| |
| |||||||
Log-Analyse und Auswertung: 120 Funde / LogfileauswertungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.02.2018, 08:22
| #1 |
 |  120 Funde / Logfileauswertung Das letzte hat sich erledigt und kann auch gelöscht werden. Ich finde "Eröffne neues Thema" nicht und hänge mich hieran mit der Bitte um Kenntnisnahme un Beantwortung: Ich Habe avira antivir Trial Version noch ein paar Tage. Die erzählt mir quasi als Motivation 39 € auszugeben, was ich nicht tuen werde, folgendes: Eine Liste von 120 Dateien in Quarantäne, die als "verdächtige Dateien" bezeichnet werden meist in c:/program files(x86), die ich leider nicht copy / pasten kann. Oder sind nicht unter Quarantäne gestellte Dateien "harmlosisiert"? Ich will die aber weg haben, wer braucht die? Löschen und wipe. Vorher hatte ich lösche sämtliche Browser Verlauf etc. in chrome und firefox ausgeführt. Übrigens geht auto vervollständigen der URL in FF immer noch, sollte es nicht oder? Sowie eine Wartungs.cmd - Datei aus einem anderen Forum soll darf ich den Link hier bringen? ok bitte weil sehr nützlich: https://www.win-10-forum.de/windows-...ungsmodus.html Sonst habe ich noch microsoft essentials laufen lassen, das im Schnelllauf gar nichts fand. Folgende neueste Logfiles: das avira meldete sich mit dem mitleiderregenden selbstlosen Kaufbefehl nach all diesen Aktionen und nach reboot! Kann ich wie gesagt nicht hier als Bild bringen. Danke! P.S. Soll ich ein FRST machen? Jürgen JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64
Ran by juergen2 (Administrator) on 05.02.2018 at 11:21:18,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 8
Successfully deleted: C:\Users\juergen2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H2183XR4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\juergen2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIUWA25G (Temporary Internet Files Folder)
Successfully deleted: C:\Users\juergen2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VRRE3I4Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\juergen2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKCJZN90 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H2183XR4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIUWA25G (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VRRE3I4Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKCJZN90 (Temporary Internet Files Folder)
Deleted the following from C:\Users\juergen2\AppData\Roaming\Mozilla\Firefox\Profiles\pxidv9qv.default-1475719002037\prefs.js
user_pref(extensions.webextensions.uuids, {\vdpure@link64\:\47349fd8-5b1d-4f49-95d0-f9c5fc89103f\,\{170503FA-3349-4F17-BC86-001888A5C8E2}\:\f0c47838-edc5-40e6-9444-c
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.02.2018 at 11:25:52,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner 7.0.2.1 - Logfile created on Mon Feb 05 10:11:02 2018
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
No malicious folders deleted.
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
No malicious registry entries deleted.
***** [ Firefox (and derivatives) ] *****
Plugin deleted: __MSG_appName__ -
Plugin deleted: SMSfromBrowser -
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[C0].txt - [1601 B] - [2016/9/2 23:20:52]
C:/AdwCleaner/AdwCleaner[C10].txt - [2962 B] - [2017/2/3 11:33:41]
C:/AdwCleaner/AdwCleaner[C11].txt - [3282 B] - [2017/3/3 14:44:46]
C:/AdwCleaner/AdwCleaner[C12].txt - [3513 B] - [2017/3/15 13:2:20]
C:/AdwCleaner/AdwCleaner[C13].txt - [3829 B] - [2017/4/2 12:43:5]
C:/AdwCleaner/AdwCleaner[C14].txt - [4180 B] - [2017/6/18 16:17:28]
C:/AdwCleaner/AdwCleaner[C15].txt - [4101 B] - [2017/6/28 17:14:42]
C:/AdwCleaner/AdwCleaner[C2].txt - [1707 B] - [2016/9/20 18:12:53]
C:/AdwCleaner/AdwCleaner[C3].txt - [1354 B] - [2016/9/28 14:28:40]
C:/AdwCleaner/AdwCleaner[C4].txt - [1503 B] - [2016/10/2 10:0:44]
C:/AdwCleaner/AdwCleaner[C5].txt - [9963 B] - [2016/11/4 0:38:18]
C:/AdwCleaner/AdwCleaner[C6].txt - [2102 B] - [2016/11/15 11:42:40]
C:/AdwCleaner/AdwCleaner[C7].txt - [2381 B] - [2016/11/28 19:18:11]
C:/AdwCleaner/AdwCleaner[C8].txt - [2468 B] - [2016/12/15 17:33:32]
C:/AdwCleaner/AdwCleaner[C9].txt - [3240 B] - [2017/1/16 8:47:55]
C:/AdwCleaner/AdwCleaner[S10].txt - [2196 B] - [2016/11/9 9:1:41]
C:/AdwCleaner/AdwCleaner[S11].txt - [2270 B] - [2016/11/15 11:42:29]
C:/AdwCleaner/AdwCleaner[S12].txt - [2515 B] - [2016/11/28 19:15:23]
C:/AdwCleaner/AdwCleaner[S13].txt - [2602 B] - [2016/12/15 10:13:11]
C:/AdwCleaner/AdwCleaner[S14].txt - [2710 B] - [2016/12/16 9:49:35]
C:/AdwCleaner/AdwCleaner[S15].txt - [2785 B] - [2016/12/30 16:44:39]
C:/AdwCleaner/AdwCleaner[S16].txt - [2859 B] - [2017/1/5 12:27:45]
C:/AdwCleaner/AdwCleaner[S17].txt - [3337 B] - [2017/1/16 8:47:35]
C:/AdwCleaner/AdwCleaner[S18].txt - [3097 B] - [2017/2/3 11:17:24]
C:/AdwCleaner/AdwCleaner[S19].txt - [3347 B] - [2017/2/3 15:56:8]
C:/AdwCleaner/AdwCleaner[S1].txt - [809 B] - [2016/7/21 12:34:46]
C:/AdwCleaner/AdwCleaner[S20].txt - [3416 B] - [2017/3/3 14:43:57]
C:/AdwCleaner/AdwCleaner[S21].txt - [3449 B] - [2017/3/7 19:20:53]
C:/AdwCleaner/AdwCleaner[S22].txt - [3647 B] - [2017/3/15 13:1:59]
C:/AdwCleaner/AdwCleaner[S23].txt - [3671 B] - [2017/3/17 18:44:20]
C:/AdwCleaner/AdwCleaner[S24].txt - [3913 B] - [2017/4/2 12:42:42]
C:/AdwCleaner/AdwCleaner[S25].txt - [4162 B] - [2017/6/5 16:38:10]
C:/AdwCleaner/AdwCleaner[S26].txt - [4236 B] - [2017/6/17 11:46:40]
C:/AdwCleaner/AdwCleaner[S27].txt - [4309 B] - [2017/6/18 16:15:19]
C:/AdwCleaner/AdwCleaner[S28].txt - [4189 B] - [2017/6/21 17:51:48]
C:/AdwCleaner/AdwCleaner[S29].txt - [4031 B] - [2017/6/28 17:11:29]
C:/AdwCleaner/AdwCleaner[S2].txt - [1758 B] - [2016/9/2 22:48:8]
C:/AdwCleaner/AdwCleaner[S3].txt - [1776 B] - [2016/9/20 18:12:25]
C:/AdwCleaner/AdwCleaner[S4].txt - [1522 B] - [2016/9/28 13:55:38]
C:/AdwCleaner/AdwCleaner[S5].txt - [1671 B] - [2016/10/2 10:0:33]
C:/AdwCleaner/AdwCleaner[S6].txt - [1817 B] - [2016/10/6 2:7:2]
C:/AdwCleaner/AdwCleaner[S7].txt - [1887 B] - [2016/10/17 3:6:2]
C:/AdwCleaner/AdwCleaner[S8].txt - [1959 B] - [2016/10/22 0:47:29]
C:/AdwCleaner/AdwCleaner[S9].txt - [10485 B] - [2016/11/4 0:37:40]
########## EOF - C:\AdwCleaner\AdwCleaner[C15].txt ##########
# AdwCleaner 7.0.2.1 - Logfile created on Mon Feb 05 10:11:02 2018
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
No malicious folders deleted.
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
No malicious registry entries deleted.
***** [ Firefox (and derivatives) ] *****
Plugin deleted: __MSG_appName__ -
Plugin deleted: SMSfromBrowser -
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[C0].txt - [1601 B] - [2016/9/2 23:20:52]
C:/AdwCleaner/AdwCleaner[C10].txt - [2962 B] - [2017/2/3 11:33:41]
C:/AdwCleaner/AdwCleaner[C11].txt - [3282 B] - [2017/3/3 14:44:46]
C:/AdwCleaner/AdwCleaner[C12].txt - [3513 B] - [2017/3/15 13:2:20]
C:/AdwCleaner/AdwCleaner[C13].txt - [3829 B] - [2017/4/2 12:43:5]
C:/AdwCleaner/AdwCleaner[C14].txt - [4180 B] - [2017/6/18 16:17:28]
C:/AdwCleaner/AdwCleaner[C15].txt - [4101 B] - [2017/6/28 17:14:42]
C:/AdwCleaner/AdwCleaner[C2].txt - [1707 B] - [2016/9/20 18:12:53]
C:/AdwCleaner/AdwCleaner[C3].txt - [1354 B] - [2016/9/28 14:28:40]
C:/AdwCleaner/AdwCleaner[C4].txt - [1503 B] - [2016/10/2 10:0:44]
C:/AdwCleaner/AdwCleaner[C5].txt - [9963 B] - [2016/11/4 0:38:18]
C:/AdwCleaner/AdwCleaner[C6].txt - [2102 B] - [2016/11/15 11:42:40]
C:/AdwCleaner/AdwCleaner[C7].txt - [2381 B] - [2016/11/28 19:18:11]
C:/AdwCleaner/AdwCleaner[C8].txt - [2468 B] - [2016/12/15 17:33:32]
C:/AdwCleaner/AdwCleaner[C9].txt - [3240 B] - [2017/1/16 8:47:55]
C:/AdwCleaner/AdwCleaner[S10].txt - [2196 B] - [2016/11/9 9:1:41]
C:/AdwCleaner/AdwCleaner[S11].txt - [2270 B] - [2016/11/15 11:42:29]
C:/AdwCleaner/AdwCleaner[S12].txt - [2515 B] - [2016/11/28 19:15:23]
C:/AdwCleaner/AdwCleaner[S13].txt - [2602 B] - [2016/12/15 10:13:11]
C:/AdwCleaner/AdwCleaner[S14].txt - [2710 B] - [2016/12/16 9:49:35]
C:/AdwCleaner/AdwCleaner[S15].txt - [2785 B] - [2016/12/30 16:44:39]
C:/AdwCleaner/AdwCleaner[S16].txt - [2859 B] - [2017/1/5 12:27:45]
C:/AdwCleaner/AdwCleaner[S17].txt - [3337 B] - [2017/1/16 8:47:35]
C:/AdwCleaner/AdwCleaner[S18].txt - [3097 B] - [2017/2/3 11:17:24]
C:/AdwCleaner/AdwCleaner[S19].txt - [3347 B] - [2017/2/3 15:56:8]
C:/AdwCleaner/AdwCleaner[S1].txt - [809 B] - [2016/7/21 12:34:46]
C:/AdwCleaner/AdwCleaner[S20].txt - [3416 B] - [2017/3/3 14:43:57]
C:/AdwCleaner/AdwCleaner[S21].txt - [3449 B] - [2017/3/7 19:20:53]
C:/AdwCleaner/AdwCleaner[S22].txt - [3647 B] - [2017/3/15 13:1:59]
C:/AdwCleaner/AdwCleaner[S23].txt - [3671 B] - [2017/3/17 18:44:20]
C:/AdwCleaner/AdwCleaner[S24].txt - [3913 B] - [2017/4/2 12:42:42]
C:/AdwCleaner/AdwCleaner[S25].txt - [4162 B] - [2017/6/5 16:38:10]
C:/AdwCleaner/AdwCleaner[S26].txt - [4236 B] - [2017/6/17 11:46:40]
C:/AdwCleaner/AdwCleaner[S27].txt - [4309 B] - [2017/6/18 16:15:19]
C:/AdwCleaner/AdwCleaner[S28].txt - [4189 B] - [2017/6/21 17:51:48]
C:/AdwCleaner/AdwCleaner[S29].txt - [4031 B] - [2017/6/28 17:11:29]
C:/AdwCleaner/AdwCleaner[S2].txt - [1758 B] - [2016/9/2 22:48:8]
C:/AdwCleaner/AdwCleaner[S3].txt - [1776 B] - [2016/9/20 18:12:25]
C:/AdwCleaner/AdwCleaner[S4].txt - [1522 B] - [2016/9/28 13:55:38]
C:/AdwCleaner/AdwCleaner[S5].txt - [1671 B] - [2016/10/2 10:0:33]
C:/AdwCleaner/AdwCleaner[S6].txt - [1817 B] - [2016/10/6 2:7:2]
C:/AdwCleaner/AdwCleaner[S7].txt - [1887 B] - [2016/10/17 3:6:2]
C:/AdwCleaner/AdwCleaner[S8].txt - [1959 B] - [2016/10/22 0:47:29]
C:/AdwCleaner/AdwCleaner[S9].txt - [10485 B] - [2016/11/4 0:37:40]
########## EOF - C:\AdwCleaner\AdwCleaner[C15].txt ##########
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by juergen2 (06-02-2018 08:14:06)
Running from D:\backupMaxtor80gb\data
Windows 7 Professional Service Pack 1 (X64) (2015-10-31 21:00:58)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-963683855-2343051469-89585254-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-963683855-2343051469-89585254-501 - Limited - Disabled)
juergen2 (S-1-5-21-963683855-2343051469-89585254-1000 - Administrator - Enabled) => C:\Users\juergen2
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (HKLM\...\{F15287C6-10E3-1676-AF50-CB0355A302F1}) (Version: 2.00.0002 - Advanced Micro Devices, Inc.)
AMD APP SDK Runtime (HKLM\...\{503F672D-6C84-448A-8F8F-4BC35AC83441}) (Version: 10.0.873.1 - Advanced Micro Devices Inc.)
AMD Catalyst Control Center (HKLM-x32\...\{20AE3A4E-38CA-C6F8-4E60-5DF41A2CC0AC}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (HKLM\...\{CF84CD21-FC52-857E-AF41-9DEE9C76D245}) (Version: 2.00.0000 - Advanced Micro Devices, Inc.)
AMD Fuel (HKLM\...\{AA20E9E6-96D0-C201-E44D-F7D921F595FD}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
AMD Steady Video Plug-In (HKLM\...\{94BFDEF9-D91D-4B5D-8A60-08514C7191AF}) (Version: 2.08.0000 - AMD)
AMD USB 3.0 Device Detector (HKLM\...\{F5733897-B788-4AB1-B399-166A9FBB47A8}) (Version: 2.1.30.0 - Advanced Micro Devices, Inc.)
AMD Wireless Display v3.0 (HKLM\...\{630E5EF7-72F8-9E5D-BEF5-ED85B698E160}) (Version: 1.0.0.15 - Advanced Micro Devices, Inc.)
Arasan 20.2 (HKLM-x32\...\Arasan_is1) (Version: - )
Avira (HKLM-x32\...\{518c54f5-fd43-4aa6-936b-8d7fd8c85cbd}) (Version: 1.2.103.26908 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{E3F659C3-7936-4321-B886-4DA527DA72FE}) (Version: 1.2.103.26908 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.34.20 - Avira Operations GmbH & Co. KG)
Backup and Sync from Google (HKLM-x32\...\{908DB568-E5FA-40C7-A2AA-AB340190858B}) (Version: 3.38.7642.3857 - Google, Inc.)
BCWipe 6.0 (HKLM-x32\...\BCWipe) (Version: 6.08.3 - Jetico Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.02 - Canon Inc.)
Catalyst Control Center Graphics Previews Common (HKLM-x32\...\{9114BDDB-A6A6-152D-060A-E99307057AD1}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
Catalyst Control Center InstallProxy (HKLM-x32\...\{66CDB8EB-80D3-A762-32B4-80DA61A1C6C8}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
Catalyst Control Center Localization All (HKLM-x32\...\{315D9E6B-98B1-1E2B-9E93-B36A0B104224}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
CCC Help Chinese Standard (HKLM-x32\...\{703F229F-573E-10E7-3B44-341DB59AD86B}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Chinese Traditional (HKLM-x32\...\{489E5436-B101-CAD9-5571-14746675ECE3}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Czech (HKLM-x32\...\{BBA1614E-6470-7841-8A42-ABD5BA7B3FFE}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Danish (HKLM-x32\...\{AA0E1433-8F16-AA01-E8E9-E6408579D0D8}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Dutch (HKLM-x32\...\{504819D1-3C0A-2695-0007-BBDFA5936D68}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help English (HKLM-x32\...\{6C495748-5F03-0B97-568B-76D0368FB460}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Finnish (HKLM-x32\...\{D9CBA021-DB41-9736-923F-52E3E426912D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help French (HKLM-x32\...\{B03A580A-5D67-DAC5-59A1-7AD7C513381C}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help German (HKLM-x32\...\{69DF4822-9B16-CE04-7587-22E09FB5FD1D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Greek (HKLM-x32\...\{968C0E92-6DA9-5784-9A0B-1061D0CB2C14}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Hungarian (HKLM-x32\...\{11BC8F83-7260-65EB-3E0A-FA7AC894B42D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Italian (HKLM-x32\...\{FE4DC915-D724-E72C-EF86-DC5B89961ACF}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Japanese (HKLM-x32\...\{C9353DBC-A47C-2C9B-AF32-5E2C8B4E3D3A}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Korean (HKLM-x32\...\{37DBC990-C514-3821-D6FB-12E0745AA990}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Norwegian (HKLM-x32\...\{79E3071B-8A0C-C105-6442-CF611732601E}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Polish (HKLM-x32\...\{A12E8E1A-A77D-94E5-72F8-E83D6256AF11}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Portuguese (HKLM-x32\...\{AD5E3969-F0C0-ECBF-45E5-C36B84904281}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Russian (HKLM-x32\...\{CFA2067C-AE90-3BF9-06AF-E7E65E679B3D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Spanish (HKLM-x32\...\{110E4EE7-85A9-B76B-B943-C0C1CF0C2F74}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Swedish (HKLM-x32\...\{42A97797-A255-49F9-4250-D58A9CEA2904}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Thai (HKLM-x32\...\{31BC0B51-0676-A531-3940-1818B609EEA7}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Turkish (HKLM-x32\...\{9DB45EC2-90E7-642D-7CF9-5AC2FBDC14F7}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
ccc-utility64 (HKLM\...\{C3463F9A-E635-02E0-C351-41D16074E202}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
Convert XLS (HKLM-x32\...\Convert XLS_is1) (Version: - Softinterface, Inc.)
CrystalDiskInfo 7.5.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.1 - Crystal Dew World)
Debut Videorekorder (HKLM-x32\...\Debut) (Version: 2.17 - NCH Software)
Dr. Hardware 2015 15.5d (HKLM-x32\...\Dr. Hardware 2015_is1) (Version: - Peter A. Gebhard)
Electrum (HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\Electrum) (Version: 2.8.2 - Electrum Technologies GmbH)
Free Pascal 3.0.0 (HKLM-x32\...\FreePascal_is1) (Version: - Free Pascal Team)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.195.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{76AADFE7-3416-419C-A30B-41E762231584}) (Version: 7.3.1.4505 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gpg4win (2.3.3) (HKLM-x32\...\GPG4Win) (Version: 2.3.3 - The Gpg4win Project)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.09) (Version: 9.09 - Artifex Software Inc.)
GUI Turbo Assembler Ver 3.0.1 (HKLM-x32\...\{F522C947-52FA-4C01-B933-16292944E000}) (Version: 3.0.1 - Lakhya's Innovation Inc.)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.135.1 - Intel Security)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Java SE Development Kit 8 Update 102 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)
Java SE Development Kit 8 Update 91 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180910}) (Version: 8.0.910.14 - Oracle Corporation)
Java SE Development Kit 8 Update 91 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180910}) (Version: 8.0.910.14 - Oracle Corporation)
Lazarus 1.6.2 (HKLM\...\lazarus_is1) (Version: 1.6.2 - Lazarus Team)
MailWasherPro (HKLM-x32\...\{D16B61A0-A55E-47A9-BA73-8A5E92C26DB2}) (Version: 7.11.05 - Firetrust)
ManyCam 5.3.0 (HKLM-x32\...\ManyCam) (Version: 5.3.0 - Visicom Media Inc.)
MBOT_PureSRO_2016 version Final (HKLM-x32\...\{C14EAA16-29F0-4E10-9CD3-0C8922295590}_is1) (Version: Final - ztona, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.667.1 - McAfee, Inc.)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 58.0.1 (x64 de) (HKLM\...\Mozilla Firefox 58.0.1 (x64 de)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 de)) (Version: 52.6.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
OpenOffice 4.1.3 (HKLM-x32\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation)
Opera Stable 50.0.2762.67 (HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\Opera 50.0.2762.67) (Version: 50.0.2762.67 - Opera Software)
Pari-2-7-6 (remove only) (HKLM-x32\...\Pari-2-7-6) (Version: - )
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
PilotEdit Lite 10.7.0 (HKLM-x32\...\PilotEdit Lite_is1) (Version: - )
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Scid vs PC 4.16 (HKLM-x32\...\Scid vs PC_is1) (Version: 4.16 - Steven Atkinson)
SharpKeys (HKLM\...\{F6908C45-459A-4332-A3F2-03DAAB64939D}) (Version: 3.6.0000 - RandyRants.com)
Shotcut (HKLM-x32\...\Shotcut) (Version: - )
Silkroad (HKLM-x32\...\Silkroad) (Version: - )
Skype version 8.13 (HKLM-x32\...\Skype_is1) (Version: 8.13 - Skype Technologies S.A.)
TDM-GCC (HKLM-x32\...\TDM-GCC) (Version: 1.1309.0 - TDM)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.16 - IDRIX)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Web Companion (HKLM-x32\...\{37c882f6-40f7-46a4-9ccb-8e2808e1a79e}) (Version: 2.4.1558.3001 - Lavasoft)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wolfram Mathematica 11.2 (M-WIN-L 11.2.0 5822651) (HKLM\...\M-WIN-L 11.2.0 5822651_is1) (Version: 11.2.0 - Wolfram Research, Inc.)
Wondershare Data Recovery(Build 6.5.1.5) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 6.5.1.5 - Wondershare Software Co.,Ltd.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Xaldon WebSpider2 (HKLM-x32\...\WebSpider2) (Version: - )
Xilinx Design Tools Vivado HL WebPACK 2016.3 (C:\Xilinx) (HKLM\...\Xilinx_Vivado HL WebPACK_2016.3#0) (Version: 2016.3 - Xilinx Inc.)
Xilinx DocNav (C:\Xilinx) (HKLM\...\Xilinx_DocNav_2016.3#0) (Version: 2016.3 - Xilinx Inc.)
Xilinx Information Center (C:\Xilinx) (HKLM\...\Xilinx_Xilinx Information Center_2016.3#0) (Version: 2016.3 - Xilinx Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-01-01] ()
ContextMenuHandlers1: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} => C:\Program Files (x86)\Jetico\Shared64\BCShExt.dll [2015-12-01] (Jetico, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-20] (Google)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-08-18] (g10 Code GmbH)
ContextMenuHandlers1: [PilotEdit] -> {277B9550-37E2-47DE-B533-89A1EBD82DB9} => C:\Program Files (x86)\PilotEdit Lite\EShell_x64.dll [2013-01-01] (PilotEdit)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-01-03] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} => C:\Program Files (x86)\Jetico\Shared64\BCShExt.dll [2015-12-01] (Jetico, Inc.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-20] (Google)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-08-18] (g10 Code GmbH)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} => C:\Program Files (x86)\Jetico\Shared64\BCShExt.dll [2015-12-01] (Jetico, Inc.)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-01-03] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1C0F2488-7423-45B0-9FE9-B2F43E95DDA9} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-01-03] (Avira Operations GmbH & Co. KG)
Task: {1FB3732E-9592-444D-A701-81DF304F14A9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe
Task: {21022CE6-BFE7-40E7-AAFA-15A6CC72356B} - System32\Tasks\{E140102B-F244-4775-9758-5FA77AFD8886} => C:\Windows\system32\pcalua.exe -a "C:\Users\juergen2\Downloads\chromeinstall-8u77 (1).exe" -d C:\Users\juergen2\Downloads
Task: {213D38E2-E0E5-4EFB-88BC-AC61BF33552B} - System32\Tasks\{849B1E16-7952-40E5-887E-DAAD93154E62} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\putty.exe -d D:\backupMaxtor80gb\data
Task: {22DA9795-90BD-4731-AB6A-BD01A662D2F9} - System32\Tasks\{9C6CF1E7-9264-4314-BC30-F7778072B17B} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\wlsetup3528-all.exe -d d:\backupMaxtor80gb\data\
Task: {3B11371B-11AB-415E-8185-32A4F05C4B0F} - System32\Tasks\{471AF2D6-FC39-423E-8A09-1CE6E304D7BB} => C:\Windows\system32\pcalua.exe -a C:\camel\SilkroadOnlineGlobal_Official_v1_486.exe -d c:\camel\
Task: {4ADE3327-7150-4BB8-87C3-76601FC67879} - System32\Tasks\{FD09F9C6-B58A-406E-8536-F1B82AF22BBE} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\i2pinstall_0.9.30_windows.exe -d D:\backupMaxtor80gb\data
Task: {6ADA2DE3-F929-4442-BCBE-E1D403613F2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-21] (Google Inc.)
Task: {70FC73DB-5C4F-4CB5-9833-76B9D3A491A6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {A6D9A0B3-82A7-4937-910D-C86CC1F2F571} - System32\Tasks\{C61837B8-EABF-4B5E-B96E-3C6EC1BD2343} => C:\Windows\system32\pcalua.exe -a C:\datas\jxpiinstall(4).exe -d C:\datas
Task: {AD24AC21-72E8-4AFB-8BA6-BC0413019E02} - System32\Tasks\Opera scheduled Autoupdate 1498067933 => C:\Users\juergen2\AppData\Local\Programs\Opera\launcher.exe [2018-01-22] (Opera Software)
Task: {BE9E6706-8A73-4F34-8BC7-F4B899EDF1C0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {D81ED6FD-5476-4FAA-A9B9-AD7C0B99C7D9} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {DAC363AC-634F-4411-8C93-334B4E476B58} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
Task: {E302C505-2A7A-4384-87A8-489CE462BC3D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {F4DDD129-C6FA-4772-AC2D-CE369BA97A92} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {F6F30DFE-BB87-4833-A1E0-CEE92CCDEE3C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-21] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\juergen2\Favorites\Downloadseite von NCH Software.lnk -> hxxp://www.nchsoftware.com/de/index.htm
Shortcut: C:\Users\juergen2\Desktop\apache_start - Shortcut.lnk -> C:\xampp\apache_start.bat ()
Shortcut: C:\Users\juergen2\Desktop\Vivado HLS 2016.3.lnk -> C:\Xilinx\Vivado_HLS\2016.3\bin\vivado_hls.bat ()
Shortcut: C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilinx Design Tools\Vivado 2016.3\Vivado HLS\Vivado HLS 2016.3 Command Prompt.lnk -> C:\Xilinx\Vivado_HLS\2016.3\bin\vivado_hls_cmd.bat ()
Shortcut: C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilinx Design Tools\Vivado 2016.3\Vivado HLS\Vivado HLS 2016.3.lnk -> C:\Xilinx\Vivado_HLS\2016.3\bin\vivado_hls.bat ()
Shortcut: C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GAP 4.7.8\GAP 4.7.8.lnk -> C:\gap4r7\bin\gap.bat ()
ShortcutWithArgument: C:\Users\juergen2\Desktop\root@www.hzgb.org.lnk -> D:\WinSCP-5.9.2-Portable\WinSCP.exe (Martin Prikryl) -> "root%40www.hzgb.org" /Desktop /UploadIfAny
ShortcutWithArgument: C:\Users\juergen2\Desktop\Vivado 2016.3.lnk -> C:\Xilinx\Vivado\2016.3\bin\unwrapped\win64.o\vvgl.exe () -> C:\Xilinx\Vivado\2016.3\bin\vivado.bat
ShortcutWithArgument: C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilinx Design Tools\Vivado 2016.3\Manage Xilinx Licenses.lnk -> C:\Xilinx\Vivado\2016.3\bin\unwrapped\win64.o\vvgl.exe () -> C:\Xilinx\Vivado\2016.3\bin\vlm.bat
ShortcutWithArgument: C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilinx Design Tools\Vivado 2016.3\Vivado 2016.3 Tcl Shell.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k C:\Xilinx\Vivado\2016.3\bin\vivado.bat -mode tcl
ShortcutWithArgument: C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilinx Design Tools\Vivado 2016.3\Vivado 2016.3.lnk -> C:\Xilinx\Vivado\2016.3\bin\unwrapped\win64.o\vvgl.exe () -> C:\Xilinx\Vivado\2016.3\bin\vivado.bat
==================== Loaded Modules (Whitelisted) ==============
2015-08-04 00:25 - 2015-08-04 00:25 - 000214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 000817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 003650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2016-08-18 09:27 - 2016-08-18 09:27 - 000216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2018-01-01 02:07 - 2018-01-01 02:07 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-01-09 09:50 - 2018-01-03 10:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-09 09:50 - 2018-01-03 10:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2015-08-04 00:25 - 2015-08-04 00:25 - 000102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2000-01-01 01:00 - 2018-01-27 17:07 - 003614720 _____ () C:\Users\juergen2\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
2016-08-18 09:14 - 2016-08-18 09:14 - 000222720 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2016-08-18 09:09 - 2016-08-18 09:09 - 000103424 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2016-08-18 09:03 - 2016-08-18 09:03 - 000050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2016-08-18 09:14 - 2016-08-18 09:14 - 000073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2016-08-18 09:17 - 2016-08-18 09:17 - 000751104 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2018-01-01 02:07 - 2018-01-01 02:07 - 000021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2000-01-01 01:00 - 2018-01-27 17:07 - 000093095 _____ () C:\Users\juergen2\Desktop\Tor Browser\Browser\libssp-0.dll
2000-01-01 01:00 - 2018-01-27 17:07 - 000107520 _____ () C:\Users\juergen2\Desktop\Tor Browser\Browser\TorBrowser\Tor\zlib1.dll
2000-01-01 01:00 - 2018-01-27 17:07 - 000093095 _____ () C:\Users\juergen2\Desktop\Tor Browser\Browser\TorBrowser\Tor\libssp-0.dll
2000-01-01 01:00 - 2018-01-27 17:07 - 000717225 _____ () C:\Users\juergen2\Desktop\Tor Browser\Browser\TorBrowser\Tor\libevent-2-0-5.dll
2000-01-01 01:00 - 2018-01-27 17:07 - 000523022 _____ () C:\Users\juergen2\Desktop\Tor Browser\Browser\TorBrowser\Tor\libgcc_s_sjlj-1.dll
2015-11-01 08:53 - 2014-07-17 12:18 - 000219648 _____ () C:\xampp\apache\bin\pcre.dll
2015-11-01 08:54 - 2014-07-23 23:24 - 000128512 _____ () C:\xampp\php\libpq.dll
2017-12-10 15:05 - 2018-01-09 18:07 - 001551816 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2017-12-10 15:05 - 2018-01-09 18:04 - 000088064 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2017-12-10 15:05 - 2018-01-09 18:04 - 002559608 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2017-12-10 15:05 - 2018-01-09 18:04 - 000031864 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2017-12-10 15:05 - 2018-01-09 18:04 - 000400384 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2017-12-10 15:05 - 2018-01-09 18:04 - 000129536 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2017-12-10 15:05 - 2018-01-09 18:04 - 002171904 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2016-12-19 15:36 - 2016-12-14 09:00 - 000132176 _____ () C:\totalcmd\wcmzip32.dll
2016-12-19 15:36 - 2016-12-14 09:00 - 000083024 _____ () C:\totalcmd\tc7zipif.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\localhost -> localhost
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2017-11-30 16:41 - 000002026 _____ C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-963683855-2343051469-89585254-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: vssbrigde64 => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^juergen2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MailWasherPro.lnk => C:\Windows\pss\MailWasherPro.lnk.Startup
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E08E8243-C2A1-4221-90A7-14736621DBE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9EA08C55-5310-4A9E-8ABB-32F4A49FF91B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{97587CB0-9EAA-4B76-AE0F-849E608FE32D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{81373308-C4D3-45DA-ABFB-9FF3613C6D5D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{27E94056-EE89-40C2-88F9-FCDD1B8E5D43}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{D80E4AD5-8012-4DE4-B0FE-3695EFEBEAED}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E4AFD96A-B990-4558-B5EE-3F16F3B150B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EFF6531-5BDD-4CC8-BCE4-8C1B36A92B77}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1144CB11-19E6-41BF-BAFF-C3CBF53D788E}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{D076BE44-8E6B-4596-BDAA-38B73655C620}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{BA663251-09BF-4823-8DE3-357013B1B8CE}C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe] => (Allow) C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe
FirewallRules: [UDP Query User{E5E54FE6-C09E-4ABB-90E3-E86CBF75A6F2}C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe] => (Allow) C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe
FirewallRules: [TCP Query User{3562059C-09AD-49C5-B7A8-F01122A24FF9}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{F0D6FC0B-D3F6-4346-A980-F46D4C9D1B96}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{98C9BD54-7195-421F-8622-82F19A588534}C:\eclipse\eclipse\eclipse.exe] => (Allow) C:\eclipse\eclipse\eclipse.exe
FirewallRules: [UDP Query User{823BFEF5-2144-437C-A54B-BCCA12451298}C:\eclipse\eclipse\eclipse.exe] => (Allow) C:\eclipse\eclipse\eclipse.exe
FirewallRules: [TCP Query User{43DE325D-FD61-460D-842E-290A5202FB7F}C:\users\juergen2\desktop\totalcmd\totalcmd.exe] => (Allow) C:\users\juergen2\desktop\totalcmd\totalcmd.exe
FirewallRules: [UDP Query User{DFCF343D-2298-479B-820C-A9D87E56AFF7}C:\users\juergen2\desktop\totalcmd\totalcmd.exe] => (Allow) C:\users\juergen2\desktop\totalcmd\totalcmd.exe
FirewallRules: [TCP Query User{A1496639-68D5-46B4-967E-A505FB7D9C89}C:\datas\psro_m_manualpatch_client_downloader_v3.exe] => (Allow) C:\datas\psro_m_manualpatch_client_downloader_v3.exe
FirewallRules: [UDP Query User{D2661694-9DE9-4B85-AA71-E76B9FE67E92}C:\datas\psro_m_manualpatch_client_downloader_v3.exe] => (Allow) C:\datas\psro_m_manualpatch_client_downloader_v3.exe
FirewallRules: [TCP Query User{DA6A1C4E-6658-4536-B8A6-C2F9FD65FD61}C:\datas\psro_full_client_downloader_v3.exe] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [UDP Query User{4C306084-351A-440E-86A7-02F33064F80E}C:\datas\psro_full_client_downloader_v3.exe] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [TCP Query User{82621B54-D4E3-4191-A32E-7FB2E966AFE0}I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [UDP Query User{FA455FFB-BB85-4880-8324-9ED51129A541}I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [TCP Query User{AFDB542D-C34E-4DBA-A5E8-13FD772F4676}C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [UDP Query User{821974AD-1244-4300-8892-42C965D1C906}C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [{EE884B1A-0A33-4F7E-BE89-6C013F4282AB}] => (Allow) C:\Users\juergen2\AppData\Local\IQA\Application\chrome.exe
FirewallRules: [{776A7697-A9FA-4D00-AE02-02733E032793}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{179DB254-E4A7-44FD-8180-A252E383B707}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{5881A1B3-618E-4628-AF81-07C027281C34}C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe] => (Allow) C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe
FirewallRules: [UDP Query User{B1095A5C-EA19-4532-BE33-41EF9C86B1D8}C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe] => (Allow) C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe
FirewallRules: [TCP Query User{B12981FF-B265-4AD8-90CC-1CAA78AFF9D3}C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe] => (Allow) C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe
FirewallRules: [UDP Query User{17966661-BA79-4C90-BC0D-63434C7A2A9F}C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe] => (Allow) C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe
FirewallRules: [TCP Query User{359222EA-9F94-4EDA-A978-E08B0C015F21}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [UDP Query User{DCC70F92-DA66-4518-B65F-551E06FAED96}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [TCP Query User{0C48E5AD-B230-4661-BAFF-D286C90BF7ED}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [UDP Query User{5E82995E-38F3-476B-98A0-E4055D9530E6}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [TCP Query User{FF3B1697-47E7-4E15-A46F-14DAD9A34297}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe
FirewallRules: [UDP Query User{91BF5810-5F2B-4B0B-89A6-13C7BD7AF7E0}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe
FirewallRules: [TCP Query User{0F0A5EA5-6FDA-4571-8F26-6D7235C4710D}C:\program files\java\jdk1.8.0_91\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_91\jre\bin\javaw.exe
FirewallRules: [UDP Query User{3D4A1B41-29FB-4AED-884B-4EE1AE1D49B2}C:\program files\java\jdk1.8.0_91\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_91\jre\bin\javaw.exe
FirewallRules: [{A15FD59F-4DEB-48C5-B0AB-C560507A5BD9}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{7B27A2F1-A1C2-40B1-856F-69E72A5FDD68}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{109B94D2-FB0C-44F2-A49B-C1ABC4AE84C2}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{0E26162C-0928-4A55-BFA2-D3D7A388B22E}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{8BAD0C4F-C654-432F-8A46-8CBC4BFF20AF}] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [{81FA3FFE-6DEF-4F3D-871E-6120D650F375}] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [{E12FBEE4-11A9-4252-B72E-9DA5B9A82CDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7DA09561-F33A-4F74-AE93-BE232605E318}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C619FF61-7405-4E6D-B469-F5ED7A4CEBEE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5D49AA65-E9EC-4E40-AF85-819A887C58C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4819EF9F-ECF0-439F-AD62-F821F6909071}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{97B5B131-9D32-4BAD-8E9A-E1780ABF9A4D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{054F0F09-AE56-4599-9BA5-F86C9D31FFB5}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{A5989984-670A-4953-A4B2-97E2981C1C4E}] => (Allow) C:\Users\juergen2\AppData\Local\Programs\Opera\50.0.2762.58\opera.exe
FirewallRules: [{51A58F52-6A7A-4F9F-A9D3-54673771201E}] => (Allow) C:\Users\juergen2\AppData\Local\Programs\Opera\50.0.2762.67\opera.exe
FirewallRules: [{858D641F-B90B-4B90-9641-DFF96825B635}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\Mathematica.exe
FirewallRules: [{36275EA3-11DB-4932-AC9B-19B7D18F4C95}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\Mathematica.exe
FirewallRules: [{A9C5985A-EEDC-40A3-BBEC-1E2E964F227C}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\MathKernel.exe
FirewallRules: [{A6DED921-ACDB-4F33-8FF6-E322906C2092}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\MathKernel.exe
FirewallRules: [{9D3AC6F5-DD80-4C6C-AC12-2DE855E84AE0}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\math.exe
FirewallRules: [{719EF127-CBDB-42E9-AA42-01703EB925AD}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\math.exe
==================== Restore Points =========================
31-01-2018 00:38:04 Windows Update
31-01-2018 02:07:07 Windows Update
03-02-2018 12:45:28 Windows Update
04-02-2018 19:00:31 Windows Backup
05-02-2018 23:59:14 Windows Update
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: AODDriver4.1
Description: AODDriver4.1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.1
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/06/2018 07:11:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/05/2018 04:26:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/05/2018 11:44:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/05/2018 11:31:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/05/2018 11:21:39 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\juergen2\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x80070070).
Error: (02/05/2018 11:14:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/05/2018 09:52:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/04/2018 09:07:07 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).
Error: (02/04/2018 12:23:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MailWasherPro.exe, version: 2017.7.11.5, time stamp: 0x5a24bee9
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24000, time stamp: 0x5a4996d4
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x86c
Faulting application start time: 0x01d39da754478d4b
Faulting application path: C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: d9c603a5-099d-11e8-bf93-8c89a53586cf
Error: (02/04/2018 12:23:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MailWasherPro.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IndexOutOfRangeException
at MailWasherPro.Startup.Main(System.String[])
System errors:
=============
Error: (02/06/2018 07:12:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (02/06/2018 07:12:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bcbus
Error: (02/06/2018 07:12:07 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Biometric and Context Agent Service service hung on starting.
Error: (02/06/2018 07:10:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.1 service failed to start due to the following error:
The system cannot find the path specified.
Error: (02/06/2018 12:00:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc driver update for AMD SMBus.
Error: (02/05/2018 04:28:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (02/05/2018 04:27:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bcbus
Error: (02/05/2018 04:27:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Biometric and Context Agent Service service hung on starting.
Error: (02/05/2018 04:25:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.1 service failed to start due to the following error:
The system cannot find the path specified.
Error: (02/05/2018 01:04:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
Access is denied.
CodeIntegrity:
===================================
Date: 2015-11-05 07:09:53.063
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-11-05 07:09:53.061
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-11-05 07:09:53.029
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-11-05 07:09:53.027
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD A6-3650 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 71%
Total physical RAM: 7793.37 MB
Available physical RAM: 2256.82 MB
Total Virtual: 11887.54 MB
Available Virtual: 5156.29 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:488.18 GB) (Free:179.49 GB) NTFS
Drive d: (neueMaxTor) (Fixed) (Total:443.23 GB) (Free:176.03 GB) NTFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (Dritte Externe Teil 1) (Fixed) (Total:351.38 GB) (Free:50.38 GB) NTFS
Drive h: (Poops) (Fixed) (Total:347.16 GB) (Free:24.97 GB) NTFS
Drive i: (PalleMalle) (Fixed) (Total:931.51 GB) (Free:31.45 GB) NTFS
Drive j: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:23.36 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9A083BDB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7191D59B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=351.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=347.2 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 002EFF55)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: AAE66568)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
|
| Themen zu 120 Funde / Logfileauswertung |
| chromium, microsoft essentials |
Baum-Darstellung