| |
| |||||||
Log-Analyse und Auswertung: Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbarWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.10.2015, 16:17
| #1 |
 |  Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar Hallo, es geht um den PC meines Schwiegervaters, der sich seit einigen Tagen komisch verhält: - PDF Dateien im Outlook Posteingang sind kaputt (unvollständig, ein beträchtlicher Teil wird abgeschnitten), gleicher Effekt wenn man PDFs herunterlädt; im Firefox mit PDF.js kann man PDFs aber noch anschauen. - beim Booten kommt eine Fehlermeldung vom Amazon MP3-Downloader Installer NSIS:  - man kann den Amazon MP3-Downloader nicht deinstallieren (da kommt die gleiche Meldung) - mit MS Paint kann man keine Bilder speichern (ist mir eben beim Screenshot-Speichern aufgefallen, mit IrfanView geht es aber), egal wo (weder C: noch auf dem USB-Stick) - in der Browserhistory sind eine Menge ominöser EXE Downloads, an die sich mein Schwiegervater nicht erinnern kann - die Load ist generell recht hoch, Lüfter läuft praktisch immer Hier die Logs: Defogger hat kein Log erzeugt, nur ein defogger_disable.log mit binärem Inhalt, hier der Hexdump, falls das was hilft: Code:
ATTFilter 0000000 0064 0065 0066 006f 0067 0067 0065 0072
0000010 005f 0064 0069 0073 0061 0062 006c 0065
0000020 0020 0062 0079 0020 006a 0070 0073 0068
0000030 006f 0072 0074 0073 0074 0075 0066 0066
0000040 0020 0028 0032 0033 002e 0030 0032 002e
0000050 0031 0030 002e 0031 0029 000d 000a 004c
0000060 006f 0067 0020 0063 0072 0065 0061 0074
0000070 0065 0064 0020 0061 0074 0020 0031 0036
0000080 003a 0031 0035 0020 006f 006e 0020 0032
0000090 0030 002f 0031 0030 002f 0032 0030 0031
00000a0 0035 0020 0028 0047 00fc 006e 0074 0065
00000b0 0072 0020 0052 0069 0065 0077 0065 0073
00000c0 0065 006c 0029 000d 000a 000d 000a 0043
00000d0 0068 0065 0063 006b 0069 006e 0067 0020
00000e0 0066 006f 0072 0020 0061 0075 0074 006f
00000f0 0073 0074 0061 0072 0074 0020 0076 0061
0000100 006c 0075 0065 0073 002e 002e 002e 000d
0000110 000a 0048 004b 0043 0055 005c 007e 005c
0000120 0052 0075 006e 0020 0076 0061 006c 0075
0000130 0065 0073 0020 0072 0065 0074 0072 0069
0000140 0065 0076 0065 0064 002e 000d 000a 0048
0000150 004b 004c 004d 005c 007e 005c 0052 0075
0000160 006e 0020 0076 0061 006c 0075 0065 0073
0000170 0020 0072 0065 0074 0072 0069 0065 0076
0000180 0065 0064 002e 000d 000a 000d 000a 0043
0000190 0068 0065 0063 006b 0069 006e 0067 0020
00001a0 0066 006f 0072 0020 0073 0065 0072 0076
00001b0 0069 0063 0065 0073 002f 0064 0072 0069
00001c0 0076 0065 0072 0073 002e 002e 002e 000d
00001d0 000a 000d 000a 000d 000a 002d 003d 0045
00001e0 002e 004f 002e 0046 003d 002d
00001ec
FRST.txt: FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:18-10-2015
durchgeführt von Günter Meier (Administrator) auf GÜNTER-PC (20-10-2015 16:17:13)
Gestartet von E:\winguenter\bin
Geladene Profile: Günter Meier (Verfügbare Profile: Günter Meier & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files\Deutsche Telekom AG\Browser 7\Browser7.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(G Data Software AG) C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\AVKProxy\GDKBFltExe32.exe
(simplitec GmbH) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
() C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(G DATA Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
() C:\Program Files\Amazon Browser Bar\search_protect.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Omega Partners Ltd) C:\Program Files\AppGraffiti\AppGraffiti.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [Performance Center] => C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Run: [Performance Center] => C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Run: [AGupdate] => C:\Program Files\AppGraffiti\AGupdate.exe [894048 2013-03-19] (Omega Partners Ltd)
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Windows\system32\config\systemprofile\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Run: [AppGraffiti] => C:\Program Files\AppGraffiti\AppGraffiti.exe [1220544 2015-06-25] (Omega Partners Ltd)
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\MountPoints2: E - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\MountPoints2: {d03db3b6-1d03-11e2-a160-001bfcd9fd0e} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\MountPoints2: {e9dbfc9b-1cfd-11e2-a85b-0000fcd9fd0e} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\MountPoints2: {e9dbfcc7-1cfd-11e2-a85b-0000fcd9fd0e} - E:\.\Setup.exe AUTORUN=1
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
Startup: C:\Users\Günter Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-08-05]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{92B1362F-D2B4-4AA3-8BF2-48D0F0646CDB}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_sp_
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tag=bds-p08-serp-de-ie-21&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_ds_&query={searchTerms}
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {05C72334-11F3-4e9f-8740-98128F52EFB9} URL = hxxp://google.ie7pro.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tag=bds-p08-serp-de-ie-21&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_ds_&query={searchTerms}
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {BE9654C9-9D79-42ec-B55A-3CAEB12DBF58} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {CB779390-9FC4-4A00-B031-3CD9A1C8A67A} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box_fs
BHO: Kein Name -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> C:\Program Files\SiteRanker\SiteRank.dll [2012-12-06] (Crawler, LLC)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: AppGraffiti -> {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} -> C:\Program Files\AppGraffiti\AppGraffiti.dll [2015-06-25] (Omega Partners Ltd)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Kein Name -> {CCB69577-088B-4004-9ED8-FF5BCC83A039} -> Keine Datei
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-03] (Sun Microsystems, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> Kein Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Keine Datei
Toolbar: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Keine Datei
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - Keine Datei
FireFox:
========
FF ProfilePath: C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default
FF DefaultSearchEngine: MyStart Suche
FF DefaultSearchUrl: hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF SelectedSearchEngine: Inbox Suchen
FF Homepage: hxxp://www.inbox.com/homepage.aspx?tbid=80772&iwk=293&lng=de
FF Keyword.URL: hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-26] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-12-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-12-23] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-3597727890-3998022267-917300989-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3597727890-3998022267-917300989-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3597727890-3998022267-917300989-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Windows\system32\config\systemprofile\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-04-16] (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\user.js [2014-11-30]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2008-06-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2009-08-03] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-12-23] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-12-23] (RealPlayer)
FF SearchPlugin: C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\searchplugins\inbox-search.xml [2014-02-03]
FF SearchPlugin: C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\searchplugins\MyStart Search.xml [2011-02-07]
FF Extension: AppGraffiti - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\Extensions\AppGraffiti@AppGraffiti.com [2013-01-04] [ist nicht signiert]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-27] [ist nicht signiert]
FF Extension: Yahoo! Toolbar - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010-08-18] [ist nicht signiert]
FF Extension: Blue Ice 2 - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\Extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa} [2008-08-04] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-11] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-23] [ist nicht signiert]
FF Extension: Kein Name - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [nicht gefunden]
FF Extension: Kein Name - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [nicht gefunden]
Chrome:
=======
CHR Profile: C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AppGraffiti - Free Facebook Layouts) - C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl [2013-03-06]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-04-01]
CHR Extension: (RebateInformer) - C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\odbbfaealmlpnodchplhdomkgpdkeeal [2013-03-06]
CHR HKLM\...\Chrome\Extension: [angobeimajilfhlcpeiccndaifchnppl] - C:\Program Files\AppGraffiti\Chrome\graff_chr.crx [2012-12-20]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AVKProxy; C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2528888 2015-04-16] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2876888 2015-04-07] (G Data Software AG)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [Datei ist nicht signiert]
S3 Browser7Maintenance; C:\Program Files\Browser 7 Maintenance Service\maintenanceservice.exe [148792 2015-08-20] (Deutsche Telekom AG)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-08] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R3 GDFwSvc; C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2539560 2015-02-20] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert]
S3 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 StarMoney 10 OnlineUpdate; C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688784 2015-07-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S4 StarMoney 7.0 OnlineUpdate; C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S4 TeamViewer; C:\Program Files\TeamViewer3\TeamViewer_Host.exe [90112 2007-11-29] () [Datei ist nicht signiert]
R2 Updater Service for AMZN; C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2013-03-21] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [108032 2015-04-07] (G Data Software AG)
R3 GDKBB; C:\Windows\system32\drivers\GDKBB32.sys [24192 2015-04-07] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt32.sys [20352 2015-04-07] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [161792 2015-04-07] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon32.sys [29400 2011-07-31] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [73216 2015-04-07] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2015-07-12] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2015-09-17] (G Data Software)
S1 HCW88AUD; C:\Windows\System32\drivers\hcw88aud.sys [11904 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88BDA; C:\Windows\System32\drivers\hcw88bda.sys [207872 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88TSE; C:\Windows\System32\drivers\hcw88tse.sys [299776 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88TUNE; C:\Windows\System32\drivers\hcw88tun.sys [149504 2007-01-23] (Hauppauge Computer Works, Inc.)
S3 hcw88vid; C:\Windows\System32\drivers\hcw88vid.sys [498176 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88XBAR; C:\Windows\System32\drivers\HCW88BAR.sys [23552 2007-01-23] (Hauppauge Computer Works, Inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [87040 2015-04-07] (G Data Software AG)
R1 hwinterface; C:\Windows\System32\Drivers\hwinterface.sys [3026 2007-09-17] (Logix4u) [Datei ist nicht signiert]
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [48768 2007-07-05] (JMicron Technology Corp.)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-10-17] (SCM Microsystems Inc.)
S3 STC2DFU; C:\Windows\System32\DRIVERS\Stc2Dfu.SYS [7796 2004-10-25] (SCM Microsystems Inc.) [Datei ist nicht signiert]
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (VIA Technologies, Inc.)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [91527 2005-02-26] (VM)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-20 16:16 - 2015-10-20 16:17 - 00000000 ____D C:\FRST
2015-10-20 16:15 - 2015-10-20 16:15 - 00000000 _____ C:\Users\Günter Meier\defogger_reenable
2015-10-17 15:51 - 2015-09-18 19:47 - 00023384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-17 15:51 - 2015-09-18 19:44 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-17 15:51 - 2015-09-18 19:44 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-17 15:51 - 2015-09-18 19:44 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-17 15:51 - 2015-09-18 19:44 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-17 15:51 - 2015-09-18 19:44 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-17 15:51 - 2015-09-18 19:35 - 00999936 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-14 14:00 - 2015-09-18 20:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 14:00 - 2015-09-16 05:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 14:00 - 2015-09-16 05:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 14:00 - 2015-09-16 05:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 14:00 - 2015-09-16 05:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 14:00 - 2015-09-16 05:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 14:00 - 2015-09-16 05:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 14:00 - 2015-09-16 05:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 14:00 - 2015-09-16 05:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 14:00 - 2015-09-16 05:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 14:00 - 2015-09-16 05:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 14:00 - 2015-09-16 05:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 14:00 - 2015-09-16 05:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 14:00 - 2015-09-16 05:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 14:00 - 2015-09-16 05:23 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 14:00 - 2015-09-16 05:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 14:00 - 2015-09-16 05:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 14:00 - 2015-09-16 05:18 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 14:00 - 2015-09-16 05:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 14:00 - 2015-09-16 05:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 14:00 - 2015-09-16 05:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 14:00 - 2015-09-16 05:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 14:00 - 2015-09-16 05:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 14:00 - 2015-09-16 05:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 14:00 - 2015-09-16 05:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 14:00 - 2015-09-16 04:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 14:00 - 2015-09-16 04:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 14:00 - 2015-09-16 04:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 14:00 - 2015-09-16 04:56 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 14:00 - 2015-09-16 04:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 14:00 - 2015-09-16 04:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 14:00 - 2015-09-16 04:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 14:00 - 2015-09-16 04:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 14:00 - 2015-09-16 04:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 13:57 - 2015-10-01 19:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 13:57 - 2015-10-01 19:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 13:57 - 2015-10-01 19:50 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 13:57 - 2015-10-01 19:50 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 13:57 - 2015-10-01 19:50 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 13:57 - 2015-10-01 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 13:57 - 2015-09-29 05:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-10-14 13:57 - 2015-09-29 05:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 13:57 - 2015-09-29 05:02 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 13:57 - 2015-09-29 04:58 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 13:57 - 2015-09-29 04:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 13:57 - 2015-09-29 04:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 13:57 - 2015-09-29 04:58 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 13:57 - 2015-09-29 04:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 13:57 - 2015-09-29 04:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 13:57 - 2015-09-29 04:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 13:57 - 2015-09-29 04:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 13:57 - 2015-09-29 04:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 13:57 - 2015-09-29 04:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 13:57 - 2015-09-29 03:43 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 13:57 - 2015-09-29 03:43 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 13:57 - 2015-09-29 03:43 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 13:57 - 2015-09-15 19:42 - 00139096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 13:57 - 2015-09-15 19:42 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 13:57 - 2015-09-15 19:36 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 13:57 - 2015-09-15 19:35 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 13:56 - 2015-09-25 19:59 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 13:56 - 2015-09-25 19:58 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 13:56 - 2015-09-25 19:58 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 13:56 - 2015-09-25 19:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 13:56 - 2015-09-25 19:58 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 13:56 - 2015-08-06 19:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 13:56 - 2015-08-06 19:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 16:55 - 2015-10-13 16:54 - 00524288 _____ (Simon Tatham) C:\Windows\putty.exe
2015-10-13 14:09 - 2015-10-13 14:09 - 00000000 ____D C:\Users\G�nter Meier
2015-10-12 18:09 - 2015-10-12 18:09 - 00000000 ____D C:\ProgramData\McAfee
2015-10-12 18:08 - 2015-10-17 15:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-12 18:08 - 2015-10-13 14:34 - 00002017 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-12 16:11 - 2015-10-12 16:11 - 28565300 _____ C:\Users\Günter Meier\Downloads\AdbeRdr920_de_DE.rar
2015-10-06 22:38 - 2015-10-13 13:42 - 00001508 _____ C:\Windows\PFRO.log
2015-09-25 21:58 - 2015-10-20 16:10 - 00711789 _____ C:\Windows\setupact.log
2015-09-25 21:58 - 2015-09-25 21:58 - 00000000 _____ C:\Windows\setuperr.log
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-20 16:15 - 2009-10-23 23:35 - 00000000 ____D C:\Users\Günter Meier
2015-10-20 16:15 - 2009-10-23 23:34 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-20 16:15 - 2009-10-23 23:34 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-20 16:12 - 2009-10-24 00:23 - 01648344 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-20 16:10 - 2011-02-28 19:30 - 00000000 ____D C:\Temp
2015-10-20 16:10 - 2009-10-24 00:12 - 01606529 _____ C:\Windows\WindowsUpdate.log
2015-10-20 16:07 - 2015-09-14 09:43 - 00000470 _____ C:\Windows\Tasks\simplitec Power Suite (Tray).job
2015-10-20 16:07 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-18 17:43 - 2015-06-12 18:54 - 00000000 ____D C:\Program Files\StarMoney 10
2015-10-18 17:26 - 2014-04-08 08:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-18 17:26 - 2009-08-11 10:55 - 00001160 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597727890-3998022267-917300989-1000UA.job
2015-10-18 09:49 - 2014-08-09 12:34 - 00000000 ____D C:\Program Files\StarMoney 9.0
2015-10-17 16:25 - 2014-12-12 10:32 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-17 16:25 - 2014-05-06 17:55 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-17 14:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2015-10-17 14:10 - 2015-08-10 13:32 - 00000000 ____D C:\Program Files\Amazon Browser Bar
2015-10-17 14:10 - 2015-04-05 22:09 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-17 14:10 - 2014-11-12 17:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-17 14:10 - 2011-07-05 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
2015-10-17 14:10 - 2011-03-27 17:48 - 00000000 ____D C:\ProgramData\Real
2015-10-17 14:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2015-10-17 14:09 - 2009-11-07 21:52 - 00000000 __RHD C:\MSOCache
2015-10-15 09:26 - 2015-07-08 15:57 - 00000412 _____ C:\Windows\Tasks\simplitec Power Suite.job
2015-10-15 09:21 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-10-14 19:10 - 2007-09-17 13:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 19:09 - 2013-08-02 21:57 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 19:01 - 2009-11-11 20:46 - 141105520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-14 19:00 - 2006-11-02 12:23 - 00000219 _____ C:\Windows\win.ini
2015-10-14 13:18 - 2015-07-08 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
2015-10-14 13:17 - 2015-07-08 15:56 - 00000000 ____D C:\Program Files\simplitec
2015-10-13 16:53 - 2013-01-04 19:34 - 00000000 ____D C:\Program Files\AppGraffiti
2015-10-13 16:50 - 2008-08-04 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
2015-10-12 18:07 - 2007-09-17 13:17 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-12 18:07 - 2007-09-17 13:17 - 00000000 ____D C:\Program Files\Adobe
2015-10-12 17:36 - 2007-09-17 13:17 - 00000000 ____D C:\ProgramData\Adobe
2015-10-07 21:17 - 2015-07-13 22:31 - 00000000 ____D C:\Users\Günter Meier\Documents\Bible
2015-10-06 22:35 - 2015-08-10 13:31 - 00000000 ____D C:\Program Files\Amazon
2015-09-23 21:08 - 2015-06-12 18:57 - 00002108 _____ C:\Users\Public\Desktop\StarMoney 10.lnk
2015-09-23 14:21 - 2014-09-24 11:24 - 00000071 _____ C:\Users\Günter Meier\Desktop\i_view32.ini
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-07-08 12:06 - 2015-07-09 09:31 - 0000053 _____ () C:\Users\Günter Meier\AppData\Roaming\LogFile.txt
2007-11-23 10:39 - 2009-01-08 19:29 - 0024206 _____ () C:\Users\Günter Meier\AppData\Roaming\UserTile.png
2015-02-12 10:59 - 2015-02-12 10:59 - 0000000 ____H () C:\Users\Günter Meier\AppData\Local\BITD367.tmp
2009-10-24 11:19 - 2009-10-24 11:19 - 0007609 _____ () C:\Users\Günter Meier\AppData\Local\Resmon.ResmonCfg
2011-12-23 21:57 - 2011-12-23 21:57 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{05CAAA34-0796-4266-BD12-2057BBECAF0B}
2011-07-30 09:28 - 2011-07-30 09:28 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{0766507E-53D7-44AF-A88E-C7EAEF153760}
2011-07-02 10:03 - 2011-07-02 10:08 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{0AE71263-88B3-4D37-9C7D-C0FC1B1FC4B9}
2011-10-18 13:16 - 2011-10-18 13:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{0B5A5CEB-9F36-4CEE-B0B7-2278D1CD416B}
2011-12-16 08:43 - 2011-12-16 08:43 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{17694828-0365-4695-AE08-08D098F41174}
2011-06-09 08:56 - 2011-06-09 08:56 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{189E3064-3E60-407D-B479-4EA6071C647E}
2012-01-11 12:36 - 2012-01-11 12:36 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{1CC4BC34-506A-4F28-849E-9BB689FDD145}
2011-05-12 22:19 - 2011-05-12 22:19 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{1D3488B1-AC49-4CE9-B01A-347A723C9E47}
2014-05-30 09:09 - 2014-05-30 09:09 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{23E58F2C-8DC4-4DE3-8FEF-766B1EEA544E}
2011-12-16 19:24 - 2011-12-16 19:24 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{28F4E85B-9194-4962-B72F-BDF01365858E}
2011-10-19 17:19 - 2011-10-19 17:19 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{29037809-5BF9-45EB-A551-B4F9944569EC}
2011-06-16 22:36 - 2011-06-16 22:36 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{29891808-A8FD-4F02-99A0-45E554B54B83}
2011-05-12 22:15 - 2011-05-12 22:15 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{2A589BD2-D8B8-4CE0-9AEC-9FD96C7E3A7C}
2011-11-10 16:20 - 2011-11-10 16:23 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{33620E34-0CC5-45B2-972D-B205D971AEFF}
2012-01-26 22:26 - 2012-01-26 22:26 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{338C8C87-226E-42F5-97CC-CDDC0BD39DC5}
2011-10-22 17:29 - 2011-10-22 17:29 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{35741B3A-B90E-4C17-980D-693DDC6D92B2}
2015-04-17 09:45 - 2015-04-17 09:49 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{37601423-536C-48D0-BBDF-BB556A35E507}
2011-11-10 16:23 - 2011-11-10 16:23 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{38CD506F-C922-4793-9DB1-A1F71DAE1C80}
2011-06-15 16:11 - 2011-06-15 16:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{3F1A741B-0E83-40B7-9293-F608619820F4}
2011-11-06 20:59 - 2011-11-06 20:59 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{41EB32F3-12BB-4F05-9EEA-C094A182864A}
2011-05-27 09:13 - 2011-05-27 09:13 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{451DD174-B044-4C44-BF45-A905F6CA4F5A}
2011-06-23 17:01 - 2011-06-23 17:01 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{4A257FA5-1DDC-43F7-BC1C-0101E86330DF}
2012-01-20 22:04 - 2012-01-20 22:04 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{4F835A43-90C0-45A9-A01D-30D12E39DA18}
2011-07-15 20:00 - 2011-07-15 20:00 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{5266879B-59A6-4F0B-99B1-F32396F78B0B}
2011-07-07 15:25 - 2011-07-07 15:25 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{565FA85B-71E4-48E4-BC1B-B4D473C9583E}
2011-06-26 16:03 - 2011-06-26 16:03 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{5DD604CF-949E-4EF9-AAE2-E98BF823D8DC}
2011-08-05 21:36 - 2011-08-05 21:36 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{618E2725-2A74-492B-AB68-9C9A7FBC60FA}
2014-09-17 11:32 - 2014-09-17 11:32 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{64A4A4AE-C52B-4208-9DC1-F3A515D33732}
2015-02-12 10:55 - 2015-02-12 10:59 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{6DA6D618-2D09-4E54-B6EA-D48FD2EE3E59}
2011-05-20 21:37 - 2011-05-20 21:37 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{71902AA3-3597-4958-BDBA-6C46016CED28}
2011-09-06 17:20 - 2011-09-06 17:21 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{724E8FC5-F413-4D0C-B0B8-8E9B13C5BE25}
2011-06-17 18:09 - 2011-06-17 18:09 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{77EFB568-7ED5-4EB2-8D60-8BC1540A9FF4}
2011-09-19 18:00 - 2011-09-19 18:04 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{79059305-E922-4911-B8D2-9135AFC051E0}
2012-01-06 19:58 - 2012-01-06 19:58 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{7BD81CF8-BA1F-405F-A974-8E15A12D1560}
2011-12-16 19:26 - 2011-12-16 19:26 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{7E6C24A7-A380-4862-909B-3C42CE67B411}
2011-07-17 08:29 - 2011-07-17 08:33 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{7ECE3187-654D-4E3E-B1E1-FB987C5DC824}
2011-11-10 16:25 - 2011-11-10 16:25 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{80059459-AD63-4EF3-B458-80436D4A91C3}
2011-09-19 18:02 - 2011-09-19 18:02 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{801DF4EC-2545-48AD-9E6B-B9E5F525FB45}
2011-09-14 19:39 - 2011-09-14 19:43 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{8433C909-3DE4-4FF7-BDB5-C71244205008}
2011-07-17 08:30 - 2011-07-17 08:35 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{875F79BE-EE0D-4267-8DE4-28ADBEDD6A58}
2011-07-30 09:29 - 2011-07-30 09:29 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{877CAC26-F3F4-4A4E-9FC9-D8B8DC3DC326}
2011-11-06 20:56 - 2011-11-06 20:56 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{89E76C26-CEDF-4184-82AE-3B1E5394A189}
2011-06-14 14:42 - 2011-06-14 14:42 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{8ED483F8-95C4-449A-B875-08FBA12129FF}
2011-10-07 18:16 - 2011-10-07 18:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{91EFF962-614A-45F8-9B30-57FBF9D336C6}
2011-06-15 16:09 - 2011-06-15 16:14 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{94858006-C678-4BCF-B655-CC82F18CB6C1}
2011-10-30 15:06 - 2011-10-30 15:06 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{96A82280-66E2-438B-BA18-9357DF72FEDD}
2011-11-03 18:14 - 2011-11-03 18:14 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{97F44D2C-D6DE-4D4B-8FF6-9DA56B1FB7E5}
2011-06-08 12:25 - 2011-06-08 12:25 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A01F53D9-7AFF-4AA4-8C51-541D0653CD1E}
2011-06-09 08:58 - 2011-06-09 08:58 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A1C1B8D0-278C-4B74-92BE-77ABC7A2B36B}
2011-12-06 10:44 - 2011-12-06 10:44 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A31325A4-1936-4BBF-A614-C4901C6F3313}
2011-12-17 11:13 - 2011-12-17 11:13 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A34EC897-35C0-45AE-9061-6D13B9F064C5}
2011-11-15 15:53 - 2011-11-15 15:53 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A50C05E7-36C0-41CD-A151-312C267A8F93}
2011-10-02 22:06 - 2011-10-02 22:06 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A6546426-9765-47B3-A4B5-8833E3728509}
2011-11-03 18:16 - 2011-11-03 18:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A65891F9-D1DC-4710-A18B-59195499AD25}
2012-01-06 19:56 - 2012-01-06 19:56 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A7E6BDF8-283D-4421-AFB2-449C1D5038C4}
2012-02-01 09:28 - 2012-02-01 09:28 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{AA7D708B-14B4-48CA-BB7B-EBC8D4578E6C}
2012-01-11 22:22 - 2012-01-11 22:22 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{AAB15AF0-99F7-416A-A202-9B120F5AFC76}
2014-07-11 09:15 - 2014-07-11 09:15 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{ABEA0400-D334-4F95-BDB4-85D0FFE3916D}
2011-07-17 18:35 - 2011-07-17 18:35 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{AC3DF61D-2DE3-41B9-B4A9-239938F825C7}
2011-07-06 09:24 - 2011-07-06 09:24 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{B2A65E21-ED83-41A4-BDF9-6898D2BD17C7}
2011-08-01 11:03 - 2011-08-01 11:04 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{BC517638-F267-4F06-926C-C1BBB488A79F}
2011-06-19 13:12 - 2011-06-19 13:12 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{BDA60C25-42C9-4EC4-9957-33B1206E85A2}
2011-11-09 22:01 - 2011-11-09 22:03 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{C102085D-C45E-4EA1-B94A-70AD439FE9EA}
2011-10-12 12:33 - 2011-10-12 12:33 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{CDD78E85-8B3D-43A0-B667-60152FD93FA4}
2011-12-16 08:45 - 2011-12-16 08:45 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{CEC7DA45-826C-4850-8A58-567EC29FC7D4}
2011-09-14 19:41 - 2011-09-14 19:41 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{D161D418-F4E5-4391-A183-9A90BA48F3AD}
2011-06-24 12:21 - 2011-06-24 12:21 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{D5119CE5-BDA0-4DDC-AAAF-21CCABC1C9DD}
2011-11-03 18:17 - 2011-11-03 18:17 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{D82FFAB7-3D57-49A8-8D08-5AFE6035D856}
2012-01-09 11:33 - 2012-01-09 11:34 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DAB70909-1C31-4C50-BA6D-8A1DBC16C007}
2011-06-11 17:02 - 2011-06-11 17:02 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DB4E76D0-D1A0-4DED-9618-FBC8D03F53C2}
2011-06-10 18:00 - 2011-06-10 18:01 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DC29E31A-B235-4BC6-A04B-0D1810A2B392}
2011-09-19 18:06 - 2011-09-19 18:06 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DF19300C-A2C8-4C8B-AA5F-2FDEA33BA72A}
2011-10-10 22:01 - 2011-10-10 22:01 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E1D28314-940E-4F2E-950F-7B627D0F8245}
2011-06-23 16:59 - 2011-06-23 16:59 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E3048784-D47B-4F95-BCB2-17CAC094F43A}
2011-07-31 11:49 - 2011-07-31 11:49 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E467D0D2-A4F5-469E-A910-783FD1A073CE}
2011-12-04 16:38 - 2011-12-04 16:38 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E58633B9-ACF2-4DF5-B796-C6E479EF246D}
2011-10-14 16:21 - 2011-10-14 16:21 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{EAD67AE9-0963-41F1-B934-5FB345612BE3}
2011-09-16 10:57 - 2011-09-16 10:57 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{F3CC78FF-402B-4FF3-A996-24ED5C370D3F}
2011-06-24 12:17 - 2011-06-24 12:17 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{F5C3197E-C3C0-42C9-BE75-9A8896599CD3}
2011-12-17 11:16 - 2011-12-17 11:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{FB2FD8B0-9BAB-4F35-9EE2-00E8FC1372C6}
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Günter Meier\ger21008.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-08-24 21:57
==================== Ende vom FRST.txt ============================
Addition.txt: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:18-10-2015
durchgeführt von Günter Meier (2015-10-20 16:18:38)
Gestartet von E:\winguenter\bin
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2009-10-24 08:10:48)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3597727890-3998022267-917300989-500 - Administrator - Disabled)
Gast (S-1-5-21-3597727890-3998022267-917300989-501 - Limited - Enabled)
Günter Meier (S-1-5-21-3597727890-3998022267-917300989-1000 - Administrator - Enabled) => C:\Users\Günter Meier
UpdatusUser (S-1-5-21-3597727890-3998022267-917300989-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: G DATA INTERNET SECURITY (Disabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA INTERNET SECURITY (Disabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Disabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90000000001}_Adobe Reader 9 - Deutsch) (Version: - )
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Browser 7 der Telekom 39.0.15 (x86 de) (HKLM\...\Browser 7 der Telekom 39.0.15 (x86 de)) (Version: 39.0.15 - Deutsche Telekom AG)
Browser 7 Maintenance Service (HKLM\...\Browser7MaintenanceService) (Version: 33.1.17 - Deutsche Telekom AG)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version: - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version: - )
Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon MG8200 series Benutzerregistrierung (HKLM\...\Canon MG8200 series Benutzerregistrierung) (Version: - )
Canon MG8200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8200_series) (Version: - )
Canon MG8200 series On-screen Manual (HKLM\...\Canon MG8200 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version: - )
Canon MP Navigator EX 5.1 (HKLM\...\MP Navigator EX 5.1) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
CHIPDRIVE Smartcard Commander (HKLM\...\CHIPDRIVE Smartcard Commander_CDInst21) (Version: - SCM Microsystems)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.0 - Corel Corporation) Hidden
Duden Korrektor (HKLM\...\InstallShield_{91BF142C-E8C0-4279-A98D-A61A4404CF56}) (Version: 5.00.1507.00 - Duden)
Duden Korrektor (Version: 5.00.1507.00 - Duden) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen)
G DATA INTERNET SECURITY (HKLM\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.4 - G DATA Software AG)
GEAR 32bit Driver Installer (HKLM\...\{E89B484C-B913-49A0-959B-89E836001658}) (Version: 2.005.1 - GEAR Software, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth (HKLM\...\{9509674F-3972-11DE-806D-005056806466}) (Version: 5.0.11733.9347 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Herrnhuter Losungen (HKLM\...\{2DEEC41F-02B0-4BC4-819A-2355E8B1C398}) (Version: 3.4.0 - Evang. Brüderunität Herrnhut)
ICQ6.5 (HKLM\...\{60DE4033-9503-48D1-A483-7846BD217CA9}) (Version: 6.5 - ICQ)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
JMB36X Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
LightScribe 1.4.136.1 (Version: 1.4.136.1 - hxxp://www.lightscribe.com) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XML Parser und SDK (HKLM\...\{35343FF7-939B-401A-87B3-FF90A5123D88}) (Version: 4.10.9404.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Premium (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301031}) (Version: 7.02.9753 - Nero AG)
Office-Bibliothek (HKLM\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.00.3 - Bibliographisches Institut & F.A. Brockhaus AG)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Online Bibel 12.07.02 (HKLM\...\OnlineBible) (Version: - )
Online Bibel 12.07.02 (HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\OnlineBible) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paint.NET v3.30 (HKLM\...\{FF09A6A1-4DE5-467D-AA26-EF18C0EA4DAB}) (Version: 3.30.0 - dotPDN LLC)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Platform (Version: 1.24 - VIA Technologies, Inc.) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SCR3xx USB Smart Card Reader (HKLM\...\{7EABFCD9-9F26-4E2C-A762-73ABE2C54E95}) (Version: 8.18.0001 - SCM Microsystems)
simfy (HKLM\...\Simfy) (Version: 1.4.8 - simfy GmbH)
simfy (Version: 1.4.8 - simfy GmbH) Hidden
simplitec Power Suite (HKLM\...\simplitec POWER SUITE_is1) (Version: 2.3.2.873 - simplitec GmbH)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.6140 - Analog Devices)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
StarMoney (Version: 2.0 - StarFinanz) Hidden
StarMoney (Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney (Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10 (HKLM\...\{BEA4756B-BD9D-49AA-9260-C496B3D8F8E1}) (Version: 10 - Star Finanz GmbH)
StarMoney 6.0 S-Edition (HKLM\...\{60459C52-DCD5-408F-925E-4AD20D9DAFD8}) (Version: 6.0 - StarFinanz GmbH)
StarMoney 9.0 (HKLM\...\{172EC92E-003F-47B8-8E38-00A3FD455467}) (Version: - )
StarMoney 9.0 (HKLM\...\{2262CF96-D326-4926-885E-AA3B7E4E7368}) (Version: 9.0 - Star Finanz GmbH)
TeamViewer 3 (HKLM\...\TeamViewer 3) (Version: - TeamViewer GmbH)
TSP_CODEC (HKLM\...\{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}) (Version: 1.00.0000 - Bytescribe)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{0C5B0539-7EDE-4297-947E-48890971B557}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PRO_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PRO_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PRO_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PRO_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{1796A329-04C1-4C07-B28E-E4A807935C06}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{1A239250-B650-4B63-B4CF-7FCC4DC07DC6}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{2C9357FA-97F8-4213-B712-A4CCF03AE379}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\AlexaWebSearch.dll (Bitmanagement)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Windows\system32\config\systemprofile\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{42DF0D46-7D49-4AE5-8EF6-9CA6E41EFEC1}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{44EA0FF7-08B7-4B7F-A594-F7F94A2B60F7}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\GoogleSearch.dll (SpaceTime)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.1\psuser.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{5D052CD7-6CAE-463C-99FF-0159EABFE66E}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\SpaceTime3D.ocx (SpaceTime 3D, Inc)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{63E6BE14-A742-4EEA-8AF3-0EC39F10F850}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{645EEE5A-BD51-4C05-A6AF-6F2CF8950AAB}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{77C4C807-E257-43AD-BB3F-7CA88760BD29}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{8097D7E9-DB9E-4AEF-9B28-61D82A1DF784}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{9059C329-4661-49B2-9984-8753C45DB7B9}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{9919BE4D-9E6F-4732-9E4E-5F83ABB62FEB}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\websearch.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{998FA181-D5BB-4548-9CB6-7FC105A0A327}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\wavdest.ax ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{A2D4475B-C9AA-48E2-A029-1DB829DACF7B}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{A4F65992-5738-475B-9C16-CF102BCDE153}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{B153D707-447A-4538-913E-6146B3FDEE02}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{B3C985DA-45C2-417D-B11B-6E6484A725F1}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\RSSSearch.dll (SpaceTime3D inc)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{BF9A5794-8AF5-46FA-8865-EAF65CD654A8}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\Compass.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{CB27DAA3-E581-4777-A725-F32B47EDBDCF}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\Compass.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{CBD4FB70-F00B-4963-B249-4B056E6A981A}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Windows\system32\config\systemprofile\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{D6F407CF-E8AE-469D-9FC7-1DECAEDAAD9A}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\websearch.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{D93BF052-FC68-4DB6-A4F8-A4DC9BEEB1C0}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{F4F7B301-7C59-4851-BA97-C51F110B590F}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\earthps.dll ()
==================== Wiederherstellungspunkte =========================
29-09-2015 18:45:25 Windows Update
03-10-2015 22:16:11 Windows Update
06-10-2015 22:08:05 Windows Update
08-10-2015 19:32:53 Windows Update
12-10-2015 17:32:09 Removed Adobe Reader XI (11.0.11) - Deutsch.
12-10-2015 17:33:54 Removed Adobe Reader XI (11.0.11) - Deutsch.
12-10-2015 17:35:46 Removed Adobe Reader XI (11.0.11) - Deutsch.
13-10-2015 14:07:29 Windows Update
13-10-2015 17:15:19 Removed simfy
14-10-2015 13:12:23 Wiederherstellungsvorgang
14-10-2015 13:30:34 Removed simfy
14-10-2015 14:16:04 Windows Update
14-10-2015 18:52:43 Windows Update
15-10-2015 17:56:52 Windows Update
17-10-2015 14:04:53 Wiederherstellungsvorgang
17-10-2015 16:24:23 Windows Update
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2006-11-02 12:23 - 2015-10-13 17:14 - 00000763 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {00D58F06-E0E1-4A74-9DCC-17ED108F0BEB} - System32\Tasks\{47C57D00-1548-4256-9285-CBEED6687977} => pcalua.exe -a H:\setup.exe -d H:\ -c autorun
Task: {0588BB0D-C82E-4CC1-92A1-4224DA648CFB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0E9F0C20-BCE3-499C-A966-F734C28C163E} - System32\Tasks\{8FE32562-C235-4FAB-9A6D-03D63CA7D940} => pcalua.exe -a C:\Windows\System32\config\systemprofile\Downloads\browser7_setup(1).exe -d C:\Windows\System32\config\systemprofile\Downloads
Task: {1104AA23-EFC9-449A-80B1-8D2AC7522A6D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {14E7FE71-8001-4321-89D5-08F1290FB27F} - System32\Tasks\{CE475AAD-AFC9-42A3-9D97-A57126633DF0} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\aomwin200ea24.exe" -d "C:\Program Files\Mozilla Firefox"
Task: {1F743136-E9A5-4E4F-93EA-600712E0DC7B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {220210B8-C66A-44C3-9E69-2CC5ADC162CF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597727890-3998022267-917300989-1000Core => C:\Users\Günter Meier\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {2A893B50-DD57-4382-AA0F-6BF75F24EE12} - System32\Tasks\simplitec Power Suite (Tray) => C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe [2015-09-04] (simplitec GmbH)
Task: {2D80F328-4163-4F70-8A20-E3DA5EE5DC86} - System32\Tasks\{6B8F0279-9C50-4EDB-BFC5-881052B5558C} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {38E40A51-8080-4086-82A7-ADE3C56521D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {3FD8EA5F-ED3E-4A8E-A9E8-17FED68D3BCF} - System32\Tasks\{D6456F15-B695-4531-A08C-703557131E8B} => pcalua.exe -a D:\smoney_m_18_0_01234567_0000011022_j_.exe -d D:\
Task: {4BA14185-3A0A-425D-B5F8-F67D75F2F8F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {4C2F9702-1EE5-473A-A1D7-6E20635A84B8} - System32\Tasks\{515B8E38-020F-42EF-BBA0-FF5772AA7ACE} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {4E109E6D-3616-4CCD-BE29-95646479A919} - System32\Tasks\{151811DA-8574-4F07-B4E3-BC0CC70C5210} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {5DCBDA99-E748-4AB4-BEE6-ACD450989D75} - System32\Tasks\{D5DC5CA7-AF3F-444F-8CAE-BF2020269A3A} => pcalua.exe -a "C:\Program Files\Bible\OlbDel.Exe" -c "Online Bibel" "Online Bibel" "C:\Users\Günter Meier\Documents\Bible\" "C:\Users\Public\Documents\Online Bible\"
Task: {5E2CC2C0-064B-4059-B917-4D504F3AACD0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {63AE1EE3-64C8-48DE-9C54-45711309E921} - System32\Tasks\{9C90A1E7-FADF-400F-B72A-CBE75816D972} => pcalua.exe -a "C:\bibel digital\mfbo2a32.exe" -d C:\Windows\system32\config\systemprofile\Desktop
Task: {71890D32-2507-4406-A13F-F2BDF9323AE4} - System32\Tasks\simplitec Power Suite => C:\Program Files\simplitec\simplitec Power Suite\PowerSuite.exe [2015-09-04] (simplitec GmbH)
Task: {75D3157F-439F-4E84-924A-FA650AB4F69A} - System32\Tasks\{A7B6B988-1FC5-42A4-BD45-CD7EE5F1C1DA} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {848A33C2-A5F0-497A-B08C-EAC01706C1E8} - System32\Tasks\{A2D23527-3082-44BC-8390-0526D67B3D46} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe" -c -runfromtemp -l0x0007 -removeonly
Task: {8B815B25-1B02-4957-A89E-2A3E1321533E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8E3BF495-571E-40DD-B913-C302BD618019} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {911023DE-5FF7-409F-A38A-476275210A5B} - System32\Tasks\{F5595CA3-EF8C-4FF9-9CC8-3F5BFDE3A806} => pcalua.exe -a I:\InstallTomTomHOME.exe -d I:\
Task: {96EDA8E3-5C17-4AF4-9537-3FF2530B08E6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A61C90FA-B985-462E-A804-70558A90C134} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Günter Meier => C:\Program Files\Windows Calendar\WinCal.exe
Task: {A64AE6AE-1A92-403B-8196-EE4C17077740} - System32\Tasks\{88B1E977-17F5-4EAF-BA92-03B89D785644} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {C34D7B5A-DBEE-4220-AA8F-57CD980FDDDD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597727890-3998022267-917300989-1000UA => C:\Users\Günter Meier\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {CB0E91C7-DAEF-4541-8AF5-29BAFA96EBFD} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-09-18] (Microsoft Corporation)
Task: {D2AE73FE-E2C5-431A-918B-F03363307423} - System32\Tasks\{A37709E2-5C8D-4187-ACBD-0664905177B7} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\teledatX120\Konfig\V3_02_02\_ISDel.exe" -d "C:\Users\Günter Meier\Downloads\teledatX120\Konfig\V3_02_02"
Task: {D57B9C09-4511-4F89-93BE-71AF5F9DCACC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {DBCEE112-EA9A-4F16-9C36-EE9EF50D3571} - System32\Tasks\{6EA55286-8D0E-467A-9FB0-F5B315B5ABA8} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\wmp11-windowsxp-x86-DE-DE.exe" -d "C:\Users\Günter Meier\Downloads"
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {ED4CB7E8-51FB-4A5C-B797-622CD46DAF23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {FBB31E70-84F8-4478-8FCA-7B0A64BD4336} - System32\Tasks\{B09EF877-27B6-4235-882D-C184CF3EF917} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\GER_R_FUL_AV.exe" -d "C:\Users\Günter Meier\Downloads"
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597727890-3998022267-917300989-1000Core.job => C:\Users\Günter Meier\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597727890-3998022267-917300989-1000UA.job => C:\Users\Günter Meier\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\simplitec Power Suite (Tray).job => C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
Task: C:\Windows\Tasks\simplitec Power Suite.job => C:\Program Files\simplitec\simplitec Power Suite\PowerSuite.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2009-05-04 13:10 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-07-08 15:56 - 2015-09-04 14:11 - 00101120 _____ () C:\Program Files\simplitec\simplitec Power Suite\modules\common\asp_ipc32.dll
2015-07-08 15:56 - 2015-05-06 16:54 - 02228224 _____ () C:\Program Files\simplitec\simplitec Power Suite\MFL_rel_u_vc12.dll
2015-07-29 22:45 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files\StarMoney 10\ouservice\PATCHW32.dll
2014-08-09 12:36 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files\StarMoney 9.0\ouservice\PATCHW32.dll
2013-03-21 20:24 - 2013-03-21 20:24 - 00222368 _____ () C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
2015-07-24 10:49 - 2015-07-24 10:49 - 00773592 _____ () C:\Program Files\Amazon Browser Bar\search_protect.exe
2015-02-20 05:42 - 2015-02-20 05:42 - 00317560 ____N () C:\Program Files\Common Files\G DATA\AVKProxy\PktIcpt2.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Günter Meier\Documents\Fotovorlagen:com.dropbox.attributes
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\amazon.de -> amazon.de
IE trusted site: HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\amazon.de -> amazon.de
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: StarMoney 7.0 OnlineUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [UDP Query User{DB1B0F8C-F8B0-4EDB-8050-9903D99C271E}C:\program files\icq6.5\icq.exe] => (Allow) C:\program files\icq6.5\icq.exe
FirewallRules: [TCP Query User{D2ED50E5-ECBA-4948-A737-CD574422ED83}C:\program files\icq6.5\icq.exe] => (Allow) C:\program files\icq6.5\icq.exe
FirewallRules: [UDP Query User{BC1B4E24-7EBD-4EC5-8594-55F8ACBD8274}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{040CD7D5-ECE8-49EE-8A50-977C4F681C43}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D6F4D7DB-4845-47F1-8E55-8DA46042BA13}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{C87F02C0-6E69-4D92-8920-9E65E63E4FAD}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{C7D6D316-A356-4310-AD6B-4981B9F8B777}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{DE344125-C3EF-4BAD-B2DA-A1599E5EB1BB}] => (Allow) svchost.exe
FirewallRules: [{A50D645D-011F-492D-BF38-EB7A6863AAFC}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [UDP Query User{B8EF7B60-2422-4342-975E-B6A2067C6871}C:\program files\icq6\icq.exe] => (Allow) C:\program files\icq6\icq.exe
FirewallRules: [TCP Query User{ADEC9F8E-8625-48A4-8A60-2D04234396AE}C:\program files\icq6\icq.exe] => (Allow) C:\program files\icq6\icq.exe
FirewallRules: [{4FDB4FE1-D932-4439-B87F-6A438835C552}] => (Allow) C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{1405F477-C137-4B8B-BACB-752782BF0BC4}] => (Allow) C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{6E52F4DD-1DB8-41B7-9EF9-C1720B1071EB}] => (Allow) C:\Program Files\StarMoney 7.0\app\StarMoney.exe
FirewallRules: [{F450EACA-F7F1-4C16-A862-CF5650E61586}] => (Allow) C:\Program Files\StarMoney 7.0\app\StarMoney.exe
FirewallRules: [{61D8180E-69E0-44D0-9825-CC55CF9E77C6}] => (Allow) C:\Users\Günter Meier\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4A8ADBAB-8CB2-412F-9430-A58A7062D98A}] => (Allow) C:\Users\Günter Meier\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7ED9393A-D714-4C67-9066-BF5760279FD2}] => (Allow) C:\Windows\Temp\IMInstaller\incredimail_installer.exe
FirewallRules: [{2B44D336-9058-41C8-A627-DC2FDDC1806E}] => (Allow) C:\Windows\Temp\IMInstaller\incredimail_installer.exe
FirewallRules: [{80368D74-E7DB-4F7D-9F02-FE106A76A00C}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{A79CA6CC-A682-419D-89DB-DAFEC93D724D}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{FA0986BF-4915-4DED-8AA2-F7586A6F7D5F}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{B17CA17F-6034-4B49-8DB8-0FEADF7E93F0}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{AF7D77F4-EE2A-42EB-8D13-DE4BAA176B5C}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{8839229D-A821-4495-B79D-C6C553E3B29B}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{AD490351-CD10-40EA-BEDE-0B79B2C331DC}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{1D8D05B8-D46B-4950-A9EA-85D92F3AC71E}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{426AFD31-A30C-4BF1-9A5A-F7DBC1566220}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5CC9264A-17A9-4A6D-9838-E6D64973F460}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{FA888CC4-0283-403E-AE44-9D88A46A0B0F}] => (Allow) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{BCB71965-94DE-47A3-A9D1-C5C6D2D725D6}] => (Allow) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{1861CF61-4EE2-419C-A3AC-45A526472F52}] => (Allow) C:\Program Files\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{9B399FA5-CE50-4C73-9E33-32D5720D2CC2}] => (Allow) C:\Program Files\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{44117AEF-EC60-4924-8622-141C42DBFD8C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1B8582D3-9153-4A84-81D8-2E2FA904916A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6DC934A1-CABE-47C3-BBDB-E667D26D3764}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7C5467E3-0AB4-4B05-BFC8-814A14D88C16}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2E237F61-D6B4-483C-8DC3-5C4AAAC08574}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{113776B5-2BE7-429B-81AD-DFA7850A78F3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{45F2DD33-BBFF-4866-B9F7-8717AF298B0C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7936D596-1165-4FC0-9D83-E8E564CCA25E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FFE1557E-0267-4A9F-A333-F610BFFFF2BF}] => (Allow) C:\Program Files\Deutsche Telekom AG\Browser 7\Browser7.exe
FirewallRules: [{B72C2DE3-F7AA-4039-AEA3-8BB23726543C}] => (Allow) C:\Program Files\Deutsche Telekom AG\Browser 7\Browser7.exe
FirewallRules: [{0499696A-7CFA-4E00-828B-6676988C9DDB}] => (Allow) C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{CA378E91-2269-4F8E-BACA-3192532B1733}] => (Allow) C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{4E1E623C-3507-4E41-9191-EF317A05B33E}] => (Allow) C:\Program Files\StarMoney 10\app\StarMoney.exe
FirewallRules: [{1C0E5D20-0F39-4ED0-9D73-DF44A2AFC3A5}] => (Allow) C:\Program Files\StarMoney 10\app\StarMoney.exe
FirewallRules: [{D998154B-4F5B-4463-BCAC-F41B4C4A1B74}] => (Allow) C:\Program Files\simplitec\simplifast\PowerSuite.exe
FirewallRules: [{5F41C9C5-062A-4596-97B6-DFBBC6F0DC27}] => (Allow) C:\Program Files\simplitec\simplifast\PowerSuite.exe
FirewallRules: [{7D72ECE0-A4AC-4AFD-ADFA-3227298E9BC1}] => (Allow) C:\Program Files\simplitec\simplifast\ServiceProvider.exe
FirewallRules: [{603A4EB2-8FEA-47A0-BEBD-5A84320106B6}] => (Allow) C:\Program Files\simplitec\simplifast\ServiceProvider.exe
FirewallRules: [{BD375068-A645-4810-A32E-ABD60014A60E}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\PowerSuite.exe
FirewallRules: [{9FEE394B-0061-4D96-A2E2-76639C645CA1}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\PowerSuite.exe
FirewallRules: [{5DE97CF7-47B0-481A-97A9-687C8F0A499E}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{1414BB0A-2983-49C1-9CA9-D75704B9C143}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{7370E5AC-5D97-4D83-B08C-5670587B2597}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{88FA3FBE-7657-42DB-82D2-DED836237376}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{782E3989-2D24-41B6-BB25-C48C3B5A2CC2}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{61AEEFA5-E66E-410B-8EB3-C8D9EC32B8B4}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{9FD6D478-AA5F-4ACD-80D1-AEA25B738887}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{72A6D150-1990-4F46-A338-7AA7CC7D3EDC}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{E8ABAB9E-FE3C-41CF-9CEA-4ADBF486523C}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/18/2015 06:49:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Browser7.exe, Version: 39.0.3.5700, Zeitstempel: 0x55c88cd2
Name des fehlerhaften Moduls: xul.dll, Version: 39.0.3.5700, Zeitstempel: 0x55c88e9c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00b1ba22
ID des fehlerhaften Prozesses: 0xecc
Startzeit der fehlerhaften Anwendung: 0xBrowser7.exe0
Pfad der fehlerhaften Anwendung: Browser7.exe1
Pfad des fehlerhaften Moduls: Browser7.exe2
Berichtskennung: Browser7.exe3
Error: (10/17/2015 05:32:25 PM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Can not connect to Process Manager (0)
Error: (10/17/2015 03:47:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: GÜNTER-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6500}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (10/17/2015 02:00:47 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR missing /Name: option
Error: (10/17/2015 02:00:47 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR CFG File; none found
Error: (10/17/2015 02:00:47 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR Multistring not found: RegDefragNT.exe
Error: (10/17/2015 02:00:22 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR missing /Name: option
Error: (10/17/2015 02:00:22 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR CFG File; none found
Error: (10/17/2015 02:00:22 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR Multistring not found: RegDefragNT.exe
Error: (10/17/2015 02:00:07 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR missing /Name: option
Systemfehler:
=============
Error: (10/20/2015 04:07:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "G Data Personal Firewall" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/20/2015 04:07:59 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053GDFwSvc-Service{1DED95CA-C567-464A-B405-087EDDF0B095}
Error: (10/20/2015 04:07:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst G Data Personal Firewall erreicht.
Error: (10/18/2015 05:54:30 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.SCM Microsystems Inc. SCR33x USB Smart Card Reader 00x31200012 00 0a 20
Error: (10/18/2015 05:54:30 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.SCM Microsystems Inc. SCR33x USB Smart Card Reader 00x31200012 00 0a 20
Error: (10/18/2015 05:51:56 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.SCM Microsystems Inc. SCR33x USB Smart Card Reader 00x31200012 00 0a 20
Error: (10/18/2015 05:51:56 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.SCM Microsystems Inc. SCR33x USB Smart Card Reader 00x31200012 00 0a 20
Error: (10/18/2015 05:44:58 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.SCM Microsystems Inc. SCR33x USB Smart Card Reader 00x31200012 00 0a 20
Error: (10/18/2015 05:44:58 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.SCM Microsystems Inc. SCR33x USB Smart Card Reader 00x31200012 00 0a 20
Error: (10/18/2015 05:15:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 18.10.2015 um 17:10:00 unerwartet heruntergefahren.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz
Prozentuale Nutzung des RAM: 43%
Installierter physikalischer RAM: 2046.49 MB
Verfügbarer physikalischer RAM: 1158.08 MB
Summe virtueller Speicher: 4092.98 MB
Verfügbarer virtueller Speicher: 2703.4 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:298.09 GB) (Free:218.35 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive e: (KINGSTON) (Removable) (Total:58.58 GB) (Free:58.44 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E7AFE7AF)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 58.6 GB) (Disk ID: C9D93779)
Partition 1: (Active) - (Size=58.6 GB) - (Type=0C)
==================== Ende vom Addition.txt ============================
|
|
20.10.2015, 16:17
| #2 |
| | Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar gmer.txt:
__________________GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-10-20 16:55:44
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000062 320820AS_____________________________ rev.AD___ 298,09GB
Running: gmer.exe; Driver: C:\Windows\TEMP\ufdiapow.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwReplaceKey + 1525 82480B55 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 824BABB2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.1 ----
.text C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe[2180] kernel32.dll!SetUnhandledExceptionFilter 76A7F5FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Threads - GMER 2.1 ----
Thread System [4:4884] AC150F2E
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\BTHPORT
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\HidBth
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@BackupContext 0x02 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@COD Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@Scans Before Out of Range 8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SCO Max Channels 2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SymbolicLinkName \??\USB#VID_0A12&PID_0001#5&19888c23&0&1#{0850302a-b344-4fda-9be9-90576b8d46f0}
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SymbolicName \??\USB#VID_0A12&PID_0001#5&19888c23&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@BackupContext 0x02 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@COD Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@Scans Before Out of Range 8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@SCO Max Channels 2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@SymbolicLinkName \??\USB#VID_0A12&PID_0001#5&19888c23&0&2#{0850302a-b344-4fda-9be9-90576b8d46f0}
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@SymbolicName \??\USB#VID_0A12&PID_0001#5&19888c23&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\BTHPORT (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@BackupContext 0x02 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@COD Type 1
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@Scans Before Out of Range 8
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SCO Max Channels 2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SymbolicLinkName \??\USB#VID_0A12&PID_0001#5&19888c23&0&1#{0850302a-b344-4fda-9be9-90576b8d46f0}
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SymbolicName \??\USB#VID_0A12&PID_0001#5&19888c23&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@BackupContext 0x02 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@COD Type 1
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@Scans Before Out of Range 8
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@SCO Max Channels 2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@SymbolicLinkName \??\USB#VID_0A12&PID_0001#5&19888c23&0&2#{0850302a-b344-4fda-9be9-90576b8d46f0}
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@SymbolicName \??\USB#VID_0A12&PID_0001#5&19888c23&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe 0x49 0x7F 0xDD 0x0B ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe 0x91 0x14 0x82 0xF5 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0x4C 0xC7 0xB5 0x22 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe 0x93 0x66 0x5C 0x5C ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Fighters\SLOW-PCfighter\UI.exe 0x42 0xCF 0xD1 0x2D ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\spool\drivers\w32x86\3\CNMXPVAV.EXE 0xAC 0xEE 0x56 0x42 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\ehome\ehshell.exe 0xAC 0xB4 0x34 0x51 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\ehome\ehrec.exe 0x96 0x93 0x20 0x58 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 0xB9 0xD7 0x34 0x4B ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\CompatTel\wicainventory.exe 0x37 0xC9 0x01 0x55 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rundll32.exe 0x81 0x81 0x22 0xD8 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe 0xB6 0xE9 0xFB 0x0F ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xC8 0x6E 0xF0 0x23 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe 0x36 0xA6 0xDA 0xFD ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\GWX\GWXConfigManager.exe 0x11 0x11 0x5D 0xAF ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\StarMoney 10\app\StarMoney.exe 0x49 0x55 0x71 0xC4 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\aitstatic.exe 0xD9 0x45 0xE1 0xAE ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@EE6EFC6B 5529
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PowerTracker\Data\2015-10-20@AC_MonitorOn_Duration 0x47 0x04 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PowerTracker\Data\2015-10-20@AC_MonitorOff_Duration 0x01 0x00 0x00 0x00 ...
---- EOF - GMER 2.1 ----
Während des GMER Laufs gab es mehrmals diese Fehlermeldung:  Nur "Abbrechen" hat funktioniert, musste ich jeweils ein paarmal Klicken, dann hat er weitergemacht. Vielen Dank im Voraus für die Unterstützung, Tom Geändert von tb87 (20.10.2015 um 16:19 Uhr) Grund: rm recursive code |
|
20.10.2015, 17:03
| #3 |
| /// the machine /// TB-Ausbilder    | Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
20.10.2015, 19:18
| #4 |
| | Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar Hallo Schrauber, Danke fürs Zeit nehmen! Malwarebytes Anti-Rootkit meint: "Congratulations, no cleanup is required! Scan finished, No malware found!" mbar.log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2015.10.20.05
rootkit: v2015.10.16.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.18059
Günter Meier :: GÜNTER-PC [administrator]
20.10.2015 19:19:54
mbar-log-2015-10-20 (19-19-54).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 370268
Time elapsed: 44 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 20:08:51.0162 0x17c0 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
20:08:56.0045 0x17c0 ============================================================
20:08:56.0045 0x17c0 Current date / time: 2015/10/20 20:08:56.0045
20:08:56.0045 0x17c0 SystemInfo:
20:08:56.0045 0x17c0
20:08:56.0045 0x17c0 OS Version: 6.1.7601 ServicePack: 1.0
20:08:56.0045 0x17c0 Product type: Workstation
20:08:56.0045 0x17c0 ComputerName: GÜNTER-PC
20:08:56.0045 0x17c0 UserName: Günter Riewesel
20:08:56.0045 0x17c0 Windows directory: C:\Windows
20:08:56.0045 0x17c0 System windows directory: C:\Windows
20:08:56.0045 0x17c0 Processor architecture: Intel x86
20:08:56.0045 0x17c0 Number of processors: 2
20:08:56.0045 0x17c0 Page size: 0x1000
20:08:56.0045 0x17c0 Boot type: Normal boot
20:08:56.0045 0x17c0 ============================================================
20:08:56.0248 0x17c0 KLMD registered as C:\Windows\system32\drivers\38436213.sys
20:08:56.0653 0x17c0 System UUID: {D512EFEF-81EA-3B1B-B267-B0F8D94770F2}
20:08:57.0231 0x17c0 !crdlk
20:08:57.0246 0x17c0 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:08:57.0371 0x17c0 Drive \Device\Harddisk5\DR5 - Size: 0xEA7140000 ( 58.61 Gb ), SectorSize: 0x200, Cylinders: 0x1DE3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:08:57.0371 0x17c0 ============================================================
20:08:57.0371 0x17c0 \Device\Harddisk0\DR0:
20:08:57.0387 0x17c0 MBR partitions:
20:08:57.0387 0x17c0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
20:08:57.0387 0x17c0 \Device\Harddisk5\DR5:
20:08:57.0387 0x17c0 MBR partitions:
20:08:57.0387 0x17c0 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x7536A80
20:08:57.0387 0x17c0 ============================================================
20:08:57.0433 0x17c0 C: <-> \Device\Harddisk0\DR0\Partition1
20:08:57.0433 0x17c0 ============================================================
20:08:57.0433 0x17c0 Initialize success
20:08:57.0433 0x17c0 ============================================================
20:09:45.0606 0x1260 ============================================================
20:09:45.0606 0x1260 Scan started
20:09:45.0606 0x1260 Mode: Manual; SigCheck; TDLFS;
20:09:45.0606 0x1260 ============================================================
20:09:45.0606 0x1260 KSN ping started
20:09:45.0825 0x1260 KSN ping finished: false
20:09:46.0511 0x1260 ================ Scan system memory ========================
20:09:46.0511 0x1260 System memory - ok
20:09:46.0511 0x1260 ================ Scan services =============================
20:09:46.0714 0x1260 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:09:46.0995 0x1260 1394ohci - ok
20:09:47.0073 0x1260 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:09:47.0119 0x1260 ACPI - ok
20:09:47.0151 0x1260 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:09:47.0213 0x1260 AcpiPmi - ok
20:09:47.0260 0x1260 [ 18214C7B97AE093A6631A2FBA4129F68, 60081E3BB2AEFBE08D1DC3035B7BAD3EF60EAF66256E5ABEAE07EAD9DEF78B8F ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
20:09:47.0322 0x1260 ADIHdAudAddService - ok
20:09:47.0478 0x1260 [ F6CEFEF46986DE02A3AE5D93AE32B5DC, 903EC5A7B40F4F6B2F3378EFFE8DF28667B88061CDF681C44F2E4FE39B62959E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:09:47.0509 0x1260 AdobeARMservice - ok
20:09:47.0619 0x1260 [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:09:47.0650 0x1260 AdobeFlashPlayerUpdateSvc - ok
20:09:47.0712 0x1260 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:09:47.0775 0x1260 adp94xx - ok
20:09:47.0821 0x1260 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:09:47.0853 0x1260 adpahci - ok
20:09:47.0899 0x1260 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:09:47.0931 0x1260 adpu320 - ok
20:09:47.0993 0x1260 [ 12E6A172D72AFC626727B8635DD17E39, 33B3D109C39DF6EA86AFC3C89A93657906E981D3D22FF854401BC7326990CC08 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:09:48.0040 0x1260 AeLookupSvc - ok
20:09:48.0102 0x1260 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
20:09:48.0180 0x1260 AFD - ok
20:09:48.0243 0x1260 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:09:48.0274 0x1260 agp440 - ok
20:09:48.0321 0x1260 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:09:48.0352 0x1260 aic78xx - ok
20:09:48.0414 0x1260 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
20:09:48.0461 0x1260 ALG - ok
20:09:48.0508 0x1260 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
20:09:48.0539 0x1260 aliide - ok
20:09:48.0555 0x1260 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:09:48.0586 0x1260 amdagp - ok
20:09:48.0601 0x1260 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
20:09:48.0633 0x1260 amdide - ok
20:09:48.0695 0x1260 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:09:48.0742 0x1260 AmdK8 - ok
20:09:48.0757 0x1260 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:09:48.0804 0x1260 AmdPPM - ok
20:09:48.0835 0x1260 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:09:48.0867 0x1260 amdsata - ok
20:09:48.0913 0x1260 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:09:48.0960 0x1260 amdsbs - ok
20:09:48.0991 0x1260 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:09:49.0007 0x1260 amdxata - ok
20:09:49.0069 0x1260 [ FE4F2ADE5DBB3B888E9EB0A1FBA1F152, B17053A912C73835A2E80176D79885B530E15240B988125114B6B877C903D61C ] AppID C:\Windows\system32\drivers\appid.sys
20:09:49.0116 0x1260 AppID - ok
20:09:49.0147 0x1260 [ A4DA304773AC1396792C5DE1D1EB601A, ECD23FF67FB1C4B94DBE23F6724E2DA0917CE0E479DE9C9F790A8635A2234950 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:09:49.0194 0x1260 AppIDSvc - ok
20:09:49.0241 0x1260 [ 133A7896E643D139443B47FDBFA327C7, 371FC602B531DF1EFDCEEC3A2F5497A0D0BE7F558B0583F572862C69A65BD454 ] Appinfo C:\Windows\System32\appinfo.dll
20:09:49.0303 0x1260 Appinfo - ok
20:09:49.0350 0x1260 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:09:49.0381 0x1260 arc - ok
20:09:49.0397 0x1260 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:09:49.0428 0x1260 arcsas - ok
20:09:49.0553 0x1260 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:09:49.0584 0x1260 aspnet_state - ok
20:09:49.0647 0x1260 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:09:49.0725 0x1260 AsyncMac - ok
20:09:49.0787 0x1260 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
20:09:49.0834 0x1260 atapi - ok
20:09:49.0896 0x1260 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:09:49.0990 0x1260 AudioEndpointBuilder - ok
20:09:50.0037 0x1260 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:09:50.0083 0x1260 Audiosrv - ok
20:09:50.0333 0x1260 [ 6CC48A2B2A2A52FACC19259E5B304590, 3010BFD6310EDCEA34BDBFE57E92FE67A3358496F6F694B2A34E393531955621 ] AVKProxy C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
20:09:50.0489 0x1260 AVKProxy - ok
20:09:50.0661 0x1260 [ BCC79D1E0605ABE4B58A9DEE696982A5, 7619EDBB1ABEE4A1B3476D42BCD718876C5BE7F7A4B972414D45F2540F17C665 ] AVKService C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
20:09:50.0723 0x1260 AVKService - ok
20:09:50.0926 0x1260 [ 356CDC46C154922B2D8B9575E368FE72, C936E6D7A062C979D4F72E2D5BC1BC67EFD137E689A4BD79E6FBB2AE44EB20D4 ] AVKWCtl C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
20:09:51.0113 0x1260 AVKWCtl - ok
20:09:51.0191 0x1260 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:09:51.0238 0x1260 AxInstSV - ok
20:09:51.0300 0x1260 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:09:51.0378 0x1260 b06bdrv - ok
20:09:51.0425 0x1260 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:09:51.0472 0x1260 b57nd60x - ok
20:09:51.0534 0x1260 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
20:09:51.0581 0x1260 BDESVC - ok
20:09:51.0612 0x1260 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
20:09:51.0706 0x1260 Beep - ok
20:09:51.0768 0x1260 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
20:09:51.0846 0x1260 BFE - ok
20:09:51.0909 0x1260 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
20:09:52.0033 0x1260 BITS - ok
20:09:52.0065 0x1260 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:09:52.0096 0x1260 blbdrive - ok
20:09:52.0174 0x1260 [ 73686FE0B2E0469F89FD2075BE724704, 4BC5BBA7ACB5BDA77251B82B9CF16C6A9EBBCC29760860A0F37ABDDF9288143F ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:09:52.0205 0x1260 Bonjour Service - detected UnsignedFile.Multi.Generic ( 1 )
20:09:52.0345 0x1260 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
20:09:52.0377 0x1260 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:09:52.0408 0x1260 bowser - ok
20:09:52.0423 0x1260 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:09:52.0470 0x1260 BrFiltLo - ok
20:09:52.0517 0x1260 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:09:52.0548 0x1260 BrFiltUp - ok
20:09:52.0595 0x1260 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
20:09:52.0657 0x1260 Browser - ok
20:09:52.0751 0x1260 [ 1074AF83E1EB80D4C6C813DB7FD63653, C264E4E542292E90BD0699D8C91AE5D93C17581100F4C7AFF1DC94CD330E89B8 ] Browser7Maintenance C:\Program Files\Browser 7 Maintenance Service\maintenanceservice.exe
20:09:52.0782 0x1260 Browser7Maintenance - ok
20:09:52.0829 0x1260 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:09:52.0891 0x1260 Brserid - ok
20:09:52.0938 0x1260 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:09:53.0001 0x1260 BrSerWdm - ok
20:09:53.0032 0x1260 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:09:53.0063 0x1260 BrUsbMdm - ok
20:09:53.0079 0x1260 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:09:53.0125 0x1260 BrUsbSer - ok
20:09:53.0157 0x1260 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:09:53.0203 0x1260 BTHMODEM - ok
20:09:53.0235 0x1260 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
20:09:53.0313 0x1260 bthserv - ok
20:09:53.0359 0x1260 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:09:53.0437 0x1260 cdfs - ok
20:09:53.0500 0x1260 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:09:53.0547 0x1260 cdrom - ok
20:09:53.0593 0x1260 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
20:09:53.0671 0x1260 CertPropSvc - ok
20:09:53.0703 0x1260 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:09:53.0749 0x1260 circlass - ok
20:09:53.0796 0x1260 [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS C:\Windows\system32\CLFS.sys
20:09:53.0843 0x1260 CLFS - ok
20:09:53.0921 0x1260 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:09:53.0952 0x1260 clr_optimization_v2.0.50727_32 - ok
20:09:53.0999 0x1260 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:09:54.0046 0x1260 clr_optimization_v4.0.30319_32 - ok
20:09:54.0077 0x1260 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:09:54.0124 0x1260 CmBatt - ok
20:09:54.0155 0x1260 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:09:54.0186 0x1260 cmdide - ok
20:09:54.0249 0x1260 [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG C:\Windows\system32\Drivers\cng.sys
20:09:54.0311 0x1260 CNG - ok
20:09:54.0342 0x1260 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:09:54.0373 0x1260 Compbatt - ok
20:09:54.0436 0x1260 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:09:54.0467 0x1260 CompositeBus - ok
20:09:54.0498 0x1260 COMSysApp - ok
20:09:54.0529 0x1260 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:09:54.0561 0x1260 crcdisk - ok
20:09:54.0607 0x1260 [ 33F67BBCC3C0499D3F3382473114CFA8, FDDCC41CE005B7C1BEBB6F4ACA9A3F10E5972792ADFD7D294E70A0B781460981 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:09:54.0670 0x1260 CryptSvc - ok
20:09:54.0732 0x1260 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
20:09:54.0810 0x1260 DcomLaunch - ok
20:09:54.0857 0x1260 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
20:09:54.0935 0x1260 defragsvc - ok
20:09:54.0982 0x1260 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:09:55.0060 0x1260 DfsC - ok
20:09:55.0122 0x1260 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:09:55.0200 0x1260 Dhcp - ok
20:09:55.0309 0x1260 [ 0A3386E3CF9C5D089D695AC5A35F4C6F, D610071493EB95FCE39E24C457A0B5BBA131193159E43FDC1E8EDABB9C7AB81A ] DiagTrack C:\Windows\system32\diagtrack.dll
20:09:55.0419 0x1260 DiagTrack - ok
20:09:55.0450 0x1260 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
20:09:55.0512 0x1260 discache - ok
20:09:55.0559 0x1260 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:09:55.0590 0x1260 Disk - ok
20:09:55.0637 0x1260 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:09:55.0684 0x1260 Dnscache - ok
20:09:55.0731 0x1260 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
20:09:55.0809 0x1260 dot3svc - ok
20:09:55.0855 0x1260 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
20:09:55.0949 0x1260 DPS - ok
20:09:55.0996 0x1260 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:09:56.0027 0x1260 drmkaud - ok
20:09:56.0105 0x1260 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:09:56.0199 0x1260 DXGKrnl - ok
20:09:56.0230 0x1260 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
20:09:56.0308 0x1260 EapHost - ok
20:09:56.0495 0x1260 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:09:56.0745 0x1260 ebdrv - ok
20:09:56.0791 0x1260 [ 7D67B4D677A15B1A363D5BD8201B533D, B40C64C99632B988E3AAFB1FAAF2826EE0466B90F74C541C02E0668C9150F45B ] EFS C:\Windows\System32\lsass.exe
20:09:56.0823 0x1260 EFS - ok
20:09:56.0901 0x1260 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:09:56.0963 0x1260 ehRecvr - ok
20:09:56.0994 0x1260 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
20:09:57.0057 0x1260 ehSched - ok
20:09:57.0103 0x1260 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:09:57.0166 0x1260 elxstor - ok
20:09:57.0197 0x1260 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:09:57.0244 0x1260 ErrDev - ok
20:09:57.0306 0x1260 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
20:09:57.0400 0x1260 EventSystem - ok
20:09:57.0415 0x1260 ewusbnet - ok
20:09:57.0447 0x1260 ew_hwusbdev - ok
20:09:57.0493 0x1260 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
20:09:57.0587 0x1260 exfat - ok
20:09:57.0618 0x1260 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:09:57.0681 0x1260 fastfat - ok
20:09:57.0759 0x1260 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
20:09:57.0821 0x1260 Fax - ok
20:09:57.0868 0x1260 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:09:57.0915 0x1260 fdc - ok
20:09:57.0946 0x1260 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
20:09:58.0008 0x1260 fdPHost - ok
20:09:58.0039 0x1260 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
20:09:58.0117 0x1260 FDResPub - ok
20:09:58.0133 0x1260 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:09:58.0164 0x1260 FileInfo - ok
20:09:58.0180 0x1260 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:09:58.0258 0x1260 Filetrace - ok
20:09:58.0336 0x1260 [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:09:58.0383 0x1260 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
20:09:58.0383 0x1260 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:09:58.0414 0x1260 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:09:58.0461 0x1260 flpydisk - ok
20:09:58.0507 0x1260 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:09:58.0539 0x1260 FltMgr - ok
20:09:58.0632 0x1260 [ 37DE123FE4276D8EC7F3C5B10C236238, 93CA47B9A96D904DD177FC0E04DECDF13756C8FA3C7613913DB4BF29A70ECE96 ] FontCache C:\Windows\system32\FntCache.dll
20:09:58.0726 0x1260 FontCache - ok
20:09:58.0788 0x1260 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:09:58.0819 0x1260 FontCache3.0.0.0 - ok
20:09:58.0866 0x1260 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:09:58.0897 0x1260 FsDepends - ok
20:09:58.0913 0x1260 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:09:58.0944 0x1260 Fs_Rec - ok
20:09:59.0007 0x1260 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:09:59.0053 0x1260 fvevol - ok
20:09:59.0100 0x1260 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:09:59.0131 0x1260 gagp30kx - ok
20:09:59.0209 0x1260 [ ED45E9A16610562C5A727715B4346404, A25C31EE37398066140D7195DB2E0809989AE209E5E4D765F48B412388332984 ] GDBehave C:\Windows\system32\drivers\GDBehave.sys
20:09:59.0241 0x1260 GDBehave - ok
20:09:59.0443 0x1260 [ 0D625E2F0EB33A98051D07C74DFA0340, B4C6747BC6603E7B3DAB0FB4EFDA2A71F51A3F9AA29F6AE5E3D7372C330B0348 ] GDFwSvc C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
20:09:59.0599 0x1260 GDFwSvc - ok
20:09:59.0662 0x1260 [ 6322B54A21D32432FEAED1F8477D3399, 2A486063E1E8A248D25857E9614275A6792DC7B64AD4BA52BE9432CB6C364668 ] GDKBB C:\Windows\system32\drivers\GDKBB32.sys
20:09:59.0693 0x1260 GDKBB - ok
20:09:59.0755 0x1260 [ 0A68BE0CAA1DA360A5FDD4B6AD24A5F6, 0F31F4E2928CC8BEC663E92DAD466A569DE30964F3F04A0E5A2CDDA6DBCFDF4D ] GDKBFlt C:\Windows\system32\drivers\GDKBFlt32.sys
20:09:59.0787 0x1260 GDKBFlt - ok
20:09:59.0833 0x1260 [ 40BE38547E3F53E04F26DB375DB1227D, 6B91A805C9C39A64C7DC667AFC4F3D53749DADA756F508904A92A123F4029782 ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys
20:09:59.0865 0x1260 GDMnIcpt - ok
20:09:59.0943 0x1260 [ A7757940B3380343B378B5A1E7FBEF16, 7185FA497CE3BC546B9888E95168C2CC4FB5FC9A28EA101EBC6336EF7889CF6B ] GdNetMon C:\Windows\system32\drivers\GdNetMon32.sys
20:09:59.0974 0x1260 GdNetMon - ok
20:10:00.0021 0x1260 [ 446FBDA0218AB95442365DA74BBD5201, D137558A02A4910E913A166974E3FCBCA6F26F242B739771474CC022FCE45999 ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
20:10:00.0067 0x1260 GDPkIcpt - ok
20:10:00.0177 0x1260 [ 2FC204FF990827303D9184B390F5C15E, A194ACE75ADD2E105C1C5555621A2E4292617C37BA17070F88D4CA56B24D9291 ] GDScan C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
20:10:00.0239 0x1260 GDScan - ok
20:10:00.0301 0x1260 [ A0775BDDD8B45D200C8B9B06DC0E304A, 11DFF8E9EC74C57C74AC81800611EE019E90104BF7F58599C8A1BF91E127B577 ] gdwfpcd C:\Windows\system32\drivers\gdwfpcd32.sys
20:10:00.0333 0x1260 gdwfpcd - ok
20:10:00.0364 0x1260 [ 5DC17164F66380CBFEFD895C18467773, E1174E0F95E9F343528162EFF5D4BA60C68477353FC6BDA61C19134687F50906 ] GEARAspiWDM C:\Windows\system32\drivers\GEARAspiWDM.sys
20:10:00.0395 0x1260 GEARAspiWDM - ok
20:10:00.0457 0x1260 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
20:10:00.0551 0x1260 gpsvc - ok
20:10:00.0613 0x1260 [ DE640BC12C11DE49CE3392161AD4E64D, CD291205D8997DABD7154A5170B1D1A15E2B243270AD018F01864090DFFFBE24 ] GRD C:\Windows\system32\drivers\GRD.sys
20:10:00.0645 0x1260 GRD - ok
20:10:00.0769 0x1260 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:10:00.0801 0x1260 gupdate - ok
20:10:00.0847 0x1260 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:10:00.0879 0x1260 gupdatem - ok
20:10:00.0910 0x1260 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:10:00.0972 0x1260 hcw85cir - ok
20:10:01.0019 0x1260 [ B40C06B5438716366F2CA6239A741F39, 2608DF7350D756346FA54C5938DD6A2FFC67065F7C6DB1E070F2FD7016D07A25 ] HCW88AUD C:\Windows\system32\drivers\hcw88aud.sys
20:10:01.0050 0x1260 HCW88AUD - ok
20:10:01.0113 0x1260 [ 6C85512C2B958B2D0E82814915390050, 1FB1723835C5B048FC971D46C4EE8DE3E06D05D34081AE594A3921609BB422FE ] HCW88BDA C:\Windows\system32\drivers\hcw88bda.sys
20:10:01.0175 0x1260 HCW88BDA - ok
20:10:01.0222 0x1260 [ D1B38599F3678F536EB61406F4F0DA6D, A6E5DF2774E4F2F1B0491B0CBF16189C3652D707BD1B0BE3A6B0B9CF83EA655E ] HCW88TSE C:\Windows\system32\drivers\hcw88tse.sys
20:10:01.0284 0x1260 HCW88TSE - ok
20:10:01.0331 0x1260 [ 36BAA5ACE16BB31E2B0BFAF551AC9786, 40C3063316D29AC64BE63C066A1AF410958063E649866525CB675393FA4BEC05 ] HCW88TUNE C:\Windows\system32\drivers\hcw88tun.sys
20:10:01.0362 0x1260 HCW88TUNE - ok
20:10:01.0409 0x1260 [ 2688CD88B87E0F5996ED4330E42D344A, 1B84C11EF3895BF81EC4CADA6038A55760B7D063119541B5B35D4649ABF5ACE9 ] hcw88vid C:\Windows\system32\drivers\hcw88vid.sys
20:10:01.0487 0x1260 hcw88vid - ok
20:10:01.0518 0x1260 [ 462F10C8B88CDDEB2FDAA47FA34793BB, 4A0DBF7CE5211C5C483AA94F07699E7DC5AC48E2E8CC52EFFDC0003982F475F8 ] HCW88XBAR C:\Windows\system32\drivers\HCW88BAR.sys
20:10:01.0565 0x1260 HCW88XBAR - ok
20:10:01.0627 0x1260 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:10:01.0674 0x1260 HdAudAddService - ok
20:10:01.0721 0x1260 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:10:01.0783 0x1260 HDAudBus - ok
20:10:01.0815 0x1260 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:10:01.0861 0x1260 HidBatt - ok
20:10:01.0893 0x1260 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:10:01.0955 0x1260 HidBth - ok
20:10:01.0986 0x1260 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:10:02.0049 0x1260 HidIr - ok
20:10:02.0080 0x1260 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
20:10:02.0127 0x1260 hidserv - ok
20:10:02.0189 0x1260 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:10:02.0220 0x1260 HidUsb - ok
20:10:02.0251 0x1260 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
20:10:02.0329 0x1260 hkmsvc - ok
20:10:02.0376 0x1260 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:10:02.0423 0x1260 HomeGroupListener - ok
20:10:02.0454 0x1260 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:10:02.0501 0x1260 HomeGroupProvider - ok
20:10:02.0548 0x1260 [ 965DF80FA281AEEB3487F75372F07468, 592752CA4C7B892F4448F821CCEE4EBDAC4C180A8A5417C14536138C1F65EBF4 ] HookCentre C:\Windows\system32\drivers\HookCentre.sys
20:10:02.0579 0x1260 HookCentre - ok
20:10:02.0641 0x1260 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:10:02.0673 0x1260 HpSAMD - ok
20:10:02.0719 0x1260 [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:10:02.0766 0x1260 HTTP - ok
20:10:02.0813 0x1260 hwdatacard - ok
20:10:02.0844 0x1260 [ 448BB2FE30F1DDE9EAA4F0E87B52B687, 4CE66D5C6440C402FAD1C8E60F41352AFF01BBA680E66C4822CCCE8244A0E32B ] hwinterface C:\Windows\system32\Drivers\hwinterface.sys
20:10:02.0875 0x1260 hwinterface - detected UnsignedFile.Multi.Generic ( 1 )
20:10:02.0875 0x1260 hwinterface ( UnsignedFile.Multi.Generic ) - warning
20:10:02.0922 0x1260 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:10:02.0938 0x1260 hwpolicy - ok
20:10:02.0985 0x1260 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:10:03.0031 0x1260 i8042prt - ok
20:10:03.0094 0x1260 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:10:03.0156 0x1260 iaStorV - ok
20:10:03.0203 0x1260 [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:10:03.0234 0x1260 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
20:10:03.0234 0x1260 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:10:03.0328 0x1260 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:10:03.0406 0x1260 idsvc - ok
20:10:03.0453 0x1260 IEEtwCollectorService - ok
20:10:03.0484 0x1260 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:10:03.0515 0x1260 iirsp - ok
20:10:03.0593 0x1260 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
20:10:03.0687 0x1260 IKEEXT - ok
20:10:03.0749 0x1260 [ D6782400E92C62ED2BF3AF8ED4753738, F393DED20A7F3E53BEBD832CD3158B539879B7E7E9DA3F94D64215072A5B050E ] InputFilter_Hid_FlexDef2b C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys
20:10:03.0765 0x1260 InputFilter_Hid_FlexDef2b - ok
20:10:03.0811 0x1260 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
20:10:03.0827 0x1260 intelide - ok
20:10:03.0889 0x1260 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:10:03.0936 0x1260 intelppm - ok
20:10:03.0967 0x1260 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:10:04.0045 0x1260 IPBusEnum - ok
20:10:04.0077 0x1260 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:10:04.0123 0x1260 IpFilterDriver - ok
20:10:04.0201 0x1260 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:10:04.0264 0x1260 iphlpsvc - ok
20:10:04.0295 0x1260 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:10:04.0342 0x1260 IPMIDRV - ok
20:10:04.0389 0x1260 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:10:04.0451 0x1260 IPNAT - ok
20:10:04.0498 0x1260 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:10:04.0545 0x1260 IRENUM - ok
20:10:04.0591 0x1260 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:10:04.0623 0x1260 isapnp - ok
20:10:04.0654 0x1260 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:10:04.0701 0x1260 iScsiPrt - ok
20:10:04.0747 0x1260 [ 92F8EFB088E617C17670E8C3F923180D, 50113A4666A648DA3872F7AEEC736AD1F6B7CD86FD07AB765FFC229CFD8B03EE ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
20:10:04.0794 0x1260 JRAID - ok
20:10:04.0841 0x1260 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:10:04.0872 0x1260 kbdclass - ok
20:10:04.0919 0x1260 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:10:04.0966 0x1260 kbdhid - ok
20:10:04.0981 0x1260 [ 7D67B4D677A15B1A363D5BD8201B533D, B40C64C99632B988E3AAFB1FAAF2826EE0466B90F74C541C02E0668C9150F45B ] KeyIso C:\Windows\system32\lsass.exe
20:10:05.0028 0x1260 KeyIso - ok
20:10:05.0075 0x1260 [ 4476FE98AAF505ACDCD3EE6360AABEC1, 1573C5B9F1B12FEEE6D771AFF8969FB9D06878B1E0BECCD4AF13DA9F194FB256 ] KMWDFILTERx86 C:\Windows\system32\DRIVERS\KMWDFILTER.sys
20:10:05.0091 0x1260 KMWDFILTERx86 - ok
20:10:05.0137 0x1260 [ AFBAF1FD434B1C0AFE6EE6DE3066A0F1, 60CB5D4786A036898E813849D74204A2486F30C8D7B0C843F9544FDFBB2EC532 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:10:05.0169 0x1260 KSecDD - ok
20:10:05.0200 0x1260 [ F6A2B372BED88AF01383739F5280D961, 306061B94027D6544D1DECAB70663C427E091CC8D5EAAF920B3CDBAB7F2C1CFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:10:05.0247 0x1260 KSecPkg - ok
20:10:05.0278 0x1260 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:10:05.0371 0x1260 KtmRm - ok
20:10:05.0434 0x1260 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:10:05.0512 0x1260 LanmanServer - ok
20:10:05.0559 0x1260 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:10:05.0621 0x1260 LanmanWorkstation - ok
20:10:05.0668 0x1260 [ 559C9B7800FAC92FC515CD0003D7C631, 1A2C2C3C8E1B862224267462EA3A3BE5A02FE3D0626B292A663CB1EBC8A1B2C5 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:10:05.0699 0x1260 LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
20:10:05.0699 0x1260 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:10:05.0761 0x1260 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:10:05.0839 0x1260 lltdio - ok
20:10:05.0871 0x1260 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:10:05.0964 0x1260 lltdsvc - ok
20:10:05.0995 0x1260 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:10:06.0058 0x1260 lmhosts - ok
20:10:06.0105 0x1260 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:10:06.0136 0x1260 LSI_FC - ok
20:10:06.0167 0x1260 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:10:06.0198 0x1260 LSI_SAS - ok
20:10:06.0229 0x1260 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:10:06.0261 0x1260 LSI_SAS2 - ok
20:10:06.0292 0x1260 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:10:06.0323 0x1260 LSI_SCSI - ok
20:10:06.0354 0x1260 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
20:10:06.0432 0x1260 luafv - ok
20:10:06.0463 0x1260 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:10:06.0495 0x1260 Mcx2Svc - ok
20:10:06.0526 0x1260 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:10:06.0557 0x1260 megasas - ok
20:10:06.0604 0x1260 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:10:06.0651 0x1260 MegaSR - ok
20:10:06.0682 0x1260 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
20:10:06.0729 0x1260 MMCSS - ok
20:10:06.0760 0x1260 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
20:10:06.0822 0x1260 Modem - ok
20:10:06.0869 0x1260 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:10:06.0916 0x1260 monitor - ok
20:10:06.0978 0x1260 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:10:07.0009 0x1260 mouclass - ok
20:10:07.0072 0x1260 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:10:07.0103 0x1260 mouhid - ok
20:10:07.0134 0x1260 [ BAD9C0366134BA181514E9263C8CE606, 7976B2D3DC283ACDBC21C7D197C0E2A650E6555F6569283302766B17D736BDB8 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:10:07.0165 0x1260 mountmgr - ok
20:10:07.0181 0x1260 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
20:10:07.0228 0x1260 mpio - ok
20:10:07.0259 0x1260 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:10:07.0337 0x1260 mpsdrv - ok
20:10:07.0399 0x1260 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:10:07.0493 0x1260 MpsSvc - ok
20:10:07.0540 0x1260 [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:10:07.0602 0x1260 MRxDAV - ok
20:10:07.0633 0x1260 [ 249FE98BD066894910A32DD53C8C5D16, 5B22F7DD6ADFB0A49EC101A408407CE3B69D07A71D2A9C21D2BAD7B6DCE83A45 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:10:07.0680 0x1260 mrxsmb - ok
20:10:07.0727 0x1260 [ F9DCC39B1F4797448213725BFE4A26AC, 80BC41BAD98D0773E084BE81F13DB985F74A9FC44967295F930C3F2B3448CD7B ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:10:07.0789 0x1260 mrxsmb10 - ok
20:10:07.0805 0x1260 [ B74DE20F28B634FFD5F5F2CAE9D4ABEE, EDD405EB48C9DF546226777F0166742784203E9560229D7E76F0BAB1FB237CC9 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:10:07.0852 0x1260 mrxsmb20 - ok
20:10:07.0899 0x1260 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
20:10:07.0914 0x1260 msahci - ok
20:10:07.0961 0x1260 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:10:07.0992 0x1260 msdsm - ok
20:10:08.0023 0x1260 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
20:10:08.0086 0x1260 MSDTC - ok
20:10:08.0148 0x1260 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:10:08.0195 0x1260 Msfs - ok
20:10:08.0226 0x1260 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:10:08.0289 0x1260 mshidkmdf - ok
20:10:08.0320 0x1260 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:10:08.0351 0x1260 msisadrv - ok
20:10:08.0398 0x1260 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:10:08.0476 0x1260 MSiSCSI - ok
20:10:08.0491 0x1260 msiserver - ok
20:10:08.0538 0x1260 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:10:08.0616 0x1260 MSKSSRV - ok
20:10:08.0647 0x1260 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:10:08.0710 0x1260 MSPCLOCK - ok
20:10:08.0741 0x1260 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:10:08.0819 0x1260 MSPQM - ok
20:10:08.0850 0x1260 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:10:08.0881 0x1260 MsRPC - ok
20:10:08.0928 0x1260 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:10:08.0959 0x1260 mssmbios - ok
20:10:09.0006 0x1260 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:10:09.0069 0x1260 MSTEE - ok
20:10:09.0084 0x1260 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:10:09.0131 0x1260 MTConfig - ok
20:10:09.0178 0x1260 [ DCDAAB8697A47894A554050CE18D0B56, 32F08D9B2890DD01B56043CAB74B4D948E09E5A92B15C4F99160416B1CBEC3A0 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
20:10:09.0225 0x1260 MTsensor - ok
20:10:09.0256 0x1260 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
20:10:09.0287 0x1260 Mup - ok
20:10:09.0334 0x1260 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
20:10:09.0427 0x1260 napagent - ok
20:10:09.0490 0x1260 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:10:09.0568 0x1260 NativeWifiP - ok
20:10:09.0661 0x1260 [ B498A14133BD09AD0817590ACE4470AD, 14CCC922C6596C97A5CF580209C4AFB6138A8FFD3A0E60CD506810DFCBC43A1A ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
20:10:09.0755 0x1260 NBService - ok
20:10:09.0849 0x1260 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:10:09.0911 0x1260 NDIS - ok
20:10:09.0958 0x1260 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:10:10.0020 0x1260 NdisCap - ok
20:10:10.0051 0x1260 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:10:10.0114 0x1260 NdisTapi - ok
20:10:10.0145 0x1260 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:10:10.0192 0x1260 Ndisuio - ok
20:10:10.0239 0x1260 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:10:10.0301 0x1260 NdisWan - ok
20:10:10.0348 0x1260 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:10:10.0410 0x1260 NDProxy - ok
20:10:10.0457 0x1260 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:10:10.0504 0x1260 NetBIOS - ok
20:10:10.0551 0x1260 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:10:10.0629 0x1260 NetBT - ok
20:10:10.0660 0x1260 [ 7D67B4D677A15B1A363D5BD8201B533D, B40C64C99632B988E3AAFB1FAAF2826EE0466B90F74C541C02E0668C9150F45B ] Netlogon C:\Windows\system32\lsass.exe
20:10:10.0691 0x1260 Netlogon - ok
20:10:10.0753 0x1260 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
20:10:10.0847 0x1260 Netman - ok
20:10:10.0894 0x1260 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:10:10.0941 0x1260 NetMsmqActivator - ok
20:10:10.0987 0x1260 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:10:11.0019 0x1260 NetPipeActivator - ok
20:10:11.0081 0x1260 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
20:10:11.0175 0x1260 netprofm - ok
20:10:11.0206 0x1260 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:10:11.0237 0x1260 NetTcpActivator - ok
20:10:11.0268 0x1260 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:10:11.0299 0x1260 NetTcpPortSharing - ok
20:10:11.0362 0x1260 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:10:11.0377 0x1260 nfrd960 - ok
20:10:11.0440 0x1260 [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:10:11.0487 0x1260 NlaSvc - ok
20:10:11.0580 0x1260 [ A328A46D87BB92CE4D8A4528E9D84787, D3245ED700151111592BA82FB675B284DA7FCE52B07A7F68352F64A402CAB37C ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
20:10:11.0627 0x1260 NMIndexingService - ok
20:10:11.0643 0x1260 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:10:11.0689 0x1260 Npfs - ok
20:10:11.0736 0x1260 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
20:10:11.0799 0x1260 nsi - ok
20:10:11.0814 0x1260 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:10:11.0861 0x1260 nsiproxy - ok
20:10:11.0970 0x1260 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:10:12.0079 0x1260 Ntfs - ok
20:10:12.0111 0x1260 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
20:10:12.0189 0x1260 Null - ok
20:10:12.0251 0x1260 [ 0E40EF12BC029FF8B13043F157452C47, 289849BD47F9A0FA65225F947A5448EC9BCFADE9BC94230886729E8950F5DAD1 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
20:10:12.0282 0x1260 NVHDA - ok
20:10:12.0781 0x1260 [ B69E6F70CE1151C8D62ABC9DEF64DFBE, B7BD731D1CCF4E71EF1CF4AFA9189C1831306483B4BF57B12B89113A5230871B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:10:13.0234 0x1260 nvlddmkm - ok
20:10:13.0296 0x1260 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:10:13.0327 0x1260 nvraid - ok
20:10:13.0343 0x1260 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:10:13.0374 0x1260 nvstor - ok
20:10:13.0437 0x1260 [ E4284FCF99FEA13A7E1836F87AE356F6, 541C40DD3483810632320E8F23427BB52593D156E876C6023BE7F7A8589383E8 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:10:13.0483 0x1260 nvsvc - ok
20:10:13.0624 0x1260 [ 03E60E0BFA53ED15DC984FA34B44BB0F, 50ABF2E303B9A2B6DDD0DB411C24C3CD6CC30AFA664B5682CF9189F96548CC10 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:10:13.0717 0x1260 nvUpdatusService - ok
20:10:13.0764 0x1260 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:10:13.0811 0x1260 nv_agp - ok
20:10:13.0827 0x1260 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:10:13.0858 0x1260 ohci1394 - ok
20:10:13.0920 0x1260 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:10:13.0951 0x1260 ose - ok
20:10:14.0279 0x1260 [ EE5756BDA5BE5891270E0CC6CEC44096, EA18073EEE0F461B14C539D49A7DD91D33AB0C503236F67F70A000835FAAC890 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:10:14.0560 0x1260 osppsvc - ok
20:10:14.0653 0x1260 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:10:14.0731 0x1260 p2pimsvc - ok
20:10:14.0763 0x1260 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
20:10:14.0856 0x1260 p2psvc - ok
20:10:14.0903 0x1260 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:10:14.0950 0x1260 Parport - ok
20:10:14.0997 0x1260 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:10:15.0028 0x1260 partmgr - ok
20:10:15.0043 0x1260 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:10:15.0090 0x1260 Parvdm - ok
20:10:15.0137 0x1260 [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc C:\Windows\System32\pcasvc.dll
20:10:15.0168 0x1260 PcaSvc - ok
20:10:15.0215 0x1260 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
20:10:15.0246 0x1260 pci - ok
20:10:15.0277 0x1260 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
20:10:15.0309 0x1260 pciide - ok
20:10:15.0355 0x1260 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:10:15.0387 0x1260 pcmcia - ok
20:10:15.0418 0x1260 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
20:10:15.0433 0x1260 pcw - ok
20:10:15.0496 0x1260 [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:10:15.0558 0x1260 PEAUTH - ok
20:10:15.0683 0x1260 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
20:10:15.0839 0x1260 pla - ok
20:10:15.0901 0x1260 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:10:15.0979 0x1260 PlugPlay - ok
20:10:16.0011 0x1260 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:10:16.0057 0x1260 PNRPAutoReg - ok
20:10:16.0089 0x1260 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:10:16.0135 0x1260 PNRPsvc - ok
20:10:16.0182 0x1260 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:10:16.0291 0x1260 PolicyAgent - ok
20:10:16.0323 0x1260 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
20:10:16.0416 0x1260 Power - ok
20:10:16.0463 0x1260 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:10:16.0525 0x1260 PptpMiniport - ok
20:10:16.0557 0x1260 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:10:16.0603 0x1260 Processor - ok
20:10:16.0650 0x1260 [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc C:\Windows\system32\profsvc.dll
20:10:16.0713 0x1260 ProfSvc - ok
20:10:16.0744 0x1260 [ 7D67B4D677A15B1A363D5BD8201B533D, B40C64C99632B988E3AAFB1FAAF2826EE0466B90F74C541C02E0668C9150F45B ] ProtectedStorage C:\Windows\system32\lsass.exe
20:10:16.0775 0x1260 ProtectedStorage - ok
20:10:16.0822 0x1260 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:10:16.0915 0x1260 Psched - ok
20:10:16.0962 0x1260 [ A6A7AD767BF5141665F5C675F671B3E1, 11D43F732C3B82679E53516F83E675B60B0EFEDE3F4EE3C42AC752AD8D5155AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
20:10:16.0993 0x1260 PSI_SVC_2 - ok
20:10:17.0103 0x1260 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:10:17.0243 0x1260 ql2300 - ok
20:10:17.0259 0x1260 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:10:17.0290 0x1260 ql40xx - ok
20:10:17.0337 0x1260 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
20:10:17.0399 0x1260 QWAVE - ok
20:10:17.0446 0x1260 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:10:17.0477 0x1260 QWAVEdrv - ok
20:10:17.0508 0x1260 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:10:17.0571 0x1260 RasAcd - ok
20:10:17.0617 0x1260 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:10:17.0695 0x1260 RasAgileVpn - ok
20:10:17.0727 0x1260 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
20:10:17.0805 0x1260 RasAuto - ok
20:10:17.0836 0x1260 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:10:17.0914 0x1260 Rasl2tp - ok
20:10:17.0961 0x1260 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
20:10:18.0070 0x1260 RasMan - ok
20:10:18.0085 0x1260 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:10:18.0163 0x1260 RasPppoe - ok
20:10:18.0226 0x1260 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:10:18.0273 0x1260 RasSstp - ok
20:10:18.0319 0x1260 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:10:18.0382 0x1260 rdbss - ok
20:10:18.0413 0x1260 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:10:18.0475 0x1260 rdpbus - ok
20:10:18.0507 0x1260 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:10:18.0553 0x1260 RDPCDD - ok
20:10:18.0585 0x1260 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:10:18.0647 0x1260 RDPENCDD - ok
20:10:18.0694 0x1260 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:10:18.0741 0x1260 RDPREFMP - ok
20:10:18.0787 0x1260 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:10:18.0834 0x1260 RDPWD - ok
20:10:18.0897 0x1260 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:10:18.0928 0x1260 rdyboost - ok
20:10:19.0021 0x1260 [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
20:10:19.0037 0x1260 RealNetworks Downloader Resolver Service - ok
20:10:19.0068 0x1260 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:10:19.0146 0x1260 RemoteAccess - ok
20:10:19.0193 0x1260 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:10:19.0271 0x1260 RemoteRegistry - ok
20:10:19.0318 0x1260 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:10:19.0380 0x1260 RpcEptMapper - ok
20:10:19.0396 0x1260 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
20:10:19.0443 0x1260 RpcLocator - ok
20:10:19.0505 0x1260 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
20:10:19.0567 0x1260 RpcSs - ok
20:10:19.0614 0x1260 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:10:19.0677 0x1260 rspndr - ok
20:10:19.0723 0x1260 [ B8B159FA669C6386A458FCD468EBB1E6, E73E28522F37F4528BE8BCAEF5BB564FB9F3ACF4B73C5FAFCAD58FC6125DA5D9 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
20:10:19.0770 0x1260 RTL8169 - ok
20:10:19.0786 0x1260 [ 7D67B4D677A15B1A363D5BD8201B533D, B40C64C99632B988E3AAFB1FAAF2826EE0466B90F74C541C02E0668C9150F45B ] SamSs C:\Windows\system32\lsass.exe
20:10:19.0833 0x1260 SamSs - ok
20:10:19.0879 0x1260 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:10:19.0911 0x1260 sbp2port - ok
20:10:19.0942 0x1260 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:10:20.0020 0x1260 SCardSvr - ok
20:10:20.0051 0x1260 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:10:20.0113 0x1260 scfilter - ok
20:10:20.0176 0x1260 [ 9060B8D5BCD5F2B019249F85E3D811F3, 7FB32AB7FE118462988321B9230074DAA960B587417EB463187539C3215445AE ] Schedule C:\Windows\system32\schedsvc.dll
20:10:20.0269 0x1260 Schedule - ok
20:10:20.0301 0x1260 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:10:20.0363 0x1260 SCPolicySvc - ok
20:10:20.0425 0x1260 [ B442A2470197B3FEB38BEDDAE9DE9268, 9F33A724DA53A1498BD789CACE44AB51709382AE0DC3A2FF1E52CE4ADEAF0744 ] SCR3XX2K C:\Windows\system32\DRIVERS\SCR3XX2K.sys
20:10:20.0457 0x1260 SCR3XX2K - ok
20:10:20.0488 0x1260 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:10:20.0550 0x1260 SDRSVC - ok
20:10:20.0597 0x1260 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:10:20.0644 0x1260 secdrv - ok
20:10:20.0675 0x1260 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
20:10:20.0753 0x1260 seclogon - ok
20:10:20.0800 0x1260 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
20:10:20.0862 0x1260 SENS - ok
20:10:20.0893 0x1260 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:10:20.0940 0x1260 SensrSvc - ok
20:10:20.0971 0x1260 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:10:21.0034 0x1260 Serenum - ok
20:10:21.0081 0x1260 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:10:21.0112 0x1260 Serial - ok
20:10:21.0143 0x1260 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:10:21.0174 0x1260 sermouse - ok
20:10:21.0221 0x1260 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
20:10:21.0283 0x1260 SessionEnv - ok
20:10:21.0315 0x1260 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:10:21.0346 0x1260 sffdisk - ok
20:10:21.0361 0x1260 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:10:21.0424 0x1260 sffp_mmc - ok
20:10:21.0455 0x1260 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:10:21.0502 0x1260 sffp_sd - ok
20:10:21.0533 0x1260 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:10:21.0595 0x1260 sfloppy - ok
20:10:21.0642 0x1260 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:10:21.0751 0x1260 SharedAccess - ok
20:10:21.0798 0x1260 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:10:21.0892 0x1260 ShellHWDetection - ok
20:10:21.0923 0x1260 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:10:21.0954 0x1260 sisagp - ok
20:10:22.0001 0x1260 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:10:22.0032 0x1260 SiSRaid2 - ok
20:10:22.0063 0x1260 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:10:22.0095 0x1260 SiSRaid4 - ok
20:10:22.0141 0x1260 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:10:22.0219 0x1260 Smb - ok
20:10:22.0282 0x1260 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:10:22.0313 0x1260 SNMPTRAP - ok
20:10:22.0344 0x1260 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
20:10:22.0375 0x1260 spldr - ok
20:10:22.0422 0x1260 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
20:10:22.0516 0x1260 Spooler - ok
20:10:22.0719 0x1260 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
20:10:22.0953 0x1260 sppsvc - ok
20:10:22.0999 0x1260 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:10:23.0046 0x1260 sppuinotify - ok
20:10:23.0093 0x1260 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:10:23.0140 0x1260 srv - ok
20:10:23.0202 0x1260 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:10:23.0249 0x1260 srv2 - ok
20:10:23.0280 0x1260 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:10:23.0311 0x1260 srvnet - ok
20:10:23.0358 0x1260 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:10:23.0421 0x1260 SSDPSRV - ok
20:10:23.0452 0x1260 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:10:23.0530 0x1260 SstpSvc - ok
20:10:23.0686 0x1260 [ 0A21F4F24F41EE0F8B56C58A2DE1C03C, E10509296D217040C610397884D1552B73CF134EB7BABCADD85A065710D27AC8 ] StarMoney 10 OnlineUpdate C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
20:10:23.0733 0x1260 StarMoney 10 OnlineUpdate - ok
20:10:23.0873 0x1260 [ E8606BF6BE3B7481D95F1DD2E4F3FCBA, 522646B5266C3E18AF909CB49F411ABB10F5DCD02A2B923C1EA209529AFD1A94 ] StarMoney 7.0 OnlineUpdate C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
20:10:23.0935 0x1260 StarMoney 7.0 OnlineUpdate - ok
20:10:24.0076 0x1260 [ 3BF022F8064A83A23DF90971DD78CA83, 85754DF1C6DE745ADF9A0BAB1948AFF2CA16C4569128DA90AF610D199E621BF4 ] StarMoney 9.0 OnlineUpdate C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
20:10:24.0138 0x1260 StarMoney 9.0 OnlineUpdate - ok
20:10:24.0169 0x1260 [ 594898B175B8B7D2897A71227D4BBDA1, CEA06486BC26626A6551FDFD1A8F0B71DE3C482BE4FEE02076AAF4B21228D72E ] STC2DFU C:\Windows\system32\DRIVERS\Stc2Dfu.SYS
20:10:24.0201 0x1260 STC2DFU - detected UnsignedFile.Multi.Generic ( 1 )
20:10:24.0201 0x1260 STC2DFU ( UnsignedFile.Multi.Generic ) - warning
20:10:24.0279 0x1260 [ 5A19667A580B1CE886EAF968B9743F45, 0A9EBE4057A0A6EF4732623794C2416A6BD8B87356DA46652BD92762505F57C7 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:10:24.0341 0x1260 Stereo Service - ok
20:10:24.0372 0x1260 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:10:24.0403 0x1260 stexstor - ok
20:10:24.0466 0x1260 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
20:10:24.0544 0x1260 StiSvc - ok
20:10:24.0575 0x1260 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
20:10:24.0606 0x1260 swenum - ok
20:10:24.0653 0x1260 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
20:10:24.0747 0x1260 swprv - ok
20:10:24.0840 0x1260 [ 4EE25AC85AFC3FD67D9F57ECDF566FF2, F1BFF1FB655F31B97FA9C6A49D433EFD33D8A35F6B28B4D83E45C27A05A86228 ] SysMain C:\Windows\system32\sysmain.dll
20:10:24.0981 0x1260 SysMain - ok
20:10:25.0012 0x1260 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
20:10:25.0059 0x1260 TabletInputService - ok
20:10:25.0105 0x1260 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
20:10:25.0215 0x1260 TapiSrv - ok
20:10:25.0246 0x1260 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
20:10:25.0324 0x1260 TBS - ok
20:10:25.0433 0x1260 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:10:25.0527 0x1260 Tcpip - ok
20:10:25.0636 0x1260 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:10:25.0729 0x1260 TCPIP6 - ok
20:10:25.0807 0x1260 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:10:25.0839 0x1260 tcpipreg - ok
20:10:25.0870 0x1260 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:10:25.0901 0x1260 TDPIPE - ok
20:10:25.0932 0x1260 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:10:25.0979 0x1260 TDTCP - ok
20:10:26.0026 0x1260 [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:10:26.0073 0x1260 tdx - ok
20:10:26.0135 0x1260 [ F02854188872539EFD97648BE4CA0A21, BF93345ADDD4F272B031BE6C566EE68432980D8DFBAB3ADCA2B30CEB0A3BF359 ] TeamViewer C:\Program Files\TeamViewer3\TeamViewer_Host.exe
20:10:26.0166 0x1260 TeamViewer - detected UnsignedFile.Multi.Generic ( 1 )
20:10:26.0166 0x1260 TeamViewer ( UnsignedFile.Multi.Generic ) - warning
20:10:26.0166 0x1260 Force sending object to P2P due to detect: TeamViewer
20:10:26.0182 0x1260 Object send P2P result: false
20:10:26.0197 0x1260 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:10:26.0229 0x1260 TermDD - ok
20:10:26.0291 0x1260 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
20:10:26.0353 0x1260 TermService - ok
20:10:26.0385 0x1260 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
20:10:26.0447 0x1260 Themes - ok
20:10:26.0463 0x1260 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
20:10:26.0525 0x1260 THREADORDER - ok
20:10:26.0572 0x1260 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
20:10:26.0634 0x1260 TrkWks - ok
20:10:26.0697 0x1260 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:10:26.0775 0x1260 TrustedInstaller - ok
20:10:26.0821 0x1260 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:10:26.0853 0x1260 tssecsrv - ok
20:10:26.0931 0x1260 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:10:26.0977 0x1260 TsUsbFlt - ok
20:10:27.0024 0x1260 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:10:27.0102 0x1260 tunnel - ok
20:10:27.0133 0x1260 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:10:27.0165 0x1260 uagp35 - ok
20:10:27.0196 0x1260 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:10:27.0289 0x1260 udfs - ok
20:10:27.0336 0x1260 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:10:27.0383 0x1260 UI0Detect - ok
20:10:27.0430 0x1260 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:10:27.0461 0x1260 uliagpkx - ok
20:10:27.0492 0x1260 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
20:10:27.0555 0x1260 umbus - ok
20:10:27.0586 0x1260 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:10:27.0617 0x1260 UmPass - ok
20:10:27.0726 0x1260 [ 6E30C47050124B12D55ECF7F516F28E2, 77BD6446A9E487A1A0F43C38A9736EA33C8F96C8E88197984E6CA8922FF09169 ] Updater Service for AMZN C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
20:10:27.0773 0x1260 Updater Service for AMZN - ok
20:10:27.0820 0x1260 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
20:10:27.0913 0x1260 upnphost - ok
20:10:27.0976 0x1260 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:10:28.0023 0x1260 usbccgp - ok
20:10:28.0054 0x1260 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:10:28.0101 0x1260 usbcir - ok
20:10:28.0147 0x1260 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:10:28.0194 0x1260 usbehci - ok
20:10:28.0257 0x1260 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:10:28.0303 0x1260 usbhub - ok
20:10:28.0350 0x1260 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:10:28.0381 0x1260 usbohci - ok
20:10:28.0428 0x1260 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:10:28.0475 0x1260 usbprint - ok
20:10:28.0522 0x1260 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\drivers\usbscan.sys
20:10:28.0553 0x1260 usbscan - ok
20:10:28.0600 0x1260 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:10:28.0647 0x1260 USBSTOR - ok
20:10:28.0693 0x1260 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:10:28.0740 0x1260 usbuhci - ok
20:10:28.0787 0x1260 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
20:10:28.0849 0x1260 UxSms - ok
20:10:28.0881 0x1260 [ 7D67B4D677A15B1A363D5BD8201B533D, B40C64C99632B988E3AAFB1FAAF2826EE0466B90F74C541C02E0668C9150F45B ] VaultSvc C:\Windows\system32\lsass.exe
20:10:28.0912 0x1260 VaultSvc - ok
20:10:28.0974 0x1260 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:10:29.0005 0x1260 vdrvroot - ok
20:10:29.0068 0x1260 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
20:10:29.0146 0x1260 vds - ok
20:10:29.0177 0x1260 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:10:29.0224 0x1260 vga - ok
20:10:29.0239 0x1260 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:10:29.0302 0x1260 VgaSave - ok
20:10:29.0333 0x1260 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:10:29.0380 0x1260 vhdmp - ok
20:10:29.0427 0x1260 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:10:29.0458 0x1260 viaagp - ok
20:10:29.0489 0x1260 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:10:29.0536 0x1260 ViaC7 - ok
20:10:29.0567 0x1260 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
20:10:29.0598 0x1260 viaide - ok
20:10:29.0630 0x1260 [ AA3E6722843540B9C8EC5257E3D4B675, A3C24654978A604837F85D88C2A6ACB9C552728673213A3BB79A1B7ECE33C7E5 ] ViBus C:\Windows\system32\DRIVERS\ViBus.sys
20:10:29.0661 0x1260 ViBus - ok
20:10:29.0708 0x1260 [ A1B7CFFE5F09B825FBA506C4DE9FDAC7, C238802B5BA4E99ED57F84C8417DF3C8269527340D20DA0AFC0050E9A611E7EE ] ViPrt C:\Windows\system32\DRIVERS\ViPrt.sys
20:10:29.0754 0x1260 ViPrt - ok
20:10:29.0786 0x1260 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:10:29.0817 0x1260 volmgr - ok
20:10:29.0848 0x1260 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:10:29.0895 0x1260 volmgrx - ok
20:10:29.0926 0x1260 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:10:29.0973 0x1260 volsnap - ok
20:10:30.0035 0x1260 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:10:30.0066 0x1260 vsmraid - ok
20:10:30.0144 0x1260 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
20:10:30.0254 0x1260 VSS - ok
20:10:30.0269 0x1260 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:10:30.0316 0x1260 vwifibus - ok
20:10:30.0347 0x1260 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
20:10:30.0441 0x1260 W32Time - ok
20:10:30.0488 0x1260 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:10:30.0534 0x1260 WacomPen - ok
20:10:30.0581 0x1260 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:10:30.0628 0x1260 WANARP - ok
20:10:30.0659 0x1260 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:10:30.0706 0x1260 Wanarpv6 - ok
20:10:30.0800 0x1260 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
20:10:30.0924 0x1260 wbengine - ok
20:10:30.0987 0x1260 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:10:31.0049 0x1260 WbioSrvc - ok
20:10:31.0096 0x1260 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:10:31.0190 0x1260 wcncsvc - ok
20:10:31.0221 0x1260 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:10:31.0268 0x1260 WcsPlugInService - ok
20:10:31.0314 0x1260 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:10:31.0346 0x1260 Wd - ok
20:10:31.0408 0x1260 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:10:31.0455 0x1260 Wdf01000 - ok
20:10:31.0502 0x1260 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:10:31.0533 0x1260 WdiServiceHost - ok
20:10:31.0564 0x1260 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:10:31.0595 0x1260 WdiSystemHost - ok
20:10:31.0658 0x1260 [ 55C70654420DBF429604FD567E6F3CD3, 22191B049BCA76EF13AEDF8078E452E6B35E998A75AD63F14C542B541EA9F67D ] WebClient C:\Windows\System32\webclnt.dll
20:10:31.0704 0x1260 WebClient - ok
20:10:31.0736 0x1260 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:10:31.0845 0x1260 Wecsvc - ok
20:10:31.0860 0x1260 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:10:31.0923 0x1260 wercplsupport - ok
20:10:31.0970 0x1260 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
20:10:32.0048 0x1260 WerSvc - ok
20:10:32.0094 0x1260 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:10:32.0157 0x1260 WfpLwf - ok
20:10:32.0188 0x1260 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:10:32.0219 0x1260 WIMMount - ok
20:10:32.0313 0x1260 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:10:32.0422 0x1260 WinDefend - ok
20:10:32.0453 0x1260 WinHttpAutoProxySvc - ok
20:10:32.0531 0x1260 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:10:32.0609 0x1260 Winmgmt - ok
20:10:32.0687 0x1260 [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
20:10:32.0828 0x1260 WinRM - ok
20:10:32.0890 0x1260 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:10:32.0952 0x1260 WinUsb - ok
20:10:33.0015 0x1260 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:10:33.0124 0x1260 Wlansvc - ok
20:10:33.0171 0x1260 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:10:33.0202 0x1260 WmiAcpi - ok
20:10:33.0249 0x1260 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:10:33.0296 0x1260 wmiApSrv - ok
20:10:33.0389 0x1260 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:10:33.0514 0x1260 WMPNetworkSvc - ok
20:10:33.0561 0x1260 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:10:33.0592 0x1260 WPCSvc - ok
20:10:33.0639 0x1260 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:10:33.0686 0x1260 WPDBusEnum - ok
20:10:33.0717 0x1260 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:10:33.0795 0x1260 ws2ifsl - ok
20:10:33.0826 0x1260 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
20:10:33.0888 0x1260 wscsvc - ok
20:10:33.0920 0x1260 WSearch - ok
20:10:34.0060 0x1260 [ 4A19D4A01F8F0684E155C131B5B54776, 341ABCDB121DDB49831B3E42DFDB0938AF49C31B44351A3D9970DAD25CD22606 ] wuauserv C:\Windows\system32\wuaueng.dll
20:10:34.0232 0x1260 wuauserv - ok
20:10:34.0263 0x1260 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:10:34.0310 0x1260 WudfPf - ok
20:10:34.0356 0x1260 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:10:34.0388 0x1260 WUDFRd - ok
20:10:34.0419 0x1260 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:10:34.0481 0x1260 wudfsvc - ok
20:10:34.0512 0x1260 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
20:10:34.0559 0x1260 WwanSvc - ok
20:10:34.0622 0x1260 [ 7481637A50A0468CF46C719672BC7EAA, 286C7D714B9EA7346E2891A6B9F972C53AD6591F21FFB067B805C3ED5EB946DA ] ZSMC301b C:\Windows\system32\Drivers\usbVM31b.sys
20:10:34.0653 0x1260 ZSMC301b - ok
20:10:34.0668 0x1260 ================ Scan global ===============================
20:10:34.0715 0x1260 [ 5E7C5DE85AF978495C3A9A0B720B9811, 142CDEBED78E3BAEE8D2DBF6A97CE26313932024010548EC2E570CAE480AF7C3 ] C:\Windows\system32\basesrv.dll
20:10:34.0762 0x1260 [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
20:10:34.0778 0x1260 [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
20:10:34.0824 0x1260 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
20:10:34.0871 0x1260 [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
20:10:34.0887 0x1260 [ Global ] - ok
20:10:34.0887 0x1260 ================ Scan MBR ==================================
20:10:34.0887 0x1260 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:10:35.0136 0x1260 \Device\Harddisk0\DR0 - ok
20:10:35.0136 0x1260 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5
20:10:36.0275 0x1260 \Device\Harddisk5\DR5 - ok
20:10:36.0275 0x1260 ================ Scan VBR ==================================
20:10:36.0291 0x1260 [ E4E6DBCE6E91C861728EE5BCDA1BB97C ] \Device\Harddisk0\DR0\Partition1
20:10:36.0291 0x1260 \Device\Harddisk0\DR0\Partition1 - ok
20:10:36.0291 0x1260 [ 264E6FB4A75DE776193E25610EBCCB8D ] \Device\Harddisk5\DR5\Partition1
20:10:36.0291 0x1260 \Device\Harddisk5\DR5\Partition1 - ok
20:10:36.0291 0x1260 ================ Scan generic autorun ======================
20:10:36.0369 0x1260 [ FF70A439B01C1373AB396275BF93E1AA, 258470764B37CD4C7B6134237C818424FA4B7B5D0590EDC5DE19271FCFAF6922 ] C:\Program Files\Analog Devices\Core\smax4pnp.exe
20:10:36.0431 0x1260 SoundMAXPnP - ok
20:10:36.0431 0x1260 Performance Center - ok
20:10:36.0618 0x1260 [ 442CC2A5247327548826D284B7CC7287, 8005CB98F7519EDC84FE88009EE354B753929DDA71761571E68BECCBC3D88D02 ] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
20:10:36.0728 0x1260 GDFirewallTray - ok
20:10:36.0946 0x1260 [ D49C6A597814433ED6C3BF7ECF2D27BD, D792327A9D88ADACA3B855038DD87DDB0FF5A6F5B2D4ED3BC53BA98309C08FDD ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
20:10:37.0164 0x1260 CanonMyPrinter - ok
20:10:37.0289 0x1260 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:10:37.0398 0x1260 Sidebar - ok
20:10:37.0445 0x1260 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:10:37.0492 0x1260 mctadmin - ok
20:10:37.0586 0x1260 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:10:37.0664 0x1260 Sidebar - ok
20:10:37.0695 0x1260 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:10:37.0742 0x1260 mctadmin - ok
20:10:37.0804 0x1260 [ A7DC47DBBE3C0384BA719DC4188AFA7E, FCC8F68A8E55AE2AB9B877A6E46DFC28411B68D09AEACA4792625B5150EFDCFD ] C:\Windows\ehome\ehTray.exe
20:10:37.0835 0x1260 ehTray.exe - ok
20:10:37.0835 0x1260 Performance Center - ok
20:10:37.0944 0x1260 [ A3CCBBB0735800B89931B73CCB69F9B1, 97D0684AB1ECB2F89A3C8E53DC383AEDE506A1F9367AA283C0B9992A19854D43 ] C:\Program Files\AppGraffiti\AGupdate.exe
20:10:38.0007 0x1260 AGupdate - ok
20:10:38.0100 0x1260 [ 2605662FB8D523F3031284859E085B38, 230FBC3169BFC27960FE996E00308EC99588BB17155EAAD0A3FA97FAF8894F0D ] C:\Windows\system32\config\systemprofile\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
20:10:38.0163 0x1260 AmazonMP3DownloaderHelper - ok
20:10:38.0256 0x1260 [ 48450691B39F72A4F72E58ABBF7C5B63, 76BB55992F06B8156DE75850777FDBE4EE081609D5A5C916608C9C693275C3AD ] C:\PROGRA~1\APPGRA~1\AppGraffiti.exe
20:10:38.0334 0x1260 AppGraffiti - ok
20:10:38.0428 0x1260 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:10:38.0506 0x1260 Sidebar - ok
20:10:38.0537 0x1260 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:10:38.0584 0x1260 mctadmin - ok
20:10:38.0678 0x1260 AV detected via SS2: G DATA INTERNET SECURITY, C:\Program Files\G DATA\InternetSecurity\AVK\avkwscpe.exe ( 25.1.0.0 ), 0x42000 ( disabled : updated )
20:10:38.0678 0x1260 FW detected via SS2: G*DATA Personal Firewall, C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe ( 22.0.0.1 ), 0x41010 ( enabled )
20:10:38.0678 0x1260 ============================================================
20:10:38.0678 0x1260 Scan finished
20:10:38.0678 0x1260 ============================================================
20:10:38.0693 0x0530 Detected object count: 7
20:10:38.0693 0x0530 Actual detected object count: 7
20:14:18.0841 0x0530 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:14:18.0841 0x0530 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:14:18.0856 0x0530 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:14:18.0856 0x0530 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:14:18.0856 0x0530 hwinterface ( UnsignedFile.Multi.Generic ) - skipped by user
20:14:18.0856 0x0530 hwinterface ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:14:18.0856 0x0530 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:14:18.0856 0x0530 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:14:18.0856 0x0530 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:14:18.0856 0x0530 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:14:18.0872 0x0530 STC2DFU ( UnsignedFile.Multi.Generic ) - skipped by user
20:14:18.0872 0x0530 STC2DFU ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:14:18.0872 0x0530 TeamViewer ( UnsignedFile.Multi.Generic ) - skipped by user
20:14:18.0872 0x0530 TeamViewer ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:14:27.0218 0x0a58 Deinitialize success
|
|
21.10.2015, 19:14
| #5 |
| /// the machine /// TB-Ausbilder | Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.10.2015, 11:34
| #6 |
| | Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar Hallo Schrauber, sorry für die Verspätung, aber gestern abend war "Back to the future"-Day, da musste ich mir im Kino das Triplefeature angucken. Ich hatte einige Probleme, den Virenscanner G-Data zu deaktivieren, wirklich ein lästiges Teil. Der hat dann immer irgendwelche Teile von ComboFix gekillt usw. Ich hab dann gebootet und in den G-Data-Einstellungen wirklich alle Haken rausgemacht (Prozesse killen usw ging nicht). Danach lief ComboFox ohne Meckereien durch. Combofix Logfile: Code:
ATTFilter ComboFix 15-10-21.01 - Günter Meier 22.10.2015 12:01:35.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2046.1229 [GMT 2:00]
ausgeführt von:: c:\windows\system32\config\systemprofile\Desktop\ComboFix.exe
AV: G DATA INTERNET SECURITY *Disabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
FW: G*DATA Personal Firewall *Disabled* {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
SP: G DATA INTERNET SECURITY *Disabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\windows\IsUn0407.exe
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.ComfyCakesSave-ms.pif
c:\windows\system32\drivers\hwinterface.sys
c:\windows\TEMP\catchme.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_hwinterface
-------\Service_hwinterface
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-09-22 bis 2015-10-22 ))))))))))))))))))))))))))))))
.
.
2015-10-22 10:15 . 2015-10-22 10:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-10-22 10:15 . 2015-10-22 10:15 -------- d-----w- c:\users\Günter Meier\AppData\Local\temp
2015-10-22 10:15 . 2015-10-22 10:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2015-10-22 10:15 . 2015-10-22 10:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-20 17:19 . 2015-10-20 17:19 -------- d-----w- c:\programdata\Malwarebytes
2015-10-20 17:19 . 2015-10-20 18:06 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-10-20 17:19 . 2015-10-20 17:19 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-20 16:46 . 2015-10-20 16:46 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-20 14:16 . 2015-10-20 14:19 -------- d-----w- C:\FRST
2015-10-17 13:51 . 2015-09-18 17:44 587776 ----a-w- c:\windows\system32\invagent.dll
2015-10-17 13:51 . 2015-09-18 17:44 615936 ----a-w- c:\windows\system32\generaltel.dll
2015-10-17 13:51 . 2015-09-18 17:44 423936 ----a-w- c:\windows\system32\devinv.dll
2015-10-17 13:51 . 2015-09-18 17:44 1120768 ----a-w- c:\windows\system32\appraiser.dll
2015-10-17 13:51 . 2015-09-18 17:35 999936 ----a-w- c:\windows\system32\aeinv.dll
2015-10-17 13:51 . 2015-09-18 17:47 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-10-17 13:51 . 2015-09-18 17:44 62976 ----a-w- c:\windows\system32\acmigration.dll
2015-10-14 12:00 . 2015-09-16 03:38 37888 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2015-10-14 11:57 . 2015-09-29 03:05 3936192 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-10-13 14:55 . 2015-10-13 14:54 524288 ----a-w- c:\windows\putty.exe
2015-10-13 12:09 . 2015-10-13 12:09 -------- d-----w-ter Meier c:\users\GNTERR~2
2015-10-13 11:59 . 2015-10-13 11:59 -------- d-----w- c:\users\Günter Meier\AppData\Local\CEF
2015-10-13 11:47 . 2015-10-13 11:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\McAfee
2015-10-12 16:13 . 2015-10-12 16:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\CEF
2015-10-12 16:09 . 2015-10-12 16:09 -------- d-----w- c:\programdata\McAfee
2015-09-30 20:47 . 2015-09-30 20:47 225976 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-22 10:02 . 2015-10-22 10:02 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E0ABF65-1CC0-43C1-8E75-11609A5DA100}\offreg.3632.dll
2015-10-20 18:09 . 2015-10-20 18:09 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E0ABF65-1CC0-43C1-8E75-11609A5DA100}\offreg.4116.dll
2015-10-20 14:19 . 2015-10-20 14:19 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E0ABF65-1CC0-43C1-8E75-11609A5DA100}\offreg.2836.dll
2015-10-17 14:59 . 2015-10-17 14:59 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E0ABF65-1CC0-43C1-8E75-11609A5DA100}\offreg.5532.dll
2015-09-17 14:48 . 2015-09-17 14:48 15192 ----a-w- c:\windows\system32\drivers\GdPhyMem.sys
2015-09-17 14:48 . 2010-12-18 12:33 29528 ----a-w- c:\windows\system32\drivers\GRD.sys
2015-09-04 16:05 . 2014-04-08 06:38 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-09-04 16:05 . 2011-08-09 19:14 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-09-04 12:11 . 2015-09-16 13:38 149760 ----a-w- c:\windows\RegDefragTask.exe
2015-09-02 02:48 . 2015-09-10 14:44 26624 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 02:48 . 2015-09-10 14:44 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 02:48 . 2015-09-10 14:44 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 02:48 . 2015-09-10 14:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 01:36 . 2015-09-10 14:44 2384896 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:33 . 2015-09-10 14:44 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-08-31 23:05 . 2015-10-17 13:51 8884144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E0ABF65-1CC0-43C1-8E75-11609A5DA100}\mpengine.dll
2015-08-27 17:58 . 2015-09-10 14:44 1391104 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 17:58 . 2015-09-10 14:44 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 17:51 . 2015-09-10 14:44 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 17:51 . 2015-09-10 14:44 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-05 17:41 . 2015-09-10 14:44 751104 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-05 17:40 . 2015-09-10 14:45 22528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
2015-08-05 17:40 . 2015-09-10 14:45 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-08-05 17:40 . 2015-09-10 14:45 19968 ----a-w- c:\windows\system32\jnwmon.dll
2015-07-30 17:57 . 2015-08-14 11:17 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 17:57 . 2015-08-14 11:17 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 17:57 . 2015-08-14 11:17 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 13:13 . 2015-08-14 11:05 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2012-12-06 11:17 343296 ----a-w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-09-15 12:58 1733240 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-09-15 12:58 1733240 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-09-15 12:58 1733240 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"AGupdate"="c:\program files\AppGraffiti\AGupdate.exe" [2013-03-19 894048]
"AppGraffiti"="c:\progra~1\APPGRA~1\AppGraffiti.exe" [2015-06-25 1220544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2015-02-20 1855608]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 12:36 36864 ----a-w- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-12-18 19:34 868352 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2007-01-23 11904]
R2 StarMoney 10 OnlineUpdate;StarMoney 10 OnlineUpdate;c:\program files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [2015-07-27 688784]
R2 StarMoney 9.0 OnlineUpdate;StarMoney 9.0 OnlineUpdate;c:\program files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [2014-07-04 697488]
R3 Browser7Maintenance;Browser 7 Maintenance Service;c:\program files\Browser 7 Maintenance Service\maintenanceservice.exe [2015-08-20 148792]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon32.sys [2011-07-31 29400]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2007-01-23 207872]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2007-01-23 299776]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2007-01-23 149504]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2007-01-23 498176]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys [2007-01-23 23552]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-18 14848]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2007-10-17 56448]
R3 STC2DFU;STCII DFU Adapter;c:\windows\system32\DRIVERS\Stc2Dfu.SYS [2004-10-24 7796]
R3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-09-16 102912]
R4 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2015-04-07 108032]
S0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2007-03-26 16896]
S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2007-03-26 52224]
S1 GDKBFlt;G Data GDKBFlt Driver;c:\windows\system32\drivers\GDKBFlt32.sys [2015-04-07 20352]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2015-04-07 161792]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2015-07-12 53248]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2015-09-17 29528]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2015-04-07 87040]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2015-04-16 2528888]
S2 AVKService;G DATA Scheduler;c:\program files\G Data\InternetSecurity\AVK\AVKService.exe [2015-02-20 965240]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2015-04-07 2876888]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]
S2 Updater Service for AMZN;Updater Service for AMZN;c:\program files\Amazon Browser Bar\ToolbarUpdaterService.exe [2013-03-21 222368]
S3 GDFwSvc;G Data Personal Firewall;c:\program files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2015-02-20 2539560]
S3 GDKBB;G Data GDKBB Driver;c:\windows\system32\drivers\GDKBB32.sys [2015-04-07 24192]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2015-04-07 73216]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G DATA\GDScan\GDScan.exe [2015-03-04 789112]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-02 07:26 997704 ----a-w- c:\program files\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-08 16:05]
.
2015-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-27 16:00]
.
2015-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-27 16:00]
.
2015-10-22 c:\windows\Tasks\simplitec Power Suite (Tray).job
- c:\program files\simplitec\simplitec Power Suite\ServiceProvider.exe [2015-07-08 12:12]
.
2015-10-15 c:\windows\Tasks\simplitec Power Suite.job
- c:\program files\simplitec\simplitec Power Suite\PowerSuite.exe [2015-07-08 12:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_sp_
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: amazon.de
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKCU-Run-Performance Center - c:\program files\Ascentive\Performance Center\ApcMain.exe
HKLM-Run-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Günter Meier\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\GWX\GWX.exe
c:\windows\system32\conhost.exe
c:\program files\AppGraffiti\AppGraffiti.exe
c:\windows\System32\WUDFHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-10-22 12:28:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-10-22 10:28
.
Vor Suchlauf: 23 Verzeichnis(se), 234.090.831.872 Bytes frei
Nach Suchlauf: 33 Verzeichnis(se), 234.937.659.392 Bytes frei
.
- - End Of File - - 932F7D9364262A2CBC4D26D73D9E731F
Ausserdem kam nach dem Reboot, während Combofix angezeigt hat, dass er das Log erstellt, eine Meldung von G-Data, dass ein Programm namens ServiceProvider.exe einen Port aufmachen wollen würde. Das gehört zur "simplitec Power Suite", die ich eigentlich vor ein paar Tagen (d.h. vor dem ersten Posting hier) deinstalliert hatte. EDIT: nach etwa 10 Minuten kam wieder die NSIS Fehlermeldung. Gruss, Tom Gruss, Tom |
|
23.10.2015, 07:54
| #7 |
| /// the machine /// TB-Ausbilder | Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar Ich habs bei Amazon Prime geschaut  Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.10.2015, 14:01
| #8 |
| | Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar mbam.txt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 23.10.2015 Suchlaufzeit: 12:39 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.09.22.05 Rootkit-Datenbank: v2015.09.18.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bsartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Gnter Meier Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 430219 Abgelaufene Zeit: 31 Min., 5 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 2 PUP.Optional.AmazonTB, C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe, 2972, Lschen bei Neustart, [e60781b1c9c2290db5386a1c05ff60a0] PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\AppGraffiti.exe, 2956, Lschen bei Neustart, [49a4de5449427abc2d362b5c7094da26] Module: 0 (keine bsartigen Elemente erkannt) Registrierungsschlssel: 26 PUP.Optional.AppGraffiti, HKU\S-1-5-21-3597727890-3998022267-917300989-1001_Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}, In Quarantne, [f9f4b1815e2d26104a318064669c5ea2], PUP.Optional.RebateInformer, HKLM\SOFTWARE\CLASSES\RebateI.RebateInformImageGen, In Quarantne, [e6077bb7820966d00ac846a4bb4712ee], PUP.Optional.RebateInformer, HKLM\SOFTWARE\CLASSES\RebateI.Rebate Informer BHO, In Quarantne, [8667f1412e5d3ff7e5ee15d5b34fec14], PUP.Optional.AmazonTB, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Updater Service for AMZN, In Quarantne, [e60781b1c9c2290db5386a1c05ff60a0], PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\CLSID\{183643C8-EE67-4574-9A38-927852E34163}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\TYPELIB\{506F578A-91E1-46CE-830F-E2F4268E9966}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\INTERFACE\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\INTERFACE\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\INTERFACE\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\INTERFACE\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\INTERFACE\{E9BBD270-4B87-4EE2-912F-6635674986C0}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\CShared.TB4Server, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\CShared.TB4Client, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\CShared.TB4Script, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], PUP.Optional.InboxToolBar, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8736C681-37A0-40C6-A0F0-4C083409151C}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\CLSID\{DB35C569-5624-4CFC-8043-E5139F55A073}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\CLSID\{EFB46ED3-8FD8-4051-8FD6-DD9CE7E63BEF}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\CShared.TB4Server2, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], PUP.Optional.AppGraffiti, HKLM\SOFTWARE\AppGraffiti, In Quarantne, [15d8a989cac1c2746dc168da9271f709], PUP.Optional.AppGraffiti, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\angobeimajilfhlcpeiccndaifchnppl, In Quarantne, [7a73e151bbd02313aeb7abdcbb498e72], PUP.Optional.AppGraffiti, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\AppGraffiti, In Quarantne, [c32a949ed2b938fe83ac5ce653b02fd1], PUP.Optional.RebateInformer, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\CTOOLBAR\PLUGINS\REBATEINF, In Quarantne, [9855c072fb906ec869478530ce3632ce], PUP.Optional.AlexaTB, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\DISTROMATIC\Toolbars, In Quarantne, [5c9192a0dfacd36326873e4863a1d729], PUP.Optional.ICQ, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BE9654C9-9D79-42EC-B55A-3CAEB12DBF58}, In Quarantne, [9657e949dbb05ed8fe98bbe6966eca36], Registrierungswerte: 6 PUP.Optional.ICQToolbar, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{855F3B16-6D32-4FE6-8A56-BBB695989046}, In Quarantne, [8e5f86ac93f8082e24eaad3aaf53b24e], PUP.Optional.ICQToolbar, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{855F3B16-6D32-4FE6-8A56-BBB695989046}, ;_2mOVF{A9CA339F-7856-4dc4-9C48-71B1D7ACAD12}, In Quarantne, [8e5f86ac93f8082e24eaad3aaf53b24e] PUP.Optional.AppGraffiti, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AGupdate, C:\Program Files\AppGraffiti\AGupdate.exe, In Quarantne, [49a4de5449427abc2d362b5c7094da26] PUP.Optional.AppGraffiti, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AppGraffiti, "C:\PROGRA~1\APPGRA~1\AppGraffiti.exe", In Quarantne, [49a4de5449427abc2d362b5c7094da26] PUP.Optional.InboxToolBar, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES\INBOX.COM\SHARED\CSHARED.DLL, 1, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8] PUP.Optional.ICQ, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}|URL, hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd, In Quarantne, [9657e949dbb05ed8fe98bbe6966eca36] Registrierungsdaten: 0 (keine bsartigen Elemente erkannt) Ordner: 12 PUP.Optional.AmazonTB, C:\Users\Gnter Meier\AppData\Local\Amazon Browser Bar, In Quarantne, [a8452b07ef9c231379736224a2627888], PUP.Optional.AmazonTB, C:\Program Files\Amazon Browser Bar, Lschen bei Neustart, [e60781b1c9c2290db5386a1c05ff60a0], PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti, Lschen bei Neustart, [49a4de5449427abc2d362b5c7094da26], PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\Chrome, In Quarantne, [49a4de5449427abc2d362b5c7094da26], PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\Update, In Quarantne, [49a4de5449427abc2d362b5c7094da26], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com, In Quarantne, [24c9949ee8a3c4729facda27d92a649c], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com\chrome, In Quarantne, [24c9949ee8a3c4729facda27d92a649c], PUP.Optional.AppGraffiti, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti, In Quarantne, [12dbe74b543739fd61edf70a788b1fe1], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\img, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\js, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], Dateien: 37 PUP.Optional.SearchProtect, C:\Program Files\Amazon Browser Bar\search_protect - Kopie.exe, In Quarantne, [d5188ca6c7c4a98de18651680bf66b95], PUP.Optional.SearchProtect, C:\Program Files\Amazon Browser Bar\search_protect.exe, In Quarantne, [7578ff33d4b73afca8bff1c87d8432ce], PUP.Optional.RebateInformer, C:\Program Files\RebateInformer\RebateInf.exe, In Quarantne, [47a6ff335a313df956ee13acea17639d], PUP.Optional.MyStartSearch.ShrtCln, C:\Users\Gnter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\searchplugins\MyStart Search.xml, In Quarantne, [836ae2503556be78aefdc38842c1dc24], PUP.Optional.AmazonTB, C:\Users\Gnter Meier\AppData\Local\Amazon Browser Bar\protect.xml, In Quarantne, [a8452b07ef9c231379736224a2627888], PUP.Optional.AmazonTB, C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.ini, In Quarantne, [e60781b1c9c2290db5386a1c05ff60a0], PUP.Optional.AmazonTB, C:\Program Files\Amazon Browser Bar\installer.xml, In Quarantne, [e60781b1c9c2290db5386a1c05ff60a0], PUP.Optional.AmazonTB, C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe, Lschen bei Neustart, [e60781b1c9c2290db5386a1c05ff60a0], PUP.Optional.AmazonTB, C:\Program Files\Amazon Browser Bar\uninstall.ico, In Quarantne, [e60781b1c9c2290db5386a1c05ff60a0], PUP.Optional.AmazonTB, C:\Program Files\Amazon Browser Bar\uninstall.json, In Quarantne, [e60781b1c9c2290db5386a1c05ff60a0], PUP.Optional.AmazonTB, C:\Program Files\Amazon Browser Bar\update.xml, In Quarantne, [e60781b1c9c2290db5386a1c05ff60a0], PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\unins000.dat, In Quarantne, [49a4de5449427abc2d362b5c7094da26], PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\AGupdate.exe, In Quarantne, [49a4de5449427abc2d362b5c7094da26], PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\AppGraffiti.dll, In Quarantne, [49a4de5449427abc2d362b5c7094da26], PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\AppGraffiti.exe, Lschen bei Neustart, [49a4de5449427abc2d362b5c7094da26], PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\AppGraffiti64.dll, In Quarantne, [49a4de5449427abc2d362b5c7094da26], PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\config.dat, In Quarantne, [49a4de5449427abc2d362b5c7094da26], PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\Chrome\graff_chr.crx, In Quarantne, [49a4de5449427abc2d362b5c7094da26], PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\Chrome\graff_chr.ver, In Quarantne, [49a4de5449427abc2d362b5c7094da26], PUP.Optional.InboxToolBar, C:\Program Files\Inbox.com\Shared\CShared.dll, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com\chrome.manifest, In Quarantne, [24c9949ee8a3c4729facda27d92a649c], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com\ini.xml, In Quarantne, [24c9949ee8a3c4729facda27d92a649c], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com\install.rdf, In Quarantne, [24c9949ee8a3c4729facda27d92a649c], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com\install.xml, In Quarantne, [24c9949ee8a3c4729facda27d92a649c], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com\chrome\AppGraffiti.jar, In Quarantne, [24c9949ee8a3c4729facda27d92a649c], PUP.Optional.AppGraffiti, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti\Uninstall AppGraffiti.lnk, In Quarantne, [12dbe74b543739fd61edf70a788b1fe1], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\background.js, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\manifest.json, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\img\128x128.png, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\img\16x16.png, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\img\48x48.png, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\js\AppGraffiti.js, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\js\facebook.js, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\js\iframe.js, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\js\jquery-1.6.1.min.js, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\js\reload.js, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\js\twitter.js, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], Physische Sektoren: 0 (keine bsartigen Elemente erkannt) (end) AwCleaner.txt: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v5.014 - Bericht erstellt am 23/10/2015 um 14:31:58
# Aktualisiert am 18/10/2015 von Xplode
# Datenbank : 2015-10-18.5 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86)
# Benutzername : Günter Meier - GÜNTER-PC
# Gestartet von : E:\winguenter\bin\AdwCleaner_5.014.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\Program Files\Amazon\ABB
[-] Ordner Gelöscht : C:\Program Files\icqtoolbar
[-] Ordner Gelöscht : C:\Program Files\Inbox.com
[-] Ordner Gelöscht : C:\Program Files\RebateInformer
[-] Ordner Gelöscht : C:\Program Files\simplitec
[-] Ordner Gelöscht : C:\Program Files\SiteRanker
[-] Ordner Gelöscht : C:\ProgramData\simplitec
[-] Ordner Gelöscht : C:\ProgramData\Yahoo! Companion
[-] Ordner Gelöscht : C:\ProgramData\Fighters
[-] Ordner Gelöscht : C:\ProgramData\SparkTrust
[-] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
[-] Ordner Gelöscht : C:\Users\Günter Meier\AppData\Local\PackageAware
[-] Ordner Gelöscht : C:\Users\Günter Meier\AppData\LocalLow\AppGraffiti
[-] Ordner Gelöscht : C:\Users\Günter Meier\AppData\LocalLow\SiteRanker
[-] Ordner Gelöscht : C:\Users\Günter Meier\AppData\Roaming\Fighters
[-] Ordner Gelöscht : C:\Users\Günter Meier\AppData\Roaming\SparkTrust
[-] Ordner Gelöscht : C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[-] Ordner Gelöscht : C:\Windows\system32\config\systemprofile\AppData\Roaming\Fighters
***** [ Dateien ] *****
[-] Datei Gelöscht : C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage
[-] Datei Gelöscht : C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\user.js
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Geplante Tasks ] *****
[-] Task Gelöscht : simplitec Power Suite (Tray)
[-] Task Gelöscht : simplitec Power Suite
***** [ Registrierungsdatenbank ] *****
[-] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\rebinfo
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECCA77AD-EF06-4650-B6FC-7A0E90687EB4}
[-] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Schlüssel Gelöscht : HKCU\Software\CToolbar
[-] Schlüssel Gelöscht : HKCU\Software\distromatic
[-] Schlüssel Gelöscht : HKCU\Software\IM
[-] Schlüssel Gelöscht : HKCU\Software\ImInstaller
[-] Schlüssel Gelöscht : HKCU\Software\SiteRanker
[-] Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
[-] Schlüssel Gelöscht : HKCU\Software\Fighters
[-] Schlüssel Gelöscht : HKCU\Software\Yahoo\Companion
[-] Schlüssel Gelöscht : HKCU\Software\Yahoo\YFriendsBar
[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\CToolbar
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\ImInstaller
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\simplitec
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Yahoo\Companion
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\simplitec POWER SUITE_is1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}
[!] Schlüssel Nicht Gelöscht : HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Software\AppDataLow\Software\Yahoo\Companion
[!] Daten Nicht Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
[!] Daten Nicht Wiederhergestellt : HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Software\Microsoft\Internet Explorer\Main [ICQ Search]
***** [ Internetbrowser ] *****
[-] [C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\prefs.js] [Preference] Gelöscht : user_pref("AppGraffiti.installdate", "NaN");
[-] [C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\prefs.js] [Preference] Gelöscht : user_pref("AppGraffiti.installed", "true");
[-] [C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\prefs.js] [Preference] Gelöscht : user_pref("AppGraffiti.tbid", "61009");
[-] [C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\prefs.js] [Preference] Gelöscht : user_pref("AppGraffiti.tuid", "-7815994133870912824");
[-] [C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\prefs.js] [Preference] Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.inbox.com/homepage.aspx?tbid=80772&iwk=293&lng=de");
[-] [C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.enabledItems", "AppGraffiti@AppGraffiti.com:1.0.0.22,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{CAFEEFAC-0016-0000-0022-ABCDEFFE[...]
[-] [C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : de.ask.com
*************************
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6950 Bytes] ##########
jrt.txt: Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 7 Home Premium x86
Ran by G]ter Meier on 23.10.2015 at 14:36:43,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\BROWSER7.EXE
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\Users\G]ter Meier\AppData\Roaming\getrighttogo
~~~ FireFox
Successfully deleted the following from C:\Users\G]ter Meier\AppData\Roaming\mozilla\firefox\profiles\ywlhf9be.default\prefs.js
user_pref(browser.search.defaultenginename, MyStart Suche);
user_pref(keyword.URL, hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=);
~~~ Chrome
[C:\Users\G]ter Meier\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\G]ter Meier\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\G]ter Meier\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\G]ter Meier\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.10.2015 at 14:41:47,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
23.10.2015, 14:02
| #9 |
| | Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar FRST.txt: FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:18-10-2015
durchgeführt von Günter Meier (Administrator) auf GÜNTER-PC (23-10-2015 14:50:05)
Gestartet von E:\winguenter\bin
Geladene Profile: Günter Meier (Verfügbare Profile: Günter Meier & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files\Deutsche Telekom AG\Browser 7\Browser7.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(G Data Software AG) C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(G DATA Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Günter Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-08-05]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_sp_
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tag=bds-p08-serp-de-ie-21&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_ds_&query={searchTerms}
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {05C72334-11F3-4e9f-8740-98128F52EFB9} URL = hxxp://google.ie7pro.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tag=bds-p08-serp-de-ie-21&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_ds_&query={searchTerms}
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {CB779390-9FC4-4A00-B031-3CD9A1C8A67A} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-03] (Sun Microsystems, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default
FF DefaultSearchUrl: hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF SelectedSearchEngine: Inbox Suchen
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-26] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-12-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-12-23] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-3597727890-3998022267-917300989-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3597727890-3998022267-917300989-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3597727890-3998022267-917300989-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Windows\system32\config\systemprofile\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-04-16] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2008-06-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2009-08-03] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-12-23] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-12-23] (RealPlayer)
FF SearchPlugin: C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\searchplugins\inbox-search.xml [2014-02-03]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-27] [ist nicht signiert]
FF Extension: Blue Ice 2 - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\Extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa} [2008-08-04] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-11] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-23] [ist nicht signiert]
FF Extension: Kein Name - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [nicht gefunden]
FF Extension: Kein Name - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [nicht gefunden]
Chrome:
=======
CHR Profile: C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-04-01]
CHR Extension: (RebateInformer) - C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\odbbfaealmlpnodchplhdomkgpdkeeal [2013-03-06]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AVKProxy; C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2528888 2015-04-16] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2876888 2015-04-07] (G Data Software AG)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [Datei ist nicht signiert]
S3 Browser7Maintenance; C:\Program Files\Browser 7 Maintenance Service\maintenanceservice.exe [148792 2015-08-20] (Deutsche Telekom AG)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-08] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R3 GDFwSvc; C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2539560 2015-02-20] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert]
S3 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 StarMoney 10 OnlineUpdate; C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688784 2015-07-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S4 StarMoney 7.0 OnlineUpdate; C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S4 TeamViewer; C:\Program Files\TeamViewer3\TeamViewer_Host.exe [90112 2007-11-29] () [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [108032 2015-04-07] (G Data Software AG)
R3 GDKBB; C:\Windows\system32\drivers\GDKBB32.sys [24192 2015-04-07] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt32.sys [20352 2015-04-07] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [161792 2015-04-07] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon32.sys [29400 2011-07-31] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [73216 2015-04-07] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2015-07-12] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2015-09-17] (G Data Software)
S1 HCW88AUD; C:\Windows\System32\drivers\hcw88aud.sys [11904 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88BDA; C:\Windows\System32\drivers\hcw88bda.sys [207872 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88TSE; C:\Windows\System32\drivers\hcw88tse.sys [299776 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88TUNE; C:\Windows\System32\drivers\hcw88tun.sys [149504 2007-01-23] (Hauppauge Computer Works, Inc.)
S3 hcw88vid; C:\Windows\System32\drivers\hcw88vid.sys [498176 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88XBAR; C:\Windows\System32\drivers\HCW88BAR.sys [23552 2007-01-23] (Hauppauge Computer Works, Inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [87040 2015-04-07] (G Data Software AG)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [48768 2007-07-05] (JMicron Technology Corp.)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-10-17] (SCM Microsystems Inc.)
S3 STC2DFU; C:\Windows\System32\DRIVERS\Stc2Dfu.SYS [7796 2004-10-25] (SCM Microsystems Inc.) [Datei ist nicht signiert]
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (VIA Technologies, Inc.)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [91527 2005-02-26] (VM)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Windows\TEMP\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-23 14:41 - 2015-10-23 14:41 - 00002171 _____ C:\Users\Günter Meier\Desktop\JRT.txt
2015-10-23 13:27 - 2015-10-23 14:31 - 00000000 ____D C:\AdwCleaner
2015-10-23 12:38 - 2015-10-23 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-10-23 12:37 - 2015-10-23 12:37 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware
2015-10-23 12:37 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-23 12:37 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-22 12:28 - 2015-10-22 12:28 - 00018287 _____ C:\ComboFix.txt
2015-10-22 11:56 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-22 11:56 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-22 11:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-22 11:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-22 11:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-22 11:56 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-22 11:56 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-22 11:56 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-22 11:45 - 2015-10-22 12:28 - 00000000 ____D C:\Qoobox
2015-10-22 11:41 - 2015-10-22 12:25 - 00000000 ____D C:\Windows\erdnt
2015-10-20 19:19 - 2015-10-23 13:18 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-20 19:19 - 2015-10-23 12:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-20 19:19 - 2015-10-20 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-20 18:46 - 2015-10-20 20:06 - 00000000 ____D C:\Users\Günter Meier\Desktop\mbar
2015-10-20 18:46 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-20 16:16 - 2015-10-23 14:50 - 00000000 ____D C:\FRST
2015-10-20 16:15 - 2015-10-20 16:15 - 00000000 _____ C:\Users\Günter Meier\defogger_reenable
2015-10-17 15:51 - 2015-09-18 19:47 - 00023384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-17 15:51 - 2015-09-18 19:44 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-17 15:51 - 2015-09-18 19:44 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-17 15:51 - 2015-09-18 19:44 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-17 15:51 - 2015-09-18 19:44 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-17 15:51 - 2015-09-18 19:44 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-17 15:51 - 2015-09-18 19:35 - 00999936 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-14 14:00 - 2015-09-18 20:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 14:00 - 2015-09-16 05:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 14:00 - 2015-09-16 05:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 14:00 - 2015-09-16 05:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 14:00 - 2015-09-16 05:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 14:00 - 2015-09-16 05:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 14:00 - 2015-09-16 05:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 14:00 - 2015-09-16 05:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 14:00 - 2015-09-16 05:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 14:00 - 2015-09-16 05:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 14:00 - 2015-09-16 05:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 14:00 - 2015-09-16 05:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 14:00 - 2015-09-16 05:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 14:00 - 2015-09-16 05:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 14:00 - 2015-09-16 05:23 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 14:00 - 2015-09-16 05:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 14:00 - 2015-09-16 05:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 14:00 - 2015-09-16 05:18 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 14:00 - 2015-09-16 05:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 14:00 - 2015-09-16 05:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 14:00 - 2015-09-16 05:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 14:00 - 2015-09-16 05:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 14:00 - 2015-09-16 05:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 14:00 - 2015-09-16 05:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 14:00 - 2015-09-16 05:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 14:00 - 2015-09-16 04:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 14:00 - 2015-09-16 04:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 14:00 - 2015-09-16 04:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 14:00 - 2015-09-16 04:56 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 14:00 - 2015-09-16 04:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 14:00 - 2015-09-16 04:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 14:00 - 2015-09-16 04:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 14:00 - 2015-09-16 04:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 14:00 - 2015-09-16 04:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 13:57 - 2015-10-01 19:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 13:57 - 2015-10-01 19:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 13:57 - 2015-10-01 19:50 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 13:57 - 2015-10-01 19:50 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 13:57 - 2015-10-01 19:50 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 13:57 - 2015-10-01 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 13:57 - 2015-09-29 05:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-10-14 13:57 - 2015-09-29 05:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 13:57 - 2015-09-29 05:02 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 13:57 - 2015-09-29 04:58 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 13:57 - 2015-09-29 04:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 13:57 - 2015-09-29 04:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 13:57 - 2015-09-29 04:58 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 13:57 - 2015-09-29 04:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 13:57 - 2015-09-29 04:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 13:57 - 2015-09-29 04:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 13:57 - 2015-09-29 04:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 13:57 - 2015-09-29 04:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 13:57 - 2015-09-29 04:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 13:57 - 2015-09-29 03:43 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 13:57 - 2015-09-29 03:43 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 13:57 - 2015-09-29 03:43 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 13:57 - 2015-09-15 19:42 - 00139096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 13:57 - 2015-09-15 19:42 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 13:57 - 2015-09-15 19:36 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 13:57 - 2015-09-15 19:35 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 13:56 - 2015-09-25 19:59 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 13:56 - 2015-09-25 19:58 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 13:56 - 2015-09-25 19:58 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 13:56 - 2015-09-25 19:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 13:56 - 2015-09-25 19:58 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 13:56 - 2015-08-06 19:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 13:56 - 2015-08-06 19:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 16:55 - 2015-10-13 16:54 - 00524288 _____ (Simon Tatham) C:\Windows\putty.exe
2015-10-13 14:09 - 2015-10-13 14:09 - 00000000 ____D C:\Users\G�nter Meier
2015-10-12 18:09 - 2015-10-12 18:09 - 00000000 ____D C:\ProgramData\McAfee
2015-10-12 18:08 - 2015-10-23 13:13 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-12 18:08 - 2015-10-23 13:13 - 00002011 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-12 16:11 - 2015-10-12 16:11 - 28565300 _____ C:\Users\Günter Meier\Downloads\AdbeRdr920_de_DE.rar
2015-10-06 22:38 - 2015-10-23 14:33 - 00018582 _____ C:\Windows\PFRO.log
2015-09-25 21:58 - 2015-10-23 14:47 - 00833217 _____ C:\Windows\setupact.log
2015-09-25 21:58 - 2015-09-25 21:58 - 00000000 _____ C:\Windows\setuperr.log
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-23 14:47 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-23 14:43 - 2009-10-24 00:12 - 01699176 _____ C:\Windows\WindowsUpdate.log
2015-10-23 14:43 - 2009-10-23 23:34 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-23 14:43 - 2009-10-23 23:34 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-23 14:31 - 2015-08-10 13:31 - 00000000 ____D C:\Program Files\Amazon
2015-10-23 14:30 - 2014-04-08 08:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-23 13:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-10-23 13:13 - 2015-07-08 15:57 - 00002139 _____ C:\Users\Public\Desktop\simplitec Power Suite.lnk
2015-10-23 13:13 - 2015-06-12 18:57 - 00002102 _____ C:\Users\Public\Desktop\StarMoney 10.lnk
2015-10-23 13:13 - 2015-05-24 11:19 - 00001428 _____ C:\Users\Public\Desktop\ElsterFormular.lnk
2015-10-23 13:13 - 2015-04-23 15:15 - 00001489 _____ C:\Users\Public\Desktop\bibel digital.lnk
2015-10-23 13:13 - 2015-01-06 15:53 - 00002060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herrnhuter Losungen.lnk
2015-10-23 13:13 - 2015-01-06 15:53 - 00002054 _____ C:\Users\Public\Desktop\Herrnhuter Losungen.lnk
2015-10-23 13:13 - 2014-10-10 21:40 - 00001930 _____ C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2015-10-23 13:13 - 2013-12-23 14:08 - 00001064 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2015-10-23 13:13 - 2013-12-22 20:06 - 00001278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser 7 der Telekom.lnk
2015-10-23 13:13 - 2013-12-19 14:09 - 00002164 _____ C:\Users\Public\Desktop\Google Earth.lnk
2015-10-23 13:13 - 2013-03-15 17:02 - 00002136 _____ C:\Users\Public\Desktop\Canon MG8200 series Online-Handbuch.lnk
2015-10-23 13:13 - 2011-03-27 17:46 - 00002115 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-23 13:13 - 2009-10-23 23:35 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-10-23 13:13 - 2009-10-23 23:34 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-10-23 13:13 - 2009-07-14 06:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-23 13:13 - 2009-07-14 06:42 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-10-23 13:13 - 2009-07-14 06:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-10-23 13:13 - 2009-07-14 06:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-10-23 13:13 - 2008-04-11 22:13 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2015-10-23 13:13 - 2008-04-11 22:13 - 00000984 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2015-10-23 13:13 - 2008-03-06 12:56 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
2015-10-23 13:13 - 2008-03-06 12:52 - 00001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
2015-10-23 13:13 - 2008-01-17 14:01 - 00001252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
2015-10-23 13:13 - 2007-12-08 15:48 - 00000952 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
2015-10-23 13:12 - 2009-07-14 06:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-10-23 13:12 - 2009-07-14 06:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-10-23 13:11 - 2015-09-04 18:10 - 00002278 _____ C:\Users\Günter Meier\Desktop\Kindle.lnk
2015-10-23 13:11 - 2015-07-08 18:56 - 00001970 _____ C:\Users\Günter Meier\Desktop\IrfanView Thumbnails.lnk
2015-10-23 13:11 - 2011-04-12 17:01 - 00001124 _____ C:\Users\Günter Meier\Desktop\Smartcard Commander.lnk
2015-10-23 13:11 - 2009-10-24 10:11 - 00001409 _____ C:\Users\Günter Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-23 13:11 - 2009-08-11 10:57 - 00002174 _____ C:\Users\Günter Meier\Desktop\Google Earth.lnk
2015-10-23 13:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\IME
2015-10-23 13:11 - 2009-04-12 16:50 - 00000731 _____ C:\Users\Günter Meier\Desktop\Download -.lnk
2015-10-23 13:11 - 2009-01-01 14:15 - 00001086 _____ C:\Users\Günter Meier\Desktop\IrfanView.lnk
2015-10-23 13:11 - 2008-07-17 09:36 - 00000240 _____ C:\Users\Günter Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Window Switcher.lnk
2015-10-23 13:11 - 2007-11-23 13:33 - 00002346 _____ C:\Users\Günter Meier\Desktop\Nero Burning ROM.lnk
2015-10-22 12:28 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2015-10-22 12:28 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2015-10-22 12:28 - 2006-11-02 15:03 - 00000000 ____D C:\Users\Administrator
2015-10-22 12:19 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-10-22 12:17 - 2009-07-14 04:03 - 76546048 _____ C:\Windows\system32\config\software.bak
2015-10-22 12:17 - 2009-07-14 04:03 - 23330816 _____ C:\Windows\system32\config\system.bak
2015-10-22 12:17 - 2009-07-14 04:03 - 00524288 _____ C:\Windows\system32\config\default.bak
2015-10-22 12:17 - 2009-07-14 04:03 - 00057344 _____ C:\Windows\system32\config\sam.bak
2015-10-22 12:17 - 2009-07-14 04:03 - 00024576 _____ C:\Windows\system32\config\security.bak
2015-10-22 11:38 - 2015-06-12 18:54 - 00000000 ____D C:\Program Files\StarMoney 10
2015-10-20 16:15 - 2009-10-23 23:35 - 00000000 ____D C:\Users\Günter Meier
2015-10-20 16:12 - 2009-10-24 00:23 - 01648344 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-20 16:10 - 2011-02-28 19:30 - 00000000 ____D C:\Temp
2015-10-18 09:49 - 2014-08-09 12:34 - 00000000 ____D C:\Program Files\StarMoney 9.0
2015-10-17 16:25 - 2014-12-12 10:32 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-17 16:25 - 2014-05-06 17:55 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-17 14:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2015-10-17 14:10 - 2015-04-05 22:09 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-17 14:10 - 2014-11-12 17:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-17 14:10 - 2011-07-05 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
2015-10-17 14:10 - 2011-03-27 17:48 - 00000000 ____D C:\ProgramData\Real
2015-10-17 14:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2015-10-17 14:09 - 2009-11-07 21:52 - 00000000 ___RD C:\MSOCache
2015-10-15 09:21 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-10-14 19:10 - 2007-09-17 13:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 19:09 - 2013-08-02 21:57 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 19:01 - 2009-11-11 20:46 - 141105520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-14 19:00 - 2006-11-02 12:23 - 00000219 _____ C:\Windows\win.ini
2015-10-13 16:50 - 2008-08-04 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
2015-10-12 18:07 - 2007-09-17 13:17 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-12 18:07 - 2007-09-17 13:17 - 00000000 ____D C:\Program Files\Adobe
2015-10-12 17:36 - 2007-09-17 13:17 - 00000000 ____D C:\ProgramData\Adobe
2015-10-07 21:17 - 2015-07-13 22:31 - 00000000 ____D C:\Users\Günter Meier\Documents\Bible
2015-09-23 14:21 - 2014-09-24 11:24 - 00000071 _____ C:\Users\Günter Meier\Desktop\i_view32.ini
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-07-08 12:06 - 2015-07-09 09:31 - 0000053 _____ () C:\Users\Günter Meier\AppData\Roaming\LogFile.txt
2007-11-23 10:39 - 2009-01-08 19:29 - 0024206 _____ () C:\Users\Günter Meier\AppData\Roaming\UserTile.png
2015-02-12 10:59 - 2015-02-12 10:59 - 0000000 ____H () C:\Users\Günter Meier\AppData\Local\BITD367.tmp
2009-10-24 11:19 - 2009-10-24 11:19 - 0007609 _____ () C:\Users\Günter Meier\AppData\Local\Resmon.ResmonCfg
2011-12-23 21:57 - 2011-12-23 21:57 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{05CAAA34-0796-4266-BD12-2057BBECAF0B}
2011-07-30 09:28 - 2011-07-30 09:28 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{0766507E-53D7-44AF-A88E-C7EAEF153760}
2011-07-02 10:03 - 2011-07-02 10:08 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{0AE71263-88B3-4D37-9C7D-C0FC1B1FC4B9}
2011-10-18 13:16 - 2011-10-18 13:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{0B5A5CEB-9F36-4CEE-B0B7-2278D1CD416B}
2011-12-16 08:43 - 2011-12-16 08:43 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{17694828-0365-4695-AE08-08D098F41174}
2011-06-09 08:56 - 2011-06-09 08:56 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{189E3064-3E60-407D-B479-4EA6071C647E}
2012-01-11 12:36 - 2012-01-11 12:36 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{1CC4BC34-506A-4F28-849E-9BB689FDD145}
2011-05-12 22:19 - 2011-05-12 22:19 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{1D3488B1-AC49-4CE9-B01A-347A723C9E47}
2014-05-30 09:09 - 2014-05-30 09:09 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{23E58F2C-8DC4-4DE3-8FEF-766B1EEA544E}
2011-12-16 19:24 - 2011-12-16 19:24 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{28F4E85B-9194-4962-B72F-BDF01365858E}
2011-10-19 17:19 - 2011-10-19 17:19 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{29037809-5BF9-45EB-A551-B4F9944569EC}
2011-06-16 22:36 - 2011-06-16 22:36 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{29891808-A8FD-4F02-99A0-45E554B54B83}
2011-05-12 22:15 - 2011-05-12 22:15 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{2A589BD2-D8B8-4CE0-9AEC-9FD96C7E3A7C}
2011-11-10 16:20 - 2011-11-10 16:23 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{33620E34-0CC5-45B2-972D-B205D971AEFF}
2012-01-26 22:26 - 2012-01-26 22:26 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{338C8C87-226E-42F5-97CC-CDDC0BD39DC5}
2011-10-22 17:29 - 2011-10-22 17:29 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{35741B3A-B90E-4C17-980D-693DDC6D92B2}
2015-04-17 09:45 - 2015-04-17 09:49 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{37601423-536C-48D0-BBDF-BB556A35E507}
2011-11-10 16:23 - 2011-11-10 16:23 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{38CD506F-C922-4793-9DB1-A1F71DAE1C80}
2011-06-15 16:11 - 2011-06-15 16:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{3F1A741B-0E83-40B7-9293-F608619820F4}
2011-11-06 20:59 - 2011-11-06 20:59 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{41EB32F3-12BB-4F05-9EEA-C094A182864A}
2011-05-27 09:13 - 2011-05-27 09:13 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{451DD174-B044-4C44-BF45-A905F6CA4F5A}
2011-06-23 17:01 - 2011-06-23 17:01 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{4A257FA5-1DDC-43F7-BC1C-0101E86330DF}
2012-01-20 22:04 - 2012-01-20 22:04 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{4F835A43-90C0-45A9-A01D-30D12E39DA18}
2011-07-15 20:00 - 2011-07-15 20:00 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{5266879B-59A6-4F0B-99B1-F32396F78B0B}
2011-07-07 15:25 - 2011-07-07 15:25 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{565FA85B-71E4-48E4-BC1B-B4D473C9583E}
2011-06-26 16:03 - 2011-06-26 16:03 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{5DD604CF-949E-4EF9-AAE2-E98BF823D8DC}
2011-08-05 21:36 - 2011-08-05 21:36 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{618E2725-2A74-492B-AB68-9C9A7FBC60FA}
2014-09-17 11:32 - 2014-09-17 11:32 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{64A4A4AE-C52B-4208-9DC1-F3A515D33732}
2015-02-12 10:55 - 2015-02-12 10:59 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{6DA6D618-2D09-4E54-B6EA-D48FD2EE3E59}
2011-05-20 21:37 - 2011-05-20 21:37 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{71902AA3-3597-4958-BDBA-6C46016CED28}
2011-09-06 17:20 - 2011-09-06 17:21 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{724E8FC5-F413-4D0C-B0B8-8E9B13C5BE25}
2011-06-17 18:09 - 2011-06-17 18:09 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{77EFB568-7ED5-4EB2-8D60-8BC1540A9FF4}
2011-09-19 18:00 - 2011-09-19 18:04 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{79059305-E922-4911-B8D2-9135AFC051E0}
2012-01-06 19:58 - 2012-01-06 19:58 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{7BD81CF8-BA1F-405F-A974-8E15A12D1560}
2011-12-16 19:26 - 2011-12-16 19:26 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{7E6C24A7-A380-4862-909B-3C42CE67B411}
2011-07-17 08:29 - 2011-07-17 08:33 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{7ECE3187-654D-4E3E-B1E1-FB987C5DC824}
2011-11-10 16:25 - 2011-11-10 16:25 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{80059459-AD63-4EF3-B458-80436D4A91C3}
2011-09-19 18:02 - 2011-09-19 18:02 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{801DF4EC-2545-48AD-9E6B-B9E5F525FB45}
2011-09-14 19:39 - 2011-09-14 19:43 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{8433C909-3DE4-4FF7-BDB5-C71244205008}
2011-07-17 08:30 - 2011-07-17 08:35 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{875F79BE-EE0D-4267-8DE4-28ADBEDD6A58}
2011-07-30 09:29 - 2011-07-30 09:29 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{877CAC26-F3F4-4A4E-9FC9-D8B8DC3DC326}
2011-11-06 20:56 - 2011-11-06 20:56 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{89E76C26-CEDF-4184-82AE-3B1E5394A189}
2011-06-14 14:42 - 2011-06-14 14:42 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{8ED483F8-95C4-449A-B875-08FBA12129FF}
2011-10-07 18:16 - 2011-10-07 18:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{91EFF962-614A-45F8-9B30-57FBF9D336C6}
2011-06-15 16:09 - 2011-06-15 16:14 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{94858006-C678-4BCF-B655-CC82F18CB6C1}
2011-10-30 15:06 - 2011-10-30 15:06 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{96A82280-66E2-438B-BA18-9357DF72FEDD}
2011-11-03 18:14 - 2011-11-03 18:14 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{97F44D2C-D6DE-4D4B-8FF6-9DA56B1FB7E5}
2011-06-08 12:25 - 2011-06-08 12:25 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A01F53D9-7AFF-4AA4-8C51-541D0653CD1E}
2011-06-09 08:58 - 2011-06-09 08:58 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A1C1B8D0-278C-4B74-92BE-77ABC7A2B36B}
2011-12-06 10:44 - 2011-12-06 10:44 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A31325A4-1936-4BBF-A614-C4901C6F3313}
2011-12-17 11:13 - 2011-12-17 11:13 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A34EC897-35C0-45AE-9061-6D13B9F064C5}
2011-11-15 15:53 - 2011-11-15 15:53 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A50C05E7-36C0-41CD-A151-312C267A8F93}
2011-10-02 22:06 - 2011-10-02 22:06 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A6546426-9765-47B3-A4B5-8833E3728509}
2011-11-03 18:16 - 2011-11-03 18:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A65891F9-D1DC-4710-A18B-59195499AD25}
2012-01-06 19:56 - 2012-01-06 19:56 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A7E6BDF8-283D-4421-AFB2-449C1D5038C4}
2012-02-01 09:28 - 2012-02-01 09:28 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{AA7D708B-14B4-48CA-BB7B-EBC8D4578E6C}
2012-01-11 22:22 - 2012-01-11 22:22 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{AAB15AF0-99F7-416A-A202-9B120F5AFC76}
2014-07-11 09:15 - 2014-07-11 09:15 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{ABEA0400-D334-4F95-BDB4-85D0FFE3916D}
2011-07-17 18:35 - 2011-07-17 18:35 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{AC3DF61D-2DE3-41B9-B4A9-239938F825C7}
2011-07-06 09:24 - 2011-07-06 09:24 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{B2A65E21-ED83-41A4-BDF9-6898D2BD17C7}
2011-08-01 11:03 - 2011-08-01 11:04 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{BC517638-F267-4F06-926C-C1BBB488A79F}
2011-06-19 13:12 - 2011-06-19 13:12 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{BDA60C25-42C9-4EC4-9957-33B1206E85A2}
2011-11-09 22:01 - 2011-11-09 22:03 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{C102085D-C45E-4EA1-B94A-70AD439FE9EA}
2011-10-12 12:33 - 2011-10-12 12:33 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{CDD78E85-8B3D-43A0-B667-60152FD93FA4}
2011-12-16 08:45 - 2011-12-16 08:45 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{CEC7DA45-826C-4850-8A58-567EC29FC7D4}
2011-09-14 19:41 - 2011-09-14 19:41 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{D161D418-F4E5-4391-A183-9A90BA48F3AD}
2011-06-24 12:21 - 2011-06-24 12:21 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{D5119CE5-BDA0-4DDC-AAAF-21CCABC1C9DD}
2011-11-03 18:17 - 2011-11-03 18:17 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{D82FFAB7-3D57-49A8-8D08-5AFE6035D856}
2012-01-09 11:33 - 2012-01-09 11:34 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DAB70909-1C31-4C50-BA6D-8A1DBC16C007}
2011-06-11 17:02 - 2011-06-11 17:02 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DB4E76D0-D1A0-4DED-9618-FBC8D03F53C2}
2011-06-10 18:00 - 2011-06-10 18:01 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DC29E31A-B235-4BC6-A04B-0D1810A2B392}
2011-09-19 18:06 - 2011-09-19 18:06 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DF19300C-A2C8-4C8B-AA5F-2FDEA33BA72A}
2011-10-10 22:01 - 2011-10-10 22:01 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E1D28314-940E-4F2E-950F-7B627D0F8245}
2011-06-23 16:59 - 2011-06-23 16:59 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E3048784-D47B-4F95-BCB2-17CAC094F43A}
2011-07-31 11:49 - 2011-07-31 11:49 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E467D0D2-A4F5-469E-A910-783FD1A073CE}
2011-12-04 16:38 - 2011-12-04 16:38 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E58633B9-ACF2-4DF5-B796-C6E479EF246D}
2011-10-14 16:21 - 2011-10-14 16:21 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{EAD67AE9-0963-41F1-B934-5FB345612BE3}
2011-09-16 10:57 - 2011-09-16 10:57 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{F3CC78FF-402B-4FF3-A996-24ED5C370D3F}
2011-06-24 12:17 - 2011-06-24 12:17 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{F5C3197E-C3C0-42C9-BE75-9A8896599CD3}
2011-12-17 11:16 - 2011-12-17 11:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{FB2FD8B0-9BAB-4F35-9EE2-00E8FC1372C6}
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Günter Meier\ger21008.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-10-23 13:45
==================== Ende vom FRST.txt ============================
Addition.txt: Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:18-10-2015
durchgeführt von Günter Meier (2015-10-23 14:51:45)
Gestartet von E:\winguenter\bin
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2009-10-24 08:10:48)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3597727890-3998022267-917300989-500 - Administrator - Disabled)
Gast (S-1-5-21-3597727890-3998022267-917300989-501 - Limited - Enabled)
Günter Meier (S-1-5-21-3597727890-3998022267-917300989-1000 - Administrator - Enabled) => C:\Users\Günter Meier
UpdatusUser (S-1-5-21-3597727890-3998022267-917300989-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: G DATA INTERNET SECURITY (Enabled - Out of date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA INTERNET SECURITY (Enabled - Out of date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90000000001}_Adobe Reader 9 - Deutsch) (Version: - )
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Browser 7 der Telekom 39.0.15 (x86 de) (HKLM\...\Browser 7 der Telekom 39.0.15 (x86 de)) (Version: 39.0.15 - Deutsche Telekom AG)
Browser 7 Maintenance Service (HKLM\...\Browser7MaintenanceService) (Version: 33.1.17 - Deutsche Telekom AG)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version: - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version: - )
Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon MG8200 series Benutzerregistrierung (HKLM\...\Canon MG8200 series Benutzerregistrierung) (Version: - )
Canon MG8200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8200_series) (Version: - )
Canon MG8200 series On-screen Manual (HKLM\...\Canon MG8200 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version: - )
Canon MP Navigator EX 5.1 (HKLM\...\MP Navigator EX 5.1) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
CHIPDRIVE Smartcard Commander (HKLM\...\CHIPDRIVE Smartcard Commander_CDInst21) (Version: - SCM Microsystems)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.0 - Corel Corporation) Hidden
Duden Korrektor (HKLM\...\InstallShield_{91BF142C-E8C0-4279-A98D-A61A4404CF56}) (Version: 5.00.1507.00 - Duden)
Duden Korrektor (Version: 5.00.1507.00 - Duden) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen)
G DATA INTERNET SECURITY (HKLM\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.4 - G DATA Software AG)
GEAR 32bit Driver Installer (HKLM\...\{E89B484C-B913-49A0-959B-89E836001658}) (Version: 2.005.1 - GEAR Software, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth (HKLM\...\{9509674F-3972-11DE-806D-005056806466}) (Version: 5.0.11733.9347 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Herrnhuter Losungen (HKLM\...\{2DEEC41F-02B0-4BC4-819A-2355E8B1C398}) (Version: 3.4.0 - Evang. Brüderunität Herrnhut)
ICQ6.5 (HKLM\...\{60DE4033-9503-48D1-A483-7846BD217CA9}) (Version: 6.5 - ICQ)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
JMB36X Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
LightScribe 1.4.136.1 (Version: 1.4.136.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XML Parser und SDK (HKLM\...\{35343FF7-939B-401A-87B3-FF90A5123D88}) (Version: 4.10.9404.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Premium (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301031}) (Version: 7.02.9753 - Nero AG)
Office-Bibliothek (HKLM\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.00.3 - Bibliographisches Institut & F.A. Brockhaus AG)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Online Bibel 12.07.02 (HKLM\...\OnlineBible) (Version: - )
Online Bibel 12.07.02 (HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\OnlineBible) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paint.NET v3.30 (HKLM\...\{FF09A6A1-4DE5-467D-AA26-EF18C0EA4DAB}) (Version: 3.30.0 - dotPDN LLC)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Platform (Version: 1.24 - VIA Technologies, Inc.) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SCR3xx USB Smart Card Reader (HKLM\...\{7EABFCD9-9F26-4E2C-A762-73ABE2C54E95}) (Version: 8.18.0001 - SCM Microsystems)
simfy (HKLM\...\Simfy) (Version: 1.4.8 - simfy GmbH)
simfy (Version: 1.4.8 - simfy GmbH) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.6140 - Analog Devices)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
StarMoney (Version: 2.0 - StarFinanz) Hidden
StarMoney (Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney (Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10 (HKLM\...\{BEA4756B-BD9D-49AA-9260-C496B3D8F8E1}) (Version: 10 - Star Finanz GmbH)
StarMoney 6.0 S-Edition (HKLM\...\{60459C52-DCD5-408F-925E-4AD20D9DAFD8}) (Version: 6.0 - StarFinanz GmbH)
StarMoney 9.0 (HKLM\...\{172EC92E-003F-47B8-8E38-00A3FD455467}) (Version: - )
StarMoney 9.0 (HKLM\...\{2262CF96-D326-4926-885E-AA3B7E4E7368}) (Version: 9.0 - Star Finanz GmbH)
TeamViewer 3 (HKLM\...\TeamViewer 3) (Version: - TeamViewer GmbH)
TSP_CODEC (HKLM\...\{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}) (Version: 1.00.0000 - Bytescribe)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{0C5B0539-7EDE-4297-947E-48890971B557}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PRO_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PRO_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PRO_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PRO_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{1796A329-04C1-4C07-B28E-E4A807935C06}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{1A239250-B650-4B63-B4CF-7FCC4DC07DC6}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{2C9357FA-97F8-4213-B712-A4CCF03AE379}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\AlexaWebSearch.dll (Bitmanagement)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Windows\system32\config\systemprofile\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{42DF0D46-7D49-4AE5-8EF6-9CA6E41EFEC1}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{44EA0FF7-08B7-4B7F-A594-F7F94A2B60F7}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\GoogleSearch.dll (SpaceTime)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.1\psuser.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{5D052CD7-6CAE-463C-99FF-0159EABFE66E}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\SpaceTime3D.ocx (SpaceTime 3D, Inc)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{63E6BE14-A742-4EEA-8AF3-0EC39F10F850}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{645EEE5A-BD51-4C05-A6AF-6F2CF8950AAB}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{77C4C807-E257-43AD-BB3F-7CA88760BD29}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{8097D7E9-DB9E-4AEF-9B28-61D82A1DF784}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{9059C329-4661-49B2-9984-8753C45DB7B9}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{9919BE4D-9E6F-4732-9E4E-5F83ABB62FEB}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\websearch.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{998FA181-D5BB-4548-9CB6-7FC105A0A327}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\wavdest.ax ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{A2D4475B-C9AA-48E2-A029-1DB829DACF7B}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{A4F65992-5738-475B-9C16-CF102BCDE153}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{B153D707-447A-4538-913E-6146B3FDEE02}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{B3C985DA-45C2-417D-B11B-6E6484A725F1}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\RSSSearch.dll (SpaceTime3D inc)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{BF9A5794-8AF5-46FA-8865-EAF65CD654A8}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\Compass.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{CB27DAA3-E581-4777-A725-F32B47EDBDCF}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\Compass.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{CBD4FB70-F00B-4963-B249-4B056E6A981A}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Windows\system32\config\systemprofile\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{D6F407CF-E8AE-469D-9FC7-1DECAEDAAD9A}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\websearch.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{D93BF052-FC68-4DB6-A4F8-A4DC9BEEB1C0}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{F4F7B301-7C59-4851-BA97-C51F110B590F}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\earthps.dll ()
==================== Wiederherstellungspunkte =========================
08-10-2015 19:32:53 Windows Update
12-10-2015 17:32:09 Removed Adobe Reader XI (11.0.11) - Deutsch.
12-10-2015 17:33:54 Removed Adobe Reader XI (11.0.11) - Deutsch.
12-10-2015 17:35:46 Removed Adobe Reader XI (11.0.11) - Deutsch.
13-10-2015 14:07:29 Windows Update
13-10-2015 17:15:19 Removed simfy
14-10-2015 13:12:23 Wiederherstellungsvorgang
14-10-2015 13:30:34 Removed simfy
14-10-2015 14:16:04 Windows Update
14-10-2015 18:52:43 Windows Update
15-10-2015 17:56:52 Windows Update
17-10-2015 14:04:53 Wiederherstellungsvorgang
17-10-2015 16:24:23 Windows Update
23-10-2015 14:36:49 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2006-11-02 12:23 - 2015-10-22 12:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {00D58F06-E0E1-4A74-9DCC-17ED108F0BEB} - System32\Tasks\{47C57D00-1548-4256-9285-CBEED6687977} => pcalua.exe -a H:\setup.exe -d H:\ -c autorun
Task: {0588BB0D-C82E-4CC1-92A1-4224DA648CFB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0E9F0C20-BCE3-499C-A966-F734C28C163E} - System32\Tasks\{8FE32562-C235-4FAB-9A6D-03D63CA7D940} => pcalua.exe -a C:\Windows\System32\config\systemprofile\Downloads\browser7_setup(1).exe -d C:\Windows\System32\config\systemprofile\Downloads
Task: {1104AA23-EFC9-449A-80B1-8D2AC7522A6D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {14E7FE71-8001-4321-89D5-08F1290FB27F} - System32\Tasks\{CE475AAD-AFC9-42A3-9D97-A57126633DF0} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\aomwin200ea24.exe" -d "C:\Program Files\Mozilla Firefox"
Task: {1F743136-E9A5-4E4F-93EA-600712E0DC7B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {220210B8-C66A-44C3-9E69-2CC5ADC162CF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597727890-3998022267-917300989-1000Core => C:\Users\Günter Meier\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {2D80F328-4163-4F70-8A20-E3DA5EE5DC86} - System32\Tasks\{6B8F0279-9C50-4EDB-BFC5-881052B5558C} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {38E40A51-8080-4086-82A7-ADE3C56521D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {3FD8EA5F-ED3E-4A8E-A9E8-17FED68D3BCF} - System32\Tasks\{D6456F15-B695-4531-A08C-703557131E8B} => pcalua.exe -a D:\smoney_m_18_0_01234567_0000011022_j_.exe -d D:\
Task: {4BA14185-3A0A-425D-B5F8-F67D75F2F8F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {4C2F9702-1EE5-473A-A1D7-6E20635A84B8} - System32\Tasks\{515B8E38-020F-42EF-BBA0-FF5772AA7ACE} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {4E109E6D-3616-4CCD-BE29-95646479A919} - System32\Tasks\{151811DA-8574-4F07-B4E3-BC0CC70C5210} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {5DCBDA99-E748-4AB4-BEE6-ACD450989D75} - System32\Tasks\{D5DC5CA7-AF3F-444F-8CAE-BF2020269A3A} => pcalua.exe -a "C:\Program Files\Bible\OlbDel.Exe" -c "Online Bibel" "Online Bibel" "C:\Users\Günter Meier\Documents\Bible\" "C:\Users\Public\Documents\Online Bible\"
Task: {5E2CC2C0-064B-4059-B917-4D504F3AACD0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {63AE1EE3-64C8-48DE-9C54-45711309E921} - System32\Tasks\{9C90A1E7-FADF-400F-B72A-CBE75816D972} => pcalua.exe -a "C:\bibel digital\mfbo2a32.exe" -d C:\Windows\system32\config\systemprofile\Desktop
Task: {75D3157F-439F-4E84-924A-FA650AB4F69A} - System32\Tasks\{A7B6B988-1FC5-42A4-BD45-CD7EE5F1C1DA} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {848A33C2-A5F0-497A-B08C-EAC01706C1E8} - System32\Tasks\{A2D23527-3082-44BC-8390-0526D67B3D46} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe" -c -runfromtemp -l0x0007 -removeonly
Task: {8B815B25-1B02-4957-A89E-2A3E1321533E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8E3BF495-571E-40DD-B913-C302BD618019} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {911023DE-5FF7-409F-A38A-476275210A5B} - System32\Tasks\{F5595CA3-EF8C-4FF9-9CC8-3F5BFDE3A806} => pcalua.exe -a I:\InstallTomTomHOME.exe -d I:\
Task: {96EDA8E3-5C17-4AF4-9537-3FF2530B08E6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A61C90FA-B985-462E-A804-70558A90C134} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Günter Meier => C:\Program Files\Windows Calendar\WinCal.exe
Task: {A64AE6AE-1A92-403B-8196-EE4C17077740} - System32\Tasks\{88B1E977-17F5-4EAF-BA92-03B89D785644} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {CB0E91C7-DAEF-4541-8AF5-29BAFA96EBFD} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-09-18] (Microsoft Corporation)
Task: {D2AE73FE-E2C5-431A-918B-F03363307423} - System32\Tasks\{A37709E2-5C8D-4187-ACBD-0664905177B7} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\teledatX120\Konfig\V3_02_02\_ISDel.exe" -d "C:\Users\Günter Meier\Downloads\teledatX120\Konfig\V3_02_02"
Task: {D57B9C09-4511-4F89-93BE-71AF5F9DCACC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {DBCEE112-EA9A-4F16-9C36-EE9EF50D3571} - System32\Tasks\{6EA55286-8D0E-467A-9FB0-F5B315B5ABA8} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\wmp11-windowsxp-x86-DE-DE.exe" -d "C:\Users\Günter Meier\Downloads"
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {ED4CB7E8-51FB-4A5C-B797-622CD46DAF23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {FBB31E70-84F8-4478-8FCA-7B0A64BD4336} - System32\Tasks\{B09EF877-27B6-4235-882D-C184CF3EF917} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\GER_R_FUL_AV.exe" -d "C:\Users\Günter Meier\Downloads"
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2009-05-04 13:10 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2015-02-20 05:42 - 2015-02-20 05:42 - 00317560 ____N () C:\Program Files\Common Files\G DATA\AVKProxy\PktIcpt2.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Günter Meier\Documents\Fotovorlagen:com.dropbox.attributes
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\amazon.de -> amazon.de
IE trusted site: HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\amazon.de -> amazon.de
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: StarMoney 7.0 OnlineUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [UDP Query User{DB1B0F8C-F8B0-4EDB-8050-9903D99C271E}C:\program files\icq6.5\icq.exe] => (Allow) C:\program files\icq6.5\icq.exe
FirewallRules: [TCP Query User{D2ED50E5-ECBA-4948-A737-CD574422ED83}C:\program files\icq6.5\icq.exe] => (Allow) C:\program files\icq6.5\icq.exe
FirewallRules: [UDP Query User{BC1B4E24-7EBD-4EC5-8594-55F8ACBD8274}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{040CD7D5-ECE8-49EE-8A50-977C4F681C43}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D6F4D7DB-4845-47F1-8E55-8DA46042BA13}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{C87F02C0-6E69-4D92-8920-9E65E63E4FAD}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{C7D6D316-A356-4310-AD6B-4981B9F8B777}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{DE344125-C3EF-4BAD-B2DA-A1599E5EB1BB}] => (Allow) svchost.exe
FirewallRules: [{A50D645D-011F-492D-BF38-EB7A6863AAFC}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [UDP Query User{B8EF7B60-2422-4342-975E-B6A2067C6871}C:\program files\icq6\icq.exe] => (Allow) C:\program files\icq6\icq.exe
FirewallRules: [TCP Query User{ADEC9F8E-8625-48A4-8A60-2D04234396AE}C:\program files\icq6\icq.exe] => (Allow) C:\program files\icq6\icq.exe
FirewallRules: [{4FDB4FE1-D932-4439-B87F-6A438835C552}] => (Allow) C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{1405F477-C137-4B8B-BACB-752782BF0BC4}] => (Allow) C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{6E52F4DD-1DB8-41B7-9EF9-C1720B1071EB}] => (Allow) C:\Program Files\StarMoney 7.0\app\StarMoney.exe
FirewallRules: [{F450EACA-F7F1-4C16-A862-CF5650E61586}] => (Allow) C:\Program Files\StarMoney 7.0\app\StarMoney.exe
FirewallRules: [{61D8180E-69E0-44D0-9825-CC55CF9E77C6}] => (Allow) C:\Users\Günter Meier\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4A8ADBAB-8CB2-412F-9430-A58A7062D98A}] => (Allow) C:\Users\Günter Meier\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7ED9393A-D714-4C67-9066-BF5760279FD2}] => (Allow) C:\Windows\Temp\IMInstaller\incredimail_installer.exe
FirewallRules: [{2B44D336-9058-41C8-A627-DC2FDDC1806E}] => (Allow) C:\Windows\Temp\IMInstaller\incredimail_installer.exe
FirewallRules: [{80368D74-E7DB-4F7D-9F02-FE106A76A00C}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{A79CA6CC-A682-419D-89DB-DAFEC93D724D}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{FA0986BF-4915-4DED-8AA2-F7586A6F7D5F}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{B17CA17F-6034-4B49-8DB8-0FEADF7E93F0}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{AF7D77F4-EE2A-42EB-8D13-DE4BAA176B5C}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{8839229D-A821-4495-B79D-C6C553E3B29B}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{AD490351-CD10-40EA-BEDE-0B79B2C331DC}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{1D8D05B8-D46B-4950-A9EA-85D92F3AC71E}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{426AFD31-A30C-4BF1-9A5A-F7DBC1566220}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5CC9264A-17A9-4A6D-9838-E6D64973F460}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{FA888CC4-0283-403E-AE44-9D88A46A0B0F}] => (Allow) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{BCB71965-94DE-47A3-A9D1-C5C6D2D725D6}] => (Allow) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{1861CF61-4EE2-419C-A3AC-45A526472F52}] => (Allow) C:\Program Files\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{9B399FA5-CE50-4C73-9E33-32D5720D2CC2}] => (Allow) C:\Program Files\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{44117AEF-EC60-4924-8622-141C42DBFD8C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1B8582D3-9153-4A84-81D8-2E2FA904916A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6DC934A1-CABE-47C3-BBDB-E667D26D3764}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7C5467E3-0AB4-4B05-BFC8-814A14D88C16}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2E237F61-D6B4-483C-8DC3-5C4AAAC08574}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{113776B5-2BE7-429B-81AD-DFA7850A78F3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{45F2DD33-BBFF-4866-B9F7-8717AF298B0C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7936D596-1165-4FC0-9D83-E8E564CCA25E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FFE1557E-0267-4A9F-A333-F610BFFFF2BF}] => (Allow) C:\Program Files\Deutsche Telekom AG\Browser 7\Browser7.exe
FirewallRules: [{B72C2DE3-F7AA-4039-AEA3-8BB23726543C}] => (Allow) C:\Program Files\Deutsche Telekom AG\Browser 7\Browser7.exe
FirewallRules: [{0499696A-7CFA-4E00-828B-6676988C9DDB}] => (Allow) C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{CA378E91-2269-4F8E-BACA-3192532B1733}] => (Allow) C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{4E1E623C-3507-4E41-9191-EF317A05B33E}] => (Allow) C:\Program Files\StarMoney 10\app\StarMoney.exe
FirewallRules: [{1C0E5D20-0F39-4ED0-9D73-DF44A2AFC3A5}] => (Allow) C:\Program Files\StarMoney 10\app\StarMoney.exe
FirewallRules: [{D998154B-4F5B-4463-BCAC-F41B4C4A1B74}] => (Allow) C:\Program Files\simplitec\simplifast\PowerSuite.exe
FirewallRules: [{5F41C9C5-062A-4596-97B6-DFBBC6F0DC27}] => (Allow) C:\Program Files\simplitec\simplifast\PowerSuite.exe
FirewallRules: [{7D72ECE0-A4AC-4AFD-ADFA-3227298E9BC1}] => (Allow) C:\Program Files\simplitec\simplifast\ServiceProvider.exe
FirewallRules: [{603A4EB2-8FEA-47A0-BEBD-5A84320106B6}] => (Allow) C:\Program Files\simplitec\simplifast\ServiceProvider.exe
FirewallRules: [{BD375068-A645-4810-A32E-ABD60014A60E}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\PowerSuite.exe
FirewallRules: [{9FEE394B-0061-4D96-A2E2-76639C645CA1}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\PowerSuite.exe
FirewallRules: [{5DE97CF7-47B0-481A-97A9-687C8F0A499E}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{1414BB0A-2983-49C1-9CA9-D75704B9C143}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{7370E5AC-5D97-4D83-B08C-5670587B2597}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{88FA3FBE-7657-42DB-82D2-DED836237376}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{782E3989-2D24-41B6-BB25-C48C3B5A2CC2}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{61AEEFA5-E66E-410B-8EB3-C8D9EC32B8B4}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{9FD6D478-AA5F-4ACD-80D1-AEA25B738887}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{72A6D150-1990-4F46-A338-7AA7CC7D3EDC}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{E8ABAB9E-FE3C-41CF-9CEA-4ADBF486523C}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/22/2015 11:57:13 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x800706be).
Error: (10/18/2015 06:49:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Browser7.exe, Version: 39.0.3.5700, Zeitstempel: 0x55c88cd2
Name des fehlerhaften Moduls: xul.dll, Version: 39.0.3.5700, Zeitstempel: 0x55c88e9c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00b1ba22
ID des fehlerhaften Prozesses: 0xecc
Startzeit der fehlerhaften Anwendung: 0xBrowser7.exe0
Pfad der fehlerhaften Anwendung: Browser7.exe1
Pfad des fehlerhaften Moduls: Browser7.exe2
Berichtskennung: Browser7.exe3
Error: (10/17/2015 05:32:25 PM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Can not connect to Process Manager (0)
Error: (10/17/2015 03:47:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: GÜNTER-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6500}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (10/17/2015 02:00:47 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR missing /Name: option
Error: (10/17/2015 02:00:47 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR CFG File; none found
Error: (10/17/2015 02:00:47 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR Multistring not found: RegDefragNT.exe
Error: (10/17/2015 02:00:22 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR missing /Name: option
Error: (10/17/2015 02:00:22 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR CFG File; none found
Error: (10/17/2015 02:00:22 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR Multistring not found: RegDefragNT.exe
Systemfehler:
=============
Error: (10/23/2015 02:48:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst StarMoney 9.0 OnlineUpdate erreicht.
Error: (10/23/2015 02:48:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst StarMoney 10 OnlineUpdate erreicht.
Error: (10/23/2015 02:40:11 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Modules Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (10/23/2015 02:38:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/23/2015 02:38:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/23/2015 02:38:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "RealNetworks Downloader Resolver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/23/2015 02:38:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Protexis Licensing V2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/23/2015 02:38:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/23/2015 02:38:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/23/2015 02:34:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst StarMoney 9.0 OnlineUpdate erreicht.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz
Prozentuale Nutzung des RAM: 57%
Installierter physikalischer RAM: 2046.49 MB
Verfügbarer physikalischer RAM: 878.01 MB
Summe virtueller Speicher: 4092.98 MB
Verfügbarer virtueller Speicher: 2671.92 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:298.09 GB) (Free:218.79 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive e: (KINGSTON) (Removable) (Total:58.58 GB) (Free:58.19 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E7AFE7AF)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 58.6 GB) (Disk ID: C9D93779)
Partition 1: (Active) - (Size=58.6 GB) - (Type=0C)
==================== Ende vom Addition.txt ============================
Gruss, Tom |
|
24.10.2015, 17:34
| #10 |
| /// the machine /// TB-Ausbilder | Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbarESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.10.2015, 16:26
| #11 |
| | Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar ESET Log: Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3adff8bf93085c4db9914926dfae73c4
# end=init
# utc_time=2015-10-25 08:53:34
# local_time=2015-10-25 09:53:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26399
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3adff8bf93085c4db9914926dfae73c4
# end=updated
# utc_time=2015-10-25 08:56:45
# local_time=2015-10-25 09:56:45 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3adff8bf93085c4db9914926dfae73c4
# engine=26399
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-10-25 12:02:18
# local_time=2015-10-25 01:02:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='G DATA INTERNET SECURITY'
# compatibility_mode=4112 16777213 100 100 15790 21376810 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 174938 197405729 0 0
# scanned=263305
# found=14
# cleaned=0
# scan_time=11132
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\config\systemprofile\AppData\Roaming\Fighters\Tray\AutoInstall\DM.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\config\systemprofile\AppData\Roaming\Fighters\Tray\Updates\TKTRAY-DM\DM.exe.vir"
sh=90F3018479A7D53FBD252C5910FB7C1C55F6844A ft=1 fh=b6a7e643392b01bc vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\faq_8A71AEBB623B46A0B934103F1A762800.exe"
sh=99FEB67B41F04041C2DD5897142C7E07C0A7D630 ft=1 fh=c125cbaeea0673e9 vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\LicenseShortcut_303A72A482D54D67B5D168C047EE3E11.exe"
sh=92B466674B4B39B478774A7F8EC2C19BA57B8DA2 ft=1 fh=9581fee5c122095a vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\LogFilesCollectorS_95204E1E4B3B4767821B1FAD987C2D2D.exe"
sh=2F5CC49C2D4FFA2C589CE9008CFDA9176346B041 ft=1 fh=c4cf5f621356b736 vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\MainExe32Shortcut1_8A7FE1F5DFFF4F28A38F8DECA8F9F72A.exe"
sh=83D1E9F467FA784A84602885E8F490F1F2550EB8 ft=1 fh=e1e128c783531a5d vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\MainExe32Shortcut_B53671B5D9A445549437680533116875.exe"
sh=94069234AD87CF1A10B2E64FB3768AD63D9E6589 ft=1 fh=1ebfba59104772d6 vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\NewShortcut10_87735DA8B8974C24BDFBDDE8F2D2DF1A.exe"
sh=80088700F9C897E1A39460D96550E514A7AB65B8 ft=1 fh=d83c62338b5c5957 vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\UninstallIcon.exe"
sh=DF5AFCFA723A9EFCB09246976FCB221F7602C997 ft=1 fh=c71c0011d7b6ffae vn="Win32/Toolbar.MyWebSearch.AO evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Roaming\Deutsche Telekom AG\Browser7\Profiles\h0o2lqy4.default\extensions\8hffxtbr@download.allin1convert.com\plugins\NativeMessagingDispatcher.dll"
sh=DF5AFCFA723A9EFCB09246976FCB221F7602C997 ft=1 fh=c71c0011d7b6ffae vn="Win32/Toolbar.MyWebSearch.AO evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Roaming\Deutsche Telekom AG\Browser7\Profiles\h0o2lqy4.default\extensions\9tffxtbr@free.internetspeedtracker.com\plugins\NativeMessagingDispatcher.dll"
sh=A53D469C3534BCA8CC5CFF8A1D555D500E4043F5 ft=1 fh=3f3049abd7258b60 vn="NSIS/StartPage.CB Trojaner" ac=I fn="C:\Windows\System32\config\systemprofile\Downloads\routenplanung(1).exe"
sh=A53D469C3534BCA8CC5CFF8A1D555D500E4043F5 ft=1 fh=3f3049abd7258b60 vn="NSIS/StartPage.CB Trojaner" ac=I fn="C:\Windows\System32\config\systemprofile\Downloads\routenplanung.exe"
sh=1A5A883A8A6169B8FBF4EA56A53F545F9B6250D8 ft=1 fh=b961cb9440afcf45 vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\Downloads\slow-pcfighter_Web.exe"
Code:
ATTFilter Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
G DATA INTERNET SECURITY
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 26
Java version 32-bit out of Date!
Adobe Flash Player 17.0.0.190 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader XI (KB403742..)
Google Chrome (45.0.2454.85)
Google Chrome (46.0.2490.80)
````````Process Check: objlist.exe by Laurent````````
G DATA InternetSecurity Firewall GDFirewallTray.exe
G DATA InternetSecurity Firewall GDFwSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:18-10-2015
durchgeführt von Günter Meier (Administrator) auf GÜNTER-PC (25-10-2015 13:38:04)
Gestartet von E:\winguenter\bin
Geladene Profile: Günter Meier (Verfügbare Profile: Günter Meier & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files\Deutsche Telekom AG\Browser 7\Browser7.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(G Data Software AG) C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(G DATA Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Günter Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-08-05]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Tcpip\..\Interfaces\{92B1362F-D2B4-4AA3-8BF2-48D0F0646CDB}: [NameServer] 141.1.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_sp_
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tag=bds-p08-serp-de-ie-21&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_ds_&query={searchTerms}
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {05C72334-11F3-4e9f-8740-98128F52EFB9} URL = hxxp://google.ie7pro.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tag=bds-p08-serp-de-ie-21&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_ds_&query={searchTerms}
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {CB779390-9FC4-4A00-B031-3CD9A1C8A67A} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-03] (Sun Microsystems, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default
FF DefaultSearchUrl: hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF SelectedSearchEngine: Inbox Suchen
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-26] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-12-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-12-23] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-25] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-3597727890-3998022267-917300989-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3597727890-3998022267-917300989-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3597727890-3998022267-917300989-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Windows\system32\config\systemprofile\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-04-16] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2008-06-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2009-08-03] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-12-23] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-12-23] (RealPlayer)
FF SearchPlugin: C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\searchplugins\inbox-search.xml [2014-02-03]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-27] [ist nicht signiert]
FF Extension: Blue Ice 2 - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\Extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa} [2008-08-04] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-11] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-23] [ist nicht signiert]
FF Extension: Kein Name - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [nicht gefunden]
FF Extension: Kein Name - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [nicht gefunden]
Chrome:
=======
CHR Profile: C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-04-01]
CHR Extension: (RebateInformer) - C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\odbbfaealmlpnodchplhdomkgpdkeeal [2013-03-06]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AVKProxy; C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2528888 2015-04-16] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2876888 2015-04-07] (G Data Software AG)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [Datei ist nicht signiert]
S3 Browser7Maintenance; C:\Program Files\Browser 7 Maintenance Service\maintenanceservice.exe [148792 2015-08-20] (Deutsche Telekom AG)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-08] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R3 GDFwSvc; C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2539560 2015-02-20] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert]
S3 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 StarMoney 10 OnlineUpdate; C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688784 2015-07-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S4 StarMoney 7.0 OnlineUpdate; C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S4 TeamViewer; C:\Program Files\TeamViewer3\TeamViewer_Host.exe [90112 2007-11-29] () [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 eapihdrv; C:\Windows\TEMP\ehdrv.sys [135760 2015-10-25] (ESET)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [108032 2015-04-07] (G Data Software AG)
R3 GDKBB; C:\Windows\system32\drivers\GDKBB32.sys [24192 2015-04-07] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt32.sys [20352 2015-04-07] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [161792 2015-04-07] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon32.sys [29400 2011-07-31] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [73216 2015-04-07] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2015-07-12] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2015-09-17] (G Data Software)
S1 HCW88AUD; C:\Windows\System32\drivers\hcw88aud.sys [11904 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88BDA; C:\Windows\System32\drivers\hcw88bda.sys [207872 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88TSE; C:\Windows\System32\drivers\hcw88tse.sys [299776 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88TUNE; C:\Windows\System32\drivers\hcw88tun.sys [149504 2007-01-23] (Hauppauge Computer Works, Inc.)
S3 hcw88vid; C:\Windows\System32\drivers\hcw88vid.sys [498176 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88XBAR; C:\Windows\System32\drivers\HCW88BAR.sys [23552 2007-01-23] (Hauppauge Computer Works, Inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [87040 2015-04-07] (G Data Software AG)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-18] (Siliten)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [48768 2007-07-05] (JMicron Technology Corp.)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-10-17] (SCM Microsystems Inc.)
S3 STC2DFU; C:\Windows\System32\DRIVERS\Stc2Dfu.SYS [7796 2004-10-25] (SCM Microsystems Inc.) [Datei ist nicht signiert]
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (VIA Technologies, Inc.)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [91527 2005-02-26] (VM)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Windows\TEMP\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-23 13:41 - 2015-10-23 13:41 - 00002171 _____ C:\Users\Günter Meier\Desktop\JRT.txt
2015-10-23 12:27 - 2015-10-23 13:31 - 00000000 ____D C:\AdwCleaner
2015-10-23 11:38 - 2015-10-23 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-10-23 11:37 - 2015-10-23 11:37 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware
2015-10-23 11:37 - 2015-10-05 08:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-23 11:37 - 2015-10-05 08:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-22 11:28 - 2015-10-22 11:28 - 00018287 _____ C:\ComboFix.txt
2015-10-22 10:56 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-22 10:56 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-22 10:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-22 10:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-22 10:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-22 10:56 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-22 10:56 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-22 10:56 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-22 10:45 - 2015-10-22 11:28 - 00000000 ____D C:\Qoobox
2015-10-22 10:41 - 2015-10-22 11:25 - 00000000 ____D C:\Windows\erdnt
2015-10-20 18:19 - 2015-10-23 12:18 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-20 18:19 - 2015-10-23 11:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-20 18:19 - 2015-10-20 19:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-20 17:46 - 2015-10-20 19:06 - 00000000 ____D C:\Users\Günter Meier\Desktop\mbar
2015-10-20 17:46 - 2015-10-05 08:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-20 15:16 - 2015-10-25 13:38 - 00000000 ____D C:\FRST
2015-10-20 15:15 - 2015-10-20 15:15 - 00000000 _____ C:\Users\Günter Meier\defogger_reenable
2015-10-17 14:51 - 2015-09-18 18:47 - 00023384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-17 14:51 - 2015-09-18 18:44 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-17 14:51 - 2015-09-18 18:44 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-17 14:51 - 2015-09-18 18:44 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-17 14:51 - 2015-09-18 18:44 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-17 14:51 - 2015-09-18 18:44 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-17 14:51 - 2015-09-18 18:35 - 00999936 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-14 13:00 - 2015-09-18 19:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 13:00 - 2015-09-16 04:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 13:00 - 2015-09-16 04:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 13:00 - 2015-09-16 04:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 13:00 - 2015-09-16 04:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 13:00 - 2015-09-16 04:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 13:00 - 2015-09-16 04:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 13:00 - 2015-09-16 04:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 13:00 - 2015-09-16 04:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 13:00 - 2015-09-16 04:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 13:00 - 2015-09-16 04:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 13:00 - 2015-09-16 04:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 13:00 - 2015-09-16 04:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 13:00 - 2015-09-16 04:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 13:00 - 2015-09-16 04:23 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 13:00 - 2015-09-16 04:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 13:00 - 2015-09-16 04:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 13:00 - 2015-09-16 04:18 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 13:00 - 2015-09-16 04:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 13:00 - 2015-09-16 04:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 13:00 - 2015-09-16 04:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 13:00 - 2015-09-16 04:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 13:00 - 2015-09-16 04:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 13:00 - 2015-09-16 04:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 13:00 - 2015-09-16 04:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 13:00 - 2015-09-16 03:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 13:00 - 2015-09-16 03:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 13:00 - 2015-09-16 03:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 13:00 - 2015-09-16 03:56 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 13:00 - 2015-09-16 03:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 13:00 - 2015-09-16 03:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 13:00 - 2015-09-16 03:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 13:00 - 2015-09-16 03:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 13:00 - 2015-09-16 03:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 12:57 - 2015-10-01 18:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 12:57 - 2015-10-01 18:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 12:57 - 2015-10-01 18:50 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 12:57 - 2015-10-01 18:50 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 12:57 - 2015-10-01 18:50 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 12:57 - 2015-10-01 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 12:57 - 2015-09-29 04:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-10-14 12:57 - 2015-09-29 04:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 12:57 - 2015-09-29 04:02 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 12:57 - 2015-09-29 03:59 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 12:57 - 2015-09-29 03:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 12:57 - 2015-09-29 03:59 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 12:57 - 2015-09-29 03:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 12:57 - 2015-09-29 03:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 12:57 - 2015-09-29 03:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 12:57 - 2015-09-29 03:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 12:57 - 2015-09-29 03:58 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 12:57 - 2015-09-29 03:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 12:57 - 2015-09-29 03:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 12:57 - 2015-09-29 03:58 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 12:57 - 2015-09-29 03:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 12:57 - 2015-09-29 03:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 12:57 - 2015-09-29 03:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 12:57 - 2015-09-29 03:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 12:57 - 2015-09-29 03:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 12:57 - 2015-09-29 03:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 12:57 - 2015-09-29 02:43 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 12:57 - 2015-09-29 02:43 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 12:57 - 2015-09-29 02:43 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 12:57 - 2015-09-15 18:42 - 00139096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 12:57 - 2015-09-15 18:42 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 12:57 - 2015-09-15 18:36 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 12:57 - 2015-09-15 18:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 12:57 - 2015-09-15 18:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 12:57 - 2015-09-15 18:36 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 12:57 - 2015-09-15 18:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 12:57 - 2015-09-15 18:36 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 12:57 - 2015-09-15 18:35 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 12:56 - 2015-09-25 18:59 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 12:56 - 2015-09-25 18:59 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 12:56 - 2015-09-25 18:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 12:56 - 2015-09-25 18:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 12:56 - 2015-09-25 18:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 12:56 - 2015-09-25 18:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 12:56 - 2015-09-25 18:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 12:56 - 2015-09-25 18:58 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 12:56 - 2015-09-25 18:58 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 12:56 - 2015-09-25 18:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 12:56 - 2015-09-25 18:58 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 12:56 - 2015-08-06 18:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 12:56 - 2015-08-06 18:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 15:55 - 2015-10-13 15:54 - 00524288 _____ (Simon Tatham) C:\Windows\putty.exe
2015-10-13 13:09 - 2015-10-13 13:09 - 00000000 ____D C:\Users\G�nter Meier
2015-10-12 17:09 - 2015-10-12 17:09 - 00000000 ____D C:\ProgramData\McAfee
2015-10-12 17:08 - 2015-10-25 09:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-12 17:08 - 2015-10-23 12:13 - 00002011 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-12 15:11 - 2015-10-12 15:11 - 28565300 _____ C:\Users\Günter Meier\Downloads\AdbeRdr920_de_DE.rar
2015-10-06 21:38 - 2015-10-23 13:33 - 00018582 _____ C:\Windows\PFRO.log
2015-09-25 20:58 - 2015-10-25 09:38 - 00848387 _____ C:\Windows\setupact.log
2015-09-25 20:58 - 2015-09-25 20:58 - 00000000 _____ C:\Windows\setuperr.log
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-25 13:26 - 2014-04-08 07:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-25 13:17 - 2009-10-23 23:12 - 01753271 _____ C:\Windows\WindowsUpdate.log
2015-10-25 13:00 - 2011-03-27 16:46 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-25 10:13 - 2011-03-27 16:46 - 00002121 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-25 10:00 - 2011-03-27 16:46 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-25 09:56 - 2009-10-23 22:34 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-25 09:56 - 2009-10-23 22:34 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-25 09:49 - 2009-10-23 23:23 - 01648344 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-25 09:38 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-23 13:31 - 2015-08-10 12:31 - 00000000 ____D C:\Program Files\Amazon
2015-10-23 12:53 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2015-10-23 12:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\IME
2015-10-23 12:13 - 2015-07-08 14:57 - 00002139 _____ C:\Users\Public\Desktop\simplitec Power Suite.lnk
2015-10-23 12:13 - 2015-06-12 17:57 - 00002102 _____ C:\Users\Public\Desktop\StarMoney 10.lnk
2015-10-23 12:13 - 2015-05-24 10:19 - 00001428 _____ C:\Users\Public\Desktop\ElsterFormular.lnk
2015-10-23 12:13 - 2015-04-23 14:15 - 00001489 _____ C:\Users\Public\Desktop\bibel digital.lnk
2015-10-23 12:13 - 2015-01-06 14:53 - 00002060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herrnhuter Losungen.lnk
2015-10-23 12:13 - 2015-01-06 14:53 - 00002054 _____ C:\Users\Public\Desktop\Herrnhuter Losungen.lnk
2015-10-23 12:13 - 2014-10-10 20:40 - 00001930 _____ C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2015-10-23 12:13 - 2013-12-23 13:08 - 00001064 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2015-10-23 12:13 - 2013-12-22 19:06 - 00001278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser 7 der Telekom.lnk
2015-10-23 12:13 - 2013-12-19 13:09 - 00002164 _____ C:\Users\Public\Desktop\Google Earth.lnk
2015-10-23 12:13 - 2013-03-15 16:02 - 00002136 _____ C:\Users\Public\Desktop\Canon MG8200 series Online-Handbuch.lnk
2015-10-23 12:13 - 2009-10-23 22:35 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-10-23 12:13 - 2009-10-23 22:34 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-10-23 12:13 - 2009-07-14 05:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-23 12:13 - 2009-07-14 05:42 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-10-23 12:13 - 2009-07-14 05:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-10-23 12:13 - 2009-07-14 05:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-10-23 12:13 - 2008-04-11 21:13 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2015-10-23 12:13 - 2008-04-11 21:13 - 00000984 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2015-10-23 12:13 - 2008-03-06 11:56 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
2015-10-23 12:13 - 2008-03-06 11:52 - 00001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
2015-10-23 12:13 - 2008-01-17 13:01 - 00001252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
2015-10-23 12:13 - 2007-12-08 14:48 - 00000952 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
2015-10-23 12:12 - 2009-07-14 05:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-10-23 12:12 - 2009-07-14 05:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-10-23 12:11 - 2015-09-04 17:10 - 00002278 _____ C:\Users\Günter Meier\Desktop\Kindle.lnk
2015-10-23 12:11 - 2015-07-08 17:56 - 00001970 _____ C:\Users\Günter Meier\Desktop\IrfanView Thumbnails.lnk
2015-10-23 12:11 - 2011-04-12 16:01 - 00001124 _____ C:\Users\Günter Meier\Desktop\Smartcard Commander.lnk
2015-10-23 12:11 - 2009-10-24 09:11 - 00001409 _____ C:\Users\Günter Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-23 12:11 - 2009-08-11 09:57 - 00002174 _____ C:\Users\Günter Meier\Desktop\Google Earth.lnk
2015-10-23 12:11 - 2009-04-12 15:50 - 00000731 _____ C:\Users\Günter Meier\Desktop\Download -.lnk
2015-10-23 12:11 - 2009-01-01 13:15 - 00001086 _____ C:\Users\Günter Meier\Desktop\IrfanView.lnk
2015-10-23 12:11 - 2008-07-17 08:36 - 00000240 _____ C:\Users\Günter Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Window Switcher.lnk
2015-10-23 12:11 - 2007-11-23 12:33 - 00002346 _____ C:\Users\Günter Meier\Desktop\Nero Burning ROM.lnk
2015-10-22 11:28 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default
2015-10-22 11:28 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2015-10-22 11:28 - 2006-11-02 14:03 - 00000000 ____D C:\Users\Administrator
2015-10-22 11:19 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2015-10-22 11:17 - 2009-07-14 03:03 - 76546048 _____ C:\Windows\system32\config\software.bak
2015-10-22 11:17 - 2009-07-14 03:03 - 23330816 _____ C:\Windows\system32\config\system.bak
2015-10-22 11:17 - 2009-07-14 03:03 - 00524288 _____ C:\Windows\system32\config\default.bak
2015-10-22 11:17 - 2009-07-14 03:03 - 00057344 _____ C:\Windows\system32\config\sam.bak
2015-10-22 11:17 - 2009-07-14 03:03 - 00024576 _____ C:\Windows\system32\config\security.bak
2015-10-22 10:38 - 2015-06-12 17:54 - 00000000 ____D C:\Program Files\StarMoney 10
2015-10-20 15:15 - 2009-10-23 22:35 - 00000000 ____D C:\Users\Günter Meier
2015-10-20 15:10 - 2011-02-28 18:30 - 00000000 ____D C:\Temp
2015-10-18 08:49 - 2014-08-09 11:34 - 00000000 ____D C:\Program Files\StarMoney 9.0
2015-10-17 15:25 - 2014-12-12 09:32 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-17 15:25 - 2014-05-06 16:55 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-17 13:11 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\wfp
2015-10-17 13:10 - 2015-04-05 21:09 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-17 13:10 - 2014-11-12 16:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-17 13:10 - 2011-07-05 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
2015-10-17 13:10 - 2011-03-27 16:48 - 00000000 ____D C:\ProgramData\Real
2015-10-17 13:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2015-10-17 13:09 - 2009-11-07 20:52 - 00000000 ___RD C:\MSOCache
2015-10-15 08:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-10-14 18:10 - 2007-09-17 12:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 18:09 - 2013-08-02 20:57 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 18:01 - 2009-11-11 19:46 - 141105520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-14 18:00 - 2006-11-02 11:23 - 00000219 _____ C:\Windows\win.ini
2015-10-13 15:50 - 2008-08-04 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
2015-10-12 17:07 - 2007-09-17 12:17 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-12 17:07 - 2007-09-17 12:17 - 00000000 ____D C:\Program Files\Adobe
2015-10-12 16:36 - 2007-09-17 12:17 - 00000000 ____D C:\ProgramData\Adobe
2015-10-07 20:17 - 2015-07-13 21:31 - 00000000 ____D C:\Users\Günter Meier\Documents\Bible
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-07-08 11:06 - 2015-07-09 08:31 - 0000053 _____ () C:\Users\Günter Meier\AppData\Roaming\LogFile.txt
2007-11-23 09:39 - 2009-01-08 18:29 - 0024206 _____ () C:\Users\Günter Meier\AppData\Roaming\UserTile.png
2015-02-12 09:59 - 2015-02-12 09:59 - 0000000 ____H () C:\Users\Günter Meier\AppData\Local\BITD367.tmp
2009-10-24 10:19 - 2015-10-25 09:47 - 0007598 _____ () C:\Users\Günter Meier\AppData\Local\Resmon.ResmonCfg
2011-12-23 20:57 - 2011-12-23 20:57 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{05CAAA34-0796-4266-BD12-2057BBECAF0B}
2011-07-30 08:28 - 2011-07-30 08:28 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{0766507E-53D7-44AF-A88E-C7EAEF153760}
2011-07-02 09:03 - 2011-07-02 09:08 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{0AE71263-88B3-4D37-9C7D-C0FC1B1FC4B9}
2011-10-18 12:16 - 2011-10-18 12:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{0B5A5CEB-9F36-4CEE-B0B7-2278D1CD416B}
2011-12-16 07:43 - 2011-12-16 07:43 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{17694828-0365-4695-AE08-08D098F41174}
2011-06-09 07:56 - 2011-06-09 07:56 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{189E3064-3E60-407D-B479-4EA6071C647E}
2012-01-11 11:36 - 2012-01-11 11:36 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{1CC4BC34-506A-4F28-849E-9BB689FDD145}
2011-05-12 21:19 - 2011-05-12 21:19 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{1D3488B1-AC49-4CE9-B01A-347A723C9E47}
2014-05-30 08:09 - 2014-05-30 08:09 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{23E58F2C-8DC4-4DE3-8FEF-766B1EEA544E}
2011-12-16 18:24 - 2011-12-16 18:24 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{28F4E85B-9194-4962-B72F-BDF01365858E}
2011-10-19 16:19 - 2011-10-19 16:19 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{29037809-5BF9-45EB-A551-B4F9944569EC}
2011-06-16 21:36 - 2011-06-16 21:36 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{29891808-A8FD-4F02-99A0-45E554B54B83}
2011-05-12 21:15 - 2011-05-12 21:15 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{2A589BD2-D8B8-4CE0-9AEC-9FD96C7E3A7C}
2011-11-10 15:20 - 2011-11-10 15:23 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{33620E34-0CC5-45B2-972D-B205D971AEFF}
2012-01-26 21:26 - 2012-01-26 21:26 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{338C8C87-226E-42F5-97CC-CDDC0BD39DC5}
2011-10-22 16:29 - 2011-10-22 16:29 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{35741B3A-B90E-4C17-980D-693DDC6D92B2}
2015-04-17 08:45 - 2015-04-17 08:49 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{37601423-536C-48D0-BBDF-BB556A35E507}
2011-11-10 15:23 - 2011-11-10 15:23 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{38CD506F-C922-4793-9DB1-A1F71DAE1C80}
2011-06-15 15:11 - 2011-06-15 15:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{3F1A741B-0E83-40B7-9293-F608619820F4}
2011-11-06 19:59 - 2011-11-06 19:59 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{41EB32F3-12BB-4F05-9EEA-C094A182864A}
2011-05-27 08:13 - 2011-05-27 08:13 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{451DD174-B044-4C44-BF45-A905F6CA4F5A}
2011-06-23 16:01 - 2011-06-23 16:01 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{4A257FA5-1DDC-43F7-BC1C-0101E86330DF}
2012-01-20 21:04 - 2012-01-20 21:04 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{4F835A43-90C0-45A9-A01D-30D12E39DA18}
2011-07-15 19:00 - 2011-07-15 19:00 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{5266879B-59A6-4F0B-99B1-F32396F78B0B}
2011-07-07 14:25 - 2011-07-07 14:25 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{565FA85B-71E4-48E4-BC1B-B4D473C9583E}
2011-06-26 15:03 - 2011-06-26 15:03 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{5DD604CF-949E-4EF9-AAE2-E98BF823D8DC}
2011-08-05 20:36 - 2011-08-05 20:36 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{618E2725-2A74-492B-AB68-9C9A7FBC60FA}
2014-09-17 10:32 - 2014-09-17 10:32 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{64A4A4AE-C52B-4208-9DC1-F3A515D33732}
2015-02-12 09:55 - 2015-02-12 09:59 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{6DA6D618-2D09-4E54-B6EA-D48FD2EE3E59}
2011-05-20 20:37 - 2011-05-20 20:37 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{71902AA3-3597-4958-BDBA-6C46016CED28}
2011-09-06 16:20 - 2011-09-06 16:21 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{724E8FC5-F413-4D0C-B0B8-8E9B13C5BE25}
2011-06-17 17:09 - 2011-06-17 17:09 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{77EFB568-7ED5-4EB2-8D60-8BC1540A9FF4}
2011-09-19 17:00 - 2011-09-19 17:04 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{79059305-E922-4911-B8D2-9135AFC051E0}
2012-01-06 18:58 - 2012-01-06 18:58 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{7BD81CF8-BA1F-405F-A974-8E15A12D1560}
2011-12-16 18:26 - 2011-12-16 18:26 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{7E6C24A7-A380-4862-909B-3C42CE67B411}
2011-07-17 07:29 - 2011-07-17 07:33 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{7ECE3187-654D-4E3E-B1E1-FB987C5DC824}
2011-11-10 15:25 - 2011-11-10 15:25 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{80059459-AD63-4EF3-B458-80436D4A91C3}
2011-09-19 17:02 - 2011-09-19 17:02 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{801DF4EC-2545-48AD-9E6B-B9E5F525FB45}
2011-09-14 18:39 - 2011-09-14 18:43 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{8433C909-3DE4-4FF7-BDB5-C71244205008}
2011-07-17 07:30 - 2011-07-17 07:35 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{875F79BE-EE0D-4267-8DE4-28ADBEDD6A58}
2011-07-30 08:29 - 2011-07-30 08:29 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{877CAC26-F3F4-4A4E-9FC9-D8B8DC3DC326}
2011-11-06 19:56 - 2011-11-06 19:56 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{89E76C26-CEDF-4184-82AE-3B1E5394A189}
2011-06-14 13:42 - 2011-06-14 13:42 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{8ED483F8-95C4-449A-B875-08FBA12129FF}
2011-10-07 17:16 - 2011-10-07 17:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{91EFF962-614A-45F8-9B30-57FBF9D336C6}
2011-06-15 15:09 - 2011-06-15 15:14 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{94858006-C678-4BCF-B655-CC82F18CB6C1}
2011-10-30 14:06 - 2011-10-30 14:06 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{96A82280-66E2-438B-BA18-9357DF72FEDD}
2011-11-03 17:14 - 2011-11-03 17:14 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{97F44D2C-D6DE-4D4B-8FF6-9DA56B1FB7E5}
2011-06-08 11:25 - 2011-06-08 11:25 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A01F53D9-7AFF-4AA4-8C51-541D0653CD1E}
2011-06-09 07:58 - 2011-06-09 07:58 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A1C1B8D0-278C-4B74-92BE-77ABC7A2B36B}
2011-12-06 09:44 - 2011-12-06 09:44 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A31325A4-1936-4BBF-A614-C4901C6F3313}
2011-12-17 10:13 - 2011-12-17 10:13 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A34EC897-35C0-45AE-9061-6D13B9F064C5}
2011-11-15 14:53 - 2011-11-15 14:53 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A50C05E7-36C0-41CD-A151-312C267A8F93}
2011-10-02 21:06 - 2011-10-02 21:06 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A6546426-9765-47B3-A4B5-8833E3728509}
2011-11-03 17:16 - 2011-11-03 17:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A65891F9-D1DC-4710-A18B-59195499AD25}
2012-01-06 18:56 - 2012-01-06 18:56 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A7E6BDF8-283D-4421-AFB2-449C1D5038C4}
2012-02-01 08:28 - 2012-02-01 08:28 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{AA7D708B-14B4-48CA-BB7B-EBC8D4578E6C}
2012-01-11 21:22 - 2012-01-11 21:22 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{AAB15AF0-99F7-416A-A202-9B120F5AFC76}
2014-07-11 08:15 - 2014-07-11 08:15 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{ABEA0400-D334-4F95-BDB4-85D0FFE3916D}
2011-07-17 17:35 - 2011-07-17 17:35 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{AC3DF61D-2DE3-41B9-B4A9-239938F825C7}
2011-07-06 08:24 - 2011-07-06 08:24 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{B2A65E21-ED83-41A4-BDF9-6898D2BD17C7}
2011-08-01 10:03 - 2011-08-01 10:04 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{BC517638-F267-4F06-926C-C1BBB488A79F}
2011-06-19 12:12 - 2011-06-19 12:12 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{BDA60C25-42C9-4EC4-9957-33B1206E85A2}
2011-11-09 21:01 - 2011-11-09 21:03 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{C102085D-C45E-4EA1-B94A-70AD439FE9EA}
2011-10-12 11:33 - 2011-10-12 11:33 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{CDD78E85-8B3D-43A0-B667-60152FD93FA4}
2011-12-16 07:45 - 2011-12-16 07:45 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{CEC7DA45-826C-4850-8A58-567EC29FC7D4}
2011-09-14 18:41 - 2011-09-14 18:41 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{D161D418-F4E5-4391-A183-9A90BA48F3AD}
2011-06-24 11:21 - 2011-06-24 11:21 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{D5119CE5-BDA0-4DDC-AAAF-21CCABC1C9DD}
2011-11-03 17:17 - 2011-11-03 17:17 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{D82FFAB7-3D57-49A8-8D08-5AFE6035D856}
2012-01-09 10:33 - 2012-01-09 10:34 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DAB70909-1C31-4C50-BA6D-8A1DBC16C007}
2011-06-11 16:02 - 2011-06-11 16:02 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DB4E76D0-D1A0-4DED-9618-FBC8D03F53C2}
2011-06-10 17:00 - 2011-06-10 17:01 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DC29E31A-B235-4BC6-A04B-0D1810A2B392}
2011-09-19 17:06 - 2011-09-19 17:06 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DF19300C-A2C8-4C8B-AA5F-2FDEA33BA72A}
2011-10-10 21:01 - 2011-10-10 21:01 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E1D28314-940E-4F2E-950F-7B627D0F8245}
2011-06-23 15:59 - 2011-06-23 15:59 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E3048784-D47B-4F95-BCB2-17CAC094F43A}
2011-07-31 10:49 - 2011-07-31 10:49 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E467D0D2-A4F5-469E-A910-783FD1A073CE}
2011-12-04 15:38 - 2011-12-04 15:38 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E58633B9-ACF2-4DF5-B796-C6E479EF246D}
2011-10-14 15:21 - 2011-10-14 15:21 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{EAD67AE9-0963-41F1-B934-5FB345612BE3}
2011-09-16 09:57 - 2011-09-16 09:57 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{F3CC78FF-402B-4FF3-A996-24ED5C370D3F}
2011-06-24 11:17 - 2011-06-24 11:17 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{F5C3197E-C3C0-42C9-BE75-9A8896599CD3}
2011-12-17 10:16 - 2011-12-17 10:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{FB2FD8B0-9BAB-4F35-9EE2-00E8FC1372C6}
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Günter Meier\ger21008.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-10-23 12:45
==================== Ende vom FRST.txt ============================
Addition.txt: Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:18-10-2015
durchgeführt von Günter Meier (2015-10-25 13:39:20)
Gestartet von E:\winguenter\bin
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2009-10-24 08:10:48)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3597727890-3998022267-917300989-500 - Administrator - Disabled)
Gast (S-1-5-21-3597727890-3998022267-917300989-501 - Limited - Enabled)
Günter Meier (S-1-5-21-3597727890-3998022267-917300989-1000 - Administrator - Enabled) => C:\Users\Günter Meier
UpdatusUser (S-1-5-21-3597727890-3998022267-917300989-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: G DATA INTERNET SECURITY (Enabled - Out of date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA INTERNET SECURITY (Enabled - Out of date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20071 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90000000001}_Adobe Reader 9 - Deutsch) (Version: - )
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Browser 7 der Telekom 39.0.15 (x86 de) (HKLM\...\Browser 7 der Telekom 39.0.15 (x86 de)) (Version: 39.0.15 - Deutsche Telekom AG)
Browser 7 Maintenance Service (HKLM\...\Browser7MaintenanceService) (Version: 33.1.17 - Deutsche Telekom AG)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version: - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version: - )
Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon MG8200 series Benutzerregistrierung (HKLM\...\Canon MG8200 series Benutzerregistrierung) (Version: - )
Canon MG8200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8200_series) (Version: - )
Canon MG8200 series On-screen Manual (HKLM\...\Canon MG8200 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version: - )
Canon MP Navigator EX 5.1 (HKLM\...\MP Navigator EX 5.1) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
CHIPDRIVE Smartcard Commander (HKLM\...\CHIPDRIVE Smartcard Commander_CDInst21) (Version: - SCM Microsystems)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.0 - Corel Corporation) Hidden
Duden Korrektor (HKLM\...\InstallShield_{91BF142C-E8C0-4279-A98D-A61A4404CF56}) (Version: 5.00.1507.00 - Duden)
Duden Korrektor (Version: 5.00.1507.00 - Duden) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen)
G DATA INTERNET SECURITY (HKLM\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.4 - G DATA Software AG)
GEAR 32bit Driver Installer (HKLM\...\{E89B484C-B913-49A0-959B-89E836001658}) (Version: 2.005.1 - GEAR Software, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth (HKLM\...\{9509674F-3972-11DE-806D-005056806466}) (Version: 5.0.11733.9347 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Herrnhuter Losungen (HKLM\...\{2DEEC41F-02B0-4BC4-819A-2355E8B1C398}) (Version: 3.4.0 - Evang. Brüderunität Herrnhut)
ICQ6.5 (HKLM\...\{60DE4033-9503-48D1-A483-7846BD217CA9}) (Version: 6.5 - ICQ)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
JMB36X Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
LightScribe 1.4.136.1 (Version: 1.4.136.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XML Parser und SDK (HKLM\...\{35343FF7-939B-401A-87B3-FF90A5123D88}) (Version: 4.10.9404.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Premium (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301031}) (Version: 7.02.9753 - Nero AG)
Office-Bibliothek (HKLM\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.00.3 - Bibliographisches Institut & F.A. Brockhaus AG)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Online Bibel 12.07.02 (HKLM\...\OnlineBible) (Version: - )
Online Bibel 12.07.02 (HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\OnlineBible) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paint.NET v3.30 (HKLM\...\{FF09A6A1-4DE5-467D-AA26-EF18C0EA4DAB}) (Version: 3.30.0 - dotPDN LLC)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Platform (Version: 1.24 - VIA Technologies, Inc.) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SCR3xx USB Smart Card Reader (HKLM\...\{7EABFCD9-9F26-4E2C-A762-73ABE2C54E95}) (Version: 8.18.0001 - SCM Microsystems)
simfy (HKLM\...\Simfy) (Version: 1.4.8 - simfy GmbH)
simfy (Version: 1.4.8 - simfy GmbH) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.6140 - Analog Devices)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
StarMoney (Version: 2.0 - StarFinanz) Hidden
StarMoney (Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney (Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10 (HKLM\...\{BEA4756B-BD9D-49AA-9260-C496B3D8F8E1}) (Version: 10 - Star Finanz GmbH)
StarMoney 6.0 S-Edition (HKLM\...\{60459C52-DCD5-408F-925E-4AD20D9DAFD8}) (Version: 6.0 - StarFinanz GmbH)
StarMoney 9.0 (HKLM\...\{172EC92E-003F-47B8-8E38-00A3FD455467}) (Version: - )
StarMoney 9.0 (HKLM\...\{2262CF96-D326-4926-885E-AA3B7E4E7368}) (Version: 9.0 - Star Finanz GmbH)
TeamViewer 3 (HKLM\...\TeamViewer 3) (Version: - TeamViewer GmbH)
TSP_CODEC (HKLM\...\{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}) (Version: 1.00.0000 - Bytescribe)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{0C5B0539-7EDE-4297-947E-48890971B557}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PRO_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PRO_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PRO_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PRO_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{1796A329-04C1-4C07-B28E-E4A807935C06}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{1A239250-B650-4B63-B4CF-7FCC4DC07DC6}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{2C9357FA-97F8-4213-B712-A4CCF03AE379}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\AlexaWebSearch.dll (Bitmanagement)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Windows\system32\config\systemprofile\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{42DF0D46-7D49-4AE5-8EF6-9CA6E41EFEC1}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{44EA0FF7-08B7-4B7F-A594-F7F94A2B60F7}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\GoogleSearch.dll (SpaceTime)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.1\psuser.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{5D052CD7-6CAE-463C-99FF-0159EABFE66E}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\SpaceTime3D.ocx (SpaceTime 3D, Inc)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{63E6BE14-A742-4EEA-8AF3-0EC39F10F850}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{645EEE5A-BD51-4C05-A6AF-6F2CF8950AAB}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{77C4C807-E257-43AD-BB3F-7CA88760BD29}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{8097D7E9-DB9E-4AEF-9B28-61D82A1DF784}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{9059C329-4661-49B2-9984-8753C45DB7B9}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{9919BE4D-9E6F-4732-9E4E-5F83ABB62FEB}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\websearch.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{998FA181-D5BB-4548-9CB6-7FC105A0A327}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\wavdest.ax ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{A2D4475B-C9AA-48E2-A029-1DB829DACF7B}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{A4F65992-5738-475B-9C16-CF102BCDE153}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{B153D707-447A-4538-913E-6146B3FDEE02}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{B3C985DA-45C2-417D-B11B-6E6484A725F1}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\RSSSearch.dll (SpaceTime3D inc)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{BF9A5794-8AF5-46FA-8865-EAF65CD654A8}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\Compass.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{CB27DAA3-E581-4777-A725-F32B47EDBDCF}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\Compass.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{CBD4FB70-F00B-4963-B249-4B056E6A981A}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Windows\system32\config\systemprofile\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{D6F407CF-E8AE-469D-9FC7-1DECAEDAAD9A}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\websearch.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{D93BF052-FC68-4DB6-A4F8-A4DC9BEEB1C0}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{F4F7B301-7C59-4851-BA97-C51F110B590F}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\earthps.dll ()
==================== Wiederherstellungspunkte =========================
08-10-2015 18:32:53 Windows Update
12-10-2015 16:32:09 Removed Adobe Reader XI (11.0.11) - Deutsch.
12-10-2015 16:33:54 Removed Adobe Reader XI (11.0.11) - Deutsch.
12-10-2015 16:35:46 Removed Adobe Reader XI (11.0.11) - Deutsch.
13-10-2015 13:07:29 Windows Update
13-10-2015 16:15:19 Removed simfy
14-10-2015 12:12:23 Wiederherstellungsvorgang
14-10-2015 12:30:34 Removed simfy
14-10-2015 13:16:04 Windows Update
14-10-2015 17:52:43 Windows Update
15-10-2015 16:56:52 Windows Update
17-10-2015 13:04:53 Wiederherstellungsvorgang
17-10-2015 15:24:23 Windows Update
23-10-2015 13:36:49 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2006-11-02 11:23 - 2015-10-22 11:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {00D58F06-E0E1-4A74-9DCC-17ED108F0BEB} - System32\Tasks\{47C57D00-1548-4256-9285-CBEED6687977} => pcalua.exe -a H:\setup.exe -d H:\ -c autorun
Task: {0588BB0D-C82E-4CC1-92A1-4224DA648CFB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0E9F0C20-BCE3-499C-A966-F734C28C163E} - System32\Tasks\{8FE32562-C235-4FAB-9A6D-03D63CA7D940} => pcalua.exe -a C:\Windows\System32\config\systemprofile\Downloads\browser7_setup(1).exe -d C:\Windows\System32\config\systemprofile\Downloads
Task: {1104AA23-EFC9-449A-80B1-8D2AC7522A6D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {14E7FE71-8001-4321-89D5-08F1290FB27F} - System32\Tasks\{CE475AAD-AFC9-42A3-9D97-A57126633DF0} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\aomwin200ea24.exe" -d "C:\Program Files\Mozilla Firefox"
Task: {1F743136-E9A5-4E4F-93EA-600712E0DC7B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {220210B8-C66A-44C3-9E69-2CC5ADC162CF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597727890-3998022267-917300989-1000Core => C:\Users\Günter Meier\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {2D80F328-4163-4F70-8A20-E3DA5EE5DC86} - System32\Tasks\{6B8F0279-9C50-4EDB-BFC5-881052B5558C} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {38E40A51-8080-4086-82A7-ADE3C56521D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {3FD8EA5F-ED3E-4A8E-A9E8-17FED68D3BCF} - System32\Tasks\{D6456F15-B695-4531-A08C-703557131E8B} => pcalua.exe -a D:\smoney_m_18_0_01234567_0000011022_j_.exe -d D:\
Task: {4BA14185-3A0A-425D-B5F8-F67D75F2F8F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {4C2F9702-1EE5-473A-A1D7-6E20635A84B8} - System32\Tasks\{515B8E38-020F-42EF-BBA0-FF5772AA7ACE} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {4E109E6D-3616-4CCD-BE29-95646479A919} - System32\Tasks\{151811DA-8574-4F07-B4E3-BC0CC70C5210} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {5DCBDA99-E748-4AB4-BEE6-ACD450989D75} - System32\Tasks\{D5DC5CA7-AF3F-444F-8CAE-BF2020269A3A} => pcalua.exe -a "C:\Program Files\Bible\OlbDel.Exe" -c "Online Bibel" "Online Bibel" "C:\Users\Günter Meier\Documents\Bible\" "C:\Users\Public\Documents\Online Bible\"
Task: {5E2CC2C0-064B-4059-B917-4D504F3AACD0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {63AE1EE3-64C8-48DE-9C54-45711309E921} - System32\Tasks\{9C90A1E7-FADF-400F-B72A-CBE75816D972} => pcalua.exe -a "C:\bibel digital\mfbo2a32.exe" -d C:\Windows\system32\config\systemprofile\Desktop
Task: {75D3157F-439F-4E84-924A-FA650AB4F69A} - System32\Tasks\{A7B6B988-1FC5-42A4-BD45-CD7EE5F1C1DA} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {848A33C2-A5F0-497A-B08C-EAC01706C1E8} - System32\Tasks\{A2D23527-3082-44BC-8390-0526D67B3D46} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe" -c -runfromtemp -l0x0007 -removeonly
Task: {8B815B25-1B02-4957-A89E-2A3E1321533E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8E3BF495-571E-40DD-B913-C302BD618019} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {911023DE-5FF7-409F-A38A-476275210A5B} - System32\Tasks\{F5595CA3-EF8C-4FF9-9CC8-3F5BFDE3A806} => pcalua.exe -a I:\InstallTomTomHOME.exe -d I:\
Task: {96EDA8E3-5C17-4AF4-9537-3FF2530B08E6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A61C90FA-B985-462E-A804-70558A90C134} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Günter Meier => C:\Program Files\Windows Calendar\WinCal.exe
Task: {A64AE6AE-1A92-403B-8196-EE4C17077740} - System32\Tasks\{88B1E977-17F5-4EAF-BA92-03B89D785644} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {CB0E91C7-DAEF-4541-8AF5-29BAFA96EBFD} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-09-18] (Microsoft Corporation)
Task: {D2AE73FE-E2C5-431A-918B-F03363307423} - System32\Tasks\{A37709E2-5C8D-4187-ACBD-0664905177B7} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\teledatX120\Konfig\V3_02_02\_ISDel.exe" -d "C:\Users\Günter Meier\Downloads\teledatX120\Konfig\V3_02_02"
Task: {D57B9C09-4511-4F89-93BE-71AF5F9DCACC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {DBCEE112-EA9A-4F16-9C36-EE9EF50D3571} - System32\Tasks\{6EA55286-8D0E-467A-9FB0-F5B315B5ABA8} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\wmp11-windowsxp-x86-DE-DE.exe" -d "C:\Users\Günter Meier\Downloads"
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {ED4CB7E8-51FB-4A5C-B797-622CD46DAF23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {FBB31E70-84F8-4478-8FCA-7B0A64BD4336} - System32\Tasks\{B09EF877-27B6-4235-882D-C184CF3EF917} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\GER_R_FUL_AV.exe" -d "C:\Users\Günter Meier\Downloads"
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2009-05-04 12:10 - 2008-09-16 19:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-02-20 04:42 - 2015-02-20 04:42 - 00317560 ____N () C:\Program Files\Common Files\G DATA\AVKProxy\PktIcpt2.dll
2013-04-15 08:20 - 2013-01-18 15:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Günter Meier\Documents\Fotovorlagen:com.dropbox.attributes
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\amazon.de -> amazon.de
IE trusted site: HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\amazon.de -> amazon.de
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: StarMoney 7.0 OnlineUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [UDP Query User{DB1B0F8C-F8B0-4EDB-8050-9903D99C271E}C:\program files\icq6.5\icq.exe] => (Allow) C:\program files\icq6.5\icq.exe
FirewallRules: [TCP Query User{D2ED50E5-ECBA-4948-A737-CD574422ED83}C:\program files\icq6.5\icq.exe] => (Allow) C:\program files\icq6.5\icq.exe
FirewallRules: [UDP Query User{BC1B4E24-7EBD-4EC5-8594-55F8ACBD8274}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{040CD7D5-ECE8-49EE-8A50-977C4F681C43}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D6F4D7DB-4845-47F1-8E55-8DA46042BA13}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{C87F02C0-6E69-4D92-8920-9E65E63E4FAD}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{C7D6D316-A356-4310-AD6B-4981B9F8B777}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{DE344125-C3EF-4BAD-B2DA-A1599E5EB1BB}] => (Allow) svchost.exe
FirewallRules: [{A50D645D-011F-492D-BF38-EB7A6863AAFC}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [UDP Query User{B8EF7B60-2422-4342-975E-B6A2067C6871}C:\program files\icq6\icq.exe] => (Allow) C:\program files\icq6\icq.exe
FirewallRules: [TCP Query User{ADEC9F8E-8625-48A4-8A60-2D04234396AE}C:\program files\icq6\icq.exe] => (Allow) C:\program files\icq6\icq.exe
FirewallRules: [{4FDB4FE1-D932-4439-B87F-6A438835C552}] => (Allow) C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{1405F477-C137-4B8B-BACB-752782BF0BC4}] => (Allow) C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{6E52F4DD-1DB8-41B7-9EF9-C1720B1071EB}] => (Allow) C:\Program Files\StarMoney 7.0\app\StarMoney.exe
FirewallRules: [{F450EACA-F7F1-4C16-A862-CF5650E61586}] => (Allow) C:\Program Files\StarMoney 7.0\app\StarMoney.exe
FirewallRules: [{61D8180E-69E0-44D0-9825-CC55CF9E77C6}] => (Allow) C:\Users\Günter Meier\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4A8ADBAB-8CB2-412F-9430-A58A7062D98A}] => (Allow) C:\Users\Günter Meier\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7ED9393A-D714-4C67-9066-BF5760279FD2}] => (Allow) C:\Windows\Temp\IMInstaller\incredimail_installer.exe
FirewallRules: [{2B44D336-9058-41C8-A627-DC2FDDC1806E}] => (Allow) C:\Windows\Temp\IMInstaller\incredimail_installer.exe
FirewallRules: [{80368D74-E7DB-4F7D-9F02-FE106A76A00C}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{A79CA6CC-A682-419D-89DB-DAFEC93D724D}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{FA0986BF-4915-4DED-8AA2-F7586A6F7D5F}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{B17CA17F-6034-4B49-8DB8-0FEADF7E93F0}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{AF7D77F4-EE2A-42EB-8D13-DE4BAA176B5C}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{8839229D-A821-4495-B79D-C6C553E3B29B}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{AD490351-CD10-40EA-BEDE-0B79B2C331DC}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{1D8D05B8-D46B-4950-A9EA-85D92F3AC71E}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{426AFD31-A30C-4BF1-9A5A-F7DBC1566220}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5CC9264A-17A9-4A6D-9838-E6D64973F460}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{FA888CC4-0283-403E-AE44-9D88A46A0B0F}] => (Allow) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{BCB71965-94DE-47A3-A9D1-C5C6D2D725D6}] => (Allow) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{1861CF61-4EE2-419C-A3AC-45A526472F52}] => (Allow) C:\Program Files\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{9B399FA5-CE50-4C73-9E33-32D5720D2CC2}] => (Allow) C:\Program Files\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{44117AEF-EC60-4924-8622-141C42DBFD8C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1B8582D3-9153-4A84-81D8-2E2FA904916A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6DC934A1-CABE-47C3-BBDB-E667D26D3764}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7C5467E3-0AB4-4B05-BFC8-814A14D88C16}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2E237F61-D6B4-483C-8DC3-5C4AAAC08574}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{113776B5-2BE7-429B-81AD-DFA7850A78F3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{45F2DD33-BBFF-4866-B9F7-8717AF298B0C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7936D596-1165-4FC0-9D83-E8E564CCA25E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FFE1557E-0267-4A9F-A333-F610BFFFF2BF}] => (Allow) C:\Program Files\Deutsche Telekom AG\Browser 7\Browser7.exe
FirewallRules: [{B72C2DE3-F7AA-4039-AEA3-8BB23726543C}] => (Allow) C:\Program Files\Deutsche Telekom AG\Browser 7\Browser7.exe
FirewallRules: [{0499696A-7CFA-4E00-828B-6676988C9DDB}] => (Allow) C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{CA378E91-2269-4F8E-BACA-3192532B1733}] => (Allow) C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{4E1E623C-3507-4E41-9191-EF317A05B33E}] => (Allow) C:\Program Files\StarMoney 10\app\StarMoney.exe
FirewallRules: [{1C0E5D20-0F39-4ED0-9D73-DF44A2AFC3A5}] => (Allow) C:\Program Files\StarMoney 10\app\StarMoney.exe
FirewallRules: [{D998154B-4F5B-4463-BCAC-F41B4C4A1B74}] => (Allow) C:\Program Files\simplitec\simplifast\PowerSuite.exe
FirewallRules: [{5F41C9C5-062A-4596-97B6-DFBBC6F0DC27}] => (Allow) C:\Program Files\simplitec\simplifast\PowerSuite.exe
FirewallRules: [{7D72ECE0-A4AC-4AFD-ADFA-3227298E9BC1}] => (Allow) C:\Program Files\simplitec\simplifast\ServiceProvider.exe
FirewallRules: [{603A4EB2-8FEA-47A0-BEBD-5A84320106B6}] => (Allow) C:\Program Files\simplitec\simplifast\ServiceProvider.exe
FirewallRules: [{BD375068-A645-4810-A32E-ABD60014A60E}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\PowerSuite.exe
FirewallRules: [{9FEE394B-0061-4D96-A2E2-76639C645CA1}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\PowerSuite.exe
FirewallRules: [{5DE97CF7-47B0-481A-97A9-687C8F0A499E}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{1414BB0A-2983-49C1-9CA9-D75704B9C143}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{88FA3FBE-7657-42DB-82D2-DED836237376}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{782E3989-2D24-41B6-BB25-C48C3B5A2CC2}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{61AEEFA5-E66E-410B-8EB3-C8D9EC32B8B4}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{9FD6D478-AA5F-4ACD-80D1-AEA25B738887}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{72A6D150-1990-4F46-A338-7AA7CC7D3EDC}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{E8ABAB9E-FE3C-41CF-9CEA-4ADBF486523C}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{45A8E5A0-73FA-4F10-9125-E9E8E5972ED0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/25/2015 09:54:04 AM) (Source: MsiInstaller) (EventID: 1024) (User: GÜNTER-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6700}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (10/22/2015 10:57:13 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x800706be).
Error: (10/18/2015 05:49:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Browser7.exe, Version: 39.0.3.5700, Zeitstempel: 0x55c88cd2
Name des fehlerhaften Moduls: xul.dll, Version: 39.0.3.5700, Zeitstempel: 0x55c88e9c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00b1ba22
ID des fehlerhaften Prozesses: 0xecc
Startzeit der fehlerhaften Anwendung: 0xBrowser7.exe0
Pfad der fehlerhaften Anwendung: Browser7.exe1
Pfad des fehlerhaften Moduls: Browser7.exe2
Berichtskennung: Browser7.exe3
Error: (10/17/2015 04:32:25 PM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Can not connect to Process Manager (0)
Error: (10/17/2015 02:47:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: GÜNTER-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6500}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (10/17/2015 01:00:47 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR missing /Name: option
Error: (10/17/2015 01:00:47 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR CFG File; none found
Error: (10/17/2015 01:00:47 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR Multistring not found: RegDefragNT.exe
Error: (10/17/2015 01:00:22 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR missing /Name: option
Error: (10/17/2015 01:00:22 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR CFG File; none found
Systemfehler:
=============
Error: (10/25/2015 09:39:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst StarMoney 9.0 OnlineUpdate erreicht.
Error: (10/25/2015 09:39:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst StarMoney 10 OnlineUpdate erreicht.
Error: (10/23/2015 01:48:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst StarMoney 9.0 OnlineUpdate erreicht.
Error: (10/23/2015 01:48:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst StarMoney 10 OnlineUpdate erreicht.
Error: (10/23/2015 01:40:11 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Modules Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (10/23/2015 01:38:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/23/2015 01:38:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/23/2015 01:38:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "RealNetworks Downloader Resolver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/23/2015 01:38:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Protexis Licensing V2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/23/2015 01:38:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz
Prozentuale Nutzung des RAM: 49%
Installierter physikalischer RAM: 2046.49 MB
Verfügbarer physikalischer RAM: 1039.98 MB
Summe virtueller Speicher: 4092.98 MB
Verfügbarer virtueller Speicher: 2547.81 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:298.09 GB) (Free:218.67 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive e: (KINGSTON) (Removable) (Total:58.58 GB) (Free:58.19 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E7AFE7AF)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 58.6 GB) (Disk ID: C9D93779)
Partition 1: (Active) - (Size=58.6 GB) - (Type=0C)
==================== Ende vom Addition.txt ============================
- das PDF Problem besteht immer noch (im Outlook abgeschnitten, Download mit Browser geht gar nicht) - die NSIS Meldung ist weg - ich hab gesehen, wenn man im FF ein neues Tab aufmacht, erscheint die ASK-Suche, da gibt es ein Plugin "Allin1Convert", das man zwar nicht deinstallieren, aber deaktivieren kann, dann ist es weg. Gruss, Tom Moin, so, das PDF-Problem hab ich selber hinbekommen: "Browser7" und alles Adobe-Zeug deinstalliert, FF neu und Acrobat Reader neu installiert, nun geht das wieder. Die Load hab ich aber immer noch: hxxp://i.imgur.com/MCb9dBi.png Und, noch grundsätzlich: was kannst Du denn empfehlen, was ich noch machen kann um die Maschine abzusichern? Und noch eine Frage: ich hab einen eigenen Adminaccount angelegt und dem User vom Schwiegervaddern die Adminrechte genommen. Der Adminaccount funktioniert, in den Useraccount von Vaddern kommt man aber (solange der keine Adminrechte hat) nicht mehr rein, ohne Fehlermeldung. Hast Du eine Idee was das sein könnte? Danke, Tom Geändert von tb87 (25.10.2015 um 17:18 Uhr) |
|
26.10.2015, 18:17
| #12 |
| /// the machine /// TB-Ausbilder | Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\faq_8A71AEBB623B46A0B934103F1A762800.exe
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\LicenseShortcut_303A72A482D54D67B5D168C047EE3E11.exe
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\LogFilesCollectorS_95204E1E4B3B4767821B1FAD987C2D2D.exe
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\MainExe32Shortcut1_8A7FE1F5DFFF4F28A38F8DECA8F9F72A.exe
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\MainExe32Shortcut_B53671B5D9A445549437680533116875.exe
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\NewShortcut10_87735DA8B8974C24BDFBDDE8F2D2DF1A.exe
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\UninstallIcon.exe
C:\Windows\System32\config\systemprofile\AppData\Roaming\Deutsche Telekom AG\Browser7\Profiles\h0o2lqy4.default\extensions\8hffxtbr@download.allin1convert.com\plugins\NativeMessagingDispatcher.dll
C:\Windows\System32\config\systemprofile\AppData\Roaming\Deutsche Telekom AG\Browser7\Profiles\h0o2lqy4.default\extensions\9tffxtbr@free.internetspeedtracker.com\plugins\NativeMessagingDispatcher.dll
C:\Windows\System32\config\systemprofile\Downloads\routenplanung(1).exe
C:\Windows\System32\config\systemprofile\Downloads\routenplanung.exe
C:\Windows\System32\config\systemprofile\Downloads\slow-pcfighter_Web.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte. Was für eine Fehlermeldung kommt im Standardbenutzer?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.10.2015, 19:38
| #13 | |
| | Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar Moin, Fixlog.txt: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x86) Version:18-10-2015
durchgeführt von Admin (2015-10-26 19:28:45) Run:1
Gestartet von C:\Temp
Geladene Profile: Admin (Verfügbare Profile: Günter Meier & UpdatusUser & Admin & Guenter)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\faq_8A71AEBB623B46A0B934103F1A762800.exe
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\LicenseShortcut_303A72A482D54D67B5D168C047EE3E11.exe
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\LogFilesCollectorS_95204E1E4B3B4767821B1FAD987C2D2D.exe
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\MainExe32Shortcut1_8A7FE1F5DFFF4F28A38F8DECA8F9F72A.exe
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\MainExe32Shortcut_B53671B5D9A445549437680533116875.exe
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\NewShortcut10_87735DA8B8974C24BDFBDDE8F2D2DF1A.exe
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\UninstallIcon.exe
C:\Windows\System32\config\systemprofile\AppData\Roaming\Deutsche Telekom AG\Browser7\Profiles\h0o2lqy4.default\extensions\8hffxtbr@download.allin1convert.com\plugins\NativeMessagingDispatcher.dll
C:\Windows\System32\config\systemprofile\AppData\Roaming\Deutsche Telekom AG\Browser7\Profiles\h0o2lqy4.default\extensions\9tffxtbr@free.internetspeedtracker.com\plugins\NativeMessagingDispatcher.dll
C:\Windows\System32\config\systemprofile\Downloads\routenplanung(1).exe
C:\Windows\System32\config\systemprofile\Downloads\routenplanung.exe
C:\Windows\System32\config\systemprofile\Downloads\slow-pcfighter_Web.exe
Emptytemp:
*****************
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\faq_8A71AEBB623B46A0B934103F1A762800.exe => erfolgreich verschoben
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\LicenseShortcut_303A72A482D54D67B5D168C047EE3E11.exe => erfolgreich verschoben
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\LogFilesCollectorS_95204E1E4B3B4767821B1FAD987C2D2D.exe => erfolgreich verschoben
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\MainExe32Shortcut1_8A7FE1F5DFFF4F28A38F8DECA8F9F72A.exe => erfolgreich verschoben
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\MainExe32Shortcut_B53671B5D9A445549437680533116875.exe => erfolgreich verschoben
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\NewShortcut10_87735DA8B8974C24BDFBDDE8F2D2DF1A.exe => erfolgreich verschoben
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\UninstallIcon.exe => erfolgreich verschoben
C:\Windows\System32\config\systemprofile\AppData\Roaming\Deutsche Telekom AG\Browser7\Profiles\h0o2lqy4.default\extensions\8hffxtbr@download.allin1convert.com\plugins\NativeMessagingDispatcher.dll => erfolgreich verschoben
"C:\Windows\System32\config\systemprofile\AppData\Roaming\Deutsche Telekom AG\Browser7\Profiles\h0o2lqy4.default\extensions\9tffxtbr@free.internetspeedtracker.com\plugins\NativeMessagingDispatcher.dll" => nicht gefunden.
"C:\Windows\System32\config\systemprofile\Downloads\routenplanung(1).exe" => nicht gefunden.
"C:\Windows\System32\config\systemprofile\Downloads\routenplanung.exe" => nicht gefunden.
"C:\Windows\System32\config\systemprofile\Downloads\slow-pcfighter_Web.exe" => nicht gefunden.
EmptyTemp: => 115.8 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende vom Fixlog 19:29:44 ====
Zitat:
Gruss, Tom |
|
27.10.2015, 19:32
| #14 |
| /// the machine /// TB-Ausbilder | Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar Ja, dann war das Konto defekt. Sonst noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.10.2015, 09:57
| #15 |
| | Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar Ja, war er wohl. Mit den neuen User geht es. Und wer weiss was bei dem Account noch alles verhunzt war, insofern passt das schon. Sonst keine Probleme mehr, bis auf die bereits gestellte Frage, ob Du mir was empfehlen kannst, wie ich die Kiste besser schützen kann usw. Gruss, Tom |
|
| Themen zu Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar |
| deinstallieren, dnsapi.dll, downloader, downloads, fehlermeldung, installer, nsis/startpage.cb, posteingang, praktisch, pup.optional.alexatb, pup.optional.amazontb, pup.optional.appgraffiti, pup.optional.icq, pup.optional.icqtoolbar, pup.optional.inboxtoolbar, pup.optional.mystartsearch.shrtcln, pup.optional.rebateinformer, pup.optional.searchprotect, speicher, speichern, starmoney, win32/slowpcfighter.a, win32/toolbar.mywebsearch.ao |
WARNUNG an die MITLESER: 
Linear-Darstellung
