\vlc 2015-02-26 22:22 - 2014-04-11 20:01 - 00000000 ____D () C:\Users\JB\AppData\Local\QuickPar 2015-02-26 08:29 - 2015-01-09 23:16 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-26 08:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-02-24 16:38 - 2013-06-22 17:26 - 00000000 ____D () C:\Users\Tim\.rainlendar2 2015-02-24 16:38 - 2013-05-29 13:25 - 00127424 _____ () C:\Users\Tim\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-22 19:24 - 2013-12-18 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack 2015-02-22 19:24 - 2013-12-18 12:25 - 00000000 ____D () C:\Program Files\WinHTTrack 2015-02-19 17:48 - 2013-04-03 10:07 - 00000000 ____D () C:\Users\JB\AppData\Roaming\Mozilla 2015-02-17 11:03 - 2014-01-20 20:58 - 00000000 ____D () C:\Users\JB\Desktop\hydroponic 2015-02-16 21:17 - 2013-03-11 10:06 - 00000000 ____D () C:\Program Files\DIFX 2015-02-15 21:58 - 2013-02-16 20:12 - 00000000 ____D () C:\Users\JB\AppData\Roaming\calibre 2015-02-15 21:21 - 2013-02-16 20:12 - 00000890 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2015-02-15 21:21 - 2013-02-16 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2015-02-15 21:21 - 2013-02-16 20:12 - 00000000 ____D () C:\Program Files\Calibre2 2015-02-15 11:40 - 2009-07-14 05:45 - 00465416 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-14 16:32 - 2013-02-21 15:20 - 00000638 _____ () C:\Windows\wiso.ini 2015-02-14 16:32 - 2013-02-21 15:20 - 00000000 ____D () C:\Users\JB\AppData\Local\Buhl 2015-02-14 16:32 - 2013-02-04 18:39 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH 2015-02-14 16:30 - 2013-02-04 16:55 - 00127424 _____ () C:\Users\JB\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-14 16:29 - 2013-02-04 16:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-14 14:20 - 2013-05-19 17:51 - 00000000 ____D () C:\Program Files (x86)\DVR-STUDIO HD 3 2015-02-13 10:12 - 2013-04-08 12:16 - 00000000 ____D () C:\Users\JB\AppData\Local\Apple Computer 2015-02-13 10:12 - 2013-02-15 08:59 - 00000000 ____D () C:\Users\JB\AppData\Roaming\Apple Computer 2015-02-13 09:01 - 2014-12-10 11:38 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-13 09:01 - 2014-05-06 21:14 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-12 10:50 - 2013-07-17 15:18 - 00936448 _____ (Dream Multimedia TV) C:\Users\JB\Downloads\DreamUP_1_3_3_11.exe 2015-02-12 08:46 - 2014-01-12 20:18 - 00000000 ____D () C:\Users\JB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-02-12 08:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-02-11 22:48 - 2013-02-07 12:03 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-11 22:45 - 2013-08-15 15:55 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-11 22:45 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini 2015-02-11 22:41 - 2013-02-04 17:11 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-10 15:46 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-09 20:20 - 2013-04-04 14:11 - 00000000 ____D () C:\Users\JB\BWINCOMPokerDir 2015-02-07 11:27 - 2015-01-09 23:19 - 00004072 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4163750108-508488768-3939969033-1000UA 2015-02-07 11:27 - 2015-01-09 23:19 - 00003676 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4163750108-508488768-3939969033-1000Core 2015-02-06 13:22 - 2015-01-09 23:16 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-06 13:22 - 2015-01-09 23:16 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-05 18:34 - 2013-06-19 05:55 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-05 18:34 - 2013-02-04 17:53 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 18:34 - 2013-02-04 17:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-05 12:11 - 2013-03-11 10:20 - 00000000 ____D () C:\Users\JB\Documents\Eigene PaperPort-Dokumente 2015-02-04 20:23 - 2015-01-09 23:16 - 00000000 ____D () C:\Program Files (x86)\Google ==================== Files in the root of some directories ======= 2013-09-27 14:24 - 2005-12-09 03:52 - 0000060 ____R () C:\Program Files (x86)\BRINST.INI 2013-08-27 12:40 - 2013-08-27 12:42 - 0000159 ____H () C:\Users\JB\AppData\Roaming\eSReg.ini 2014-03-05 13:53 - 2015-03-04 12:14 - 0000600 _____ () C:\Users\JB\AppData\Roaming\winscp.rnd 2014-03-26 11:13 - 2014-12-08 13:02 - 0186304 _____ () C:\Users\JB\AppData\Local\ars.cache 2014-03-26 11:13 - 2014-12-08 16:48 - 0460091 _____ () C:\Users\JB\AppData\Local\census.cache 2013-02-25 12:45 - 2014-12-15 22:20 - 0051712 _____ () C:\Users\JB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-26 10:03 - 2014-03-26 10:03 - 0000036 _____ () C:\Users\JB\AppData\Local\housecall.guid.cache 2014-01-19 16:39 - 2014-01-21 09:50 - 0000128 _____ () C:\Users\JB\AppData\Local\MagicHoldem_SettingsPath.txt 2014-02-05 11:03 - 2014-02-05 11:03 - 0000041 _____ () C:\ProgramData\.SimImages 2014-12-15 22:19 - 2014-12-15 22:19 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-08-19 13:27 - 2015-03-06 22:00 - 0001044 _____ () C:\ProgramData\currdat.lst 2013-08-19 13:27 - 2015-03-06 22:00 - 0001044 _____ () C:\ProgramData\currdat.lst.tmp 2014-01-20 14:27 - 2014-01-20 14:27 - 0005052 _____ () C:\ProgramData\flwjycbm.bab 2013-08-19 12:58 - 2013-08-19 12:58 - 10485760 _____ () C:\ProgramData\WV5DataStore Files to move or delete: ==================== C:\Users\JB\AutoRun.exe C:\Users\JB\Runner.exe Some content of TEMP: ==================== C:\Users\JB\AppData\Local\Temp\CHIP_Updater.exe C:\Users\JB\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpld9i5x.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2013-12-13 11:56 ==================== End Of Log ============================ |
07.03.2015, 17:34 | #9 |
/// TB-Ausbilder | Windows 7: UPS Paketankündigungsmail bekommen und (leider) Link angeklickt OK, das sieht soweit ganz gut aus. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte SecurityCheck und:
ESET Online Scanner
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
09.03.2015, 09:54 | #10 |
| Windows 7: UPS Paketankündigungsmail bekommen und (leider) Link angeklickt HAb ich erledigt: fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-03-2015 01 Ran by JB at 2015-03-07 21:07:44 Run:1 Running from C:\Users\JB\Downloads Loaded Profiles: JB & postgres (Available profiles: JB & Tim & postgres) Boot Mode: Normal ============================================== Content of fixlist: ***************** emptytemp: ***************** EmptyTemp: => Removed 862.3 MB temporary data. The system needed a reboot. ==== End of Fixlog 21:08:09 ==== checkup.txt Code:
ATTFilter Results of screen317's Security Check version 0.99.97 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` G DATA TOTAL PROTECTION Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy VirusTotal Uploader 2.0 TuneUp Utilities 2014 TuneUp Utilities 2014 (de-DE) TuneUp Utilities Language Pack (de-DE) TuneUp Utilities 2014 Java 8 Update 31 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.305 Adobe Reader XI Mozilla Firefox (36.0.1) Google Chrome (41.0.2272.64) Google Chrome (41.0.2272.74) ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! G Data TotalProtection Firewall GDFwSvcx64.exe G Data TotalProtection Firewall GDFirewallTray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=849c4c1b2eede54e8ed0ef79f3df3943 # engine=22803 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-07 08:23:51 # local_time=2015-03-07 09:23:51 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 0 177389681 0 0 # scanned=375 # found=0 # cleaned=0 # scan_time=114 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=849c4c1b2eede54e8ed0ef79f3df3943 # engine=22803 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-08 03:54:47 # local_time=2015-03-08 04:54:47 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 102117 177416737 0 0 # scanned=734462 # found=3 # cleaned=0 # scan_time=26979 sh=78B8A1CC5196BE28A4BBAE0C809CED491E6AFB52 ft=1 fh=0fe9afbe77213433 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\JB\Downloads\Samsung Kies - CHIP-Installer.exe" sh=37049972CEC0469BB907C8A8930C1582B23DCA47 ft=1 fh=b82173e5ee089f7e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\JB\Downloads\SpyBot Search Destroy - CHIP-Installer.exe" sh=D34B2C03CD6DF389FA9CCA0D65C960EA61DA69C5 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Lotoor.EF Trojaner" ac=I fn="F:\Galaxy Note 2 sicherung\TitaniumBackup\com.alephzain.framaroot-1edecf2b3dc5a702cd5052065a352d38.apk.gz" |
09.03.2015, 10:09 | #11 |
/// TB-Ausbilder | Windows 7: UPS Paketankündigungsmail bekommen und (leider) Link angeklickt Na sieht doch gut aus ! Eset hat auch nur 2 mal doofen Chip-Adware-Downloader gefunden, bei Framaroot kann ich dir so nix zu sagen, solange das Teil von XDA stammt, sollte es ok sein. Zum Thema Chip: Chip/Softonic Downloader: Bei Chip.de und Softonic gibt es beim Download zwei Möglichkeiten: einmal den Chip Downloader mit DownloadSponsor, der Werbung mitbringt und gern versucht, den User dazu zu überreden, noch diese und jene Toolbar zu installieren. Und es gibt immer den alternativen Download, das ist die eigentliche Anwendung als Setup, so wie sie vom Hersteller kommt. Der Alternativlink ist genau unter der Chip Download-Schaltfläche. Die Logs sind soweit sauber. Die Reihenfolge ist hier entscheidend.
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen oder Lob, Kritik und Wünsche loswerden? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
09.03.2015, 10:55 | #12 |
| Windows 7: UPS Paketankündigungsmail bekommen und (leider) Link angeklickt Okay. dann nochmal vielen Dank für die Hilfe - hoffe mal, mein System ist wieder sauber. Zumindestens habe ich eben noch aufgrund Deiner Tipps gemerkt, dass WOT nicht mehr bei mir installiert ist - wie ist mir schleierhaft, da ich es seit Jahren nutze - aber evtl. war mal wieder ein Firefox-Update daran schuld... |
09.03.2015, 13:16 | #13 | |
/// TB-Ausbilder | Windows 7: UPS Paketankündigungsmail bekommen und (leider) Link angeklicktZitat:
Wie gesagt, die Logs sind sauber, ESET Log ebenfalls.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
Themen zu Windows 7: UPS Paketankündigungsmail bekommen und (leider) Link angeklickt |
aktiv, appdata, code, dateien, dll, gdata, gelöscht, gen, hängen, link, logfiles, microsoft, namen, programm, prozess, quarantäne, registry, roaming, temp, tracking, trojaner/virus, ups, ups-trojaner, virus, win7 64bit, windows, windows 7, wiso |