| |
| |||||||
Log-Analyse und Auswertung: Computer wird langsam und will ständig ein Java-Update durchführen. Virenfund nach scan.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
20.01.2014, 15:27
| #1 |
| |  Computer wird langsam und will ständig ein Java-Update durchführen. Virenfund nach scan. Hallo, vorweg vielen Dank für die ausführlichen Beschreibungen!! Ich habe folgendes Problem: Mein Rechner wollte in der letzten Zeit jeden Tag mindestens ein Java-Update ausführen. Nachdem ich mir zuerst nichts dabei gedacht habe, stellte ich doch fest, dass das System merklich langsamer wurde. Ich führte Sonntag einen vollständigen Scan mit Avira Free Antivirus durch und folgte anschließend eurer Beschreibung und erstellte die von euch gewünschten Protokolle. Der Virenscanner fand einige Viren und verschob drei in einen Quarantäneordner. Vor dem Scan mit "Gemer" habe ich allerdings den Virenscanner deinstalliert, weil ich diesen nicht deaktivieren konnte. Dies ist im Verlaufsprotokoll vermerkt. Ansonsten hoffe ich, dass ich alles richtig befolgt habe. Die Protokolle sehen wie folgt aus: Protokoll Avira Free Antivirus befindet sich auf Grund der Länge im Anhang. Die Protokolle von FRST sehen wie folgt aus: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04
Ran by MarcoD (administrator) on MARCOD-PC on 20-01-2014 08:11:34
Running from C:\Users\MarcoD\Desktop\Defrogger
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.1929.1134_x64__8wekyb3d8bbwe\onenoteim.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Users\MarcoD\Desktop\Defrogger\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [jswtrayutil] - "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
Startup: C:\Users\MarcoD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.heise.de/ct/artikel/Remix-it-2063603.html
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCE62E11B57D5CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.8,en-US;q=0.5,en;q=0.3
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR HomePage: hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=ba839e380000000000000015af726f1f
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-10-28]
CHR Extension: (Google Docs) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-28]
CHR Extension: (Google Drive) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-28]
CHR Extension: (YouTube) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-28]
CHR Extension: (Google-Suche) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-28]
CHR Extension: (Google Wallet) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Google Mail) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-28]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-12-20]
==================== Services (Whitelisted) =================
U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
U2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
U2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
U2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
U2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [906536 2013-10-18] (AnchorFree Inc.)
U3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-10-16] ()
U2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [555304 2013-10-18] ()
U2 jswpbapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe [241664 2012-03-26] (Atheros Communications, Inc.)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
U2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [307488 2012-10-16] ()
U2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
U2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2013-10-16] (AnchorFree Inc.)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
U3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
U1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
U1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-20 08:11 - 2014-01-20 08:11 - 00000000 ____D C:\FRST
2014-01-20 08:09 - 2014-01-20 08:09 - 00000474 _____ C:\Users\MarcoD\Desktop\defogger_disable.log
2014-01-20 08:09 - 2014-01-20 08:09 - 00000000 _____ C:\Users\MarcoD\defogger_reenable
2014-01-20 08:07 - 2014-01-20 08:11 - 00000000 ____D C:\Users\MarcoD\Desktop\Defrogger
2014-01-20 07:31 - 2014-01-20 07:31 - 00000000 ____D C:\Users\MarcoD\Desktop\AntivirProtokoll
2014-01-19 20:15 - 2014-01-19 23:07 - 00000000 ____D C:\Users\MarcoD\Desktop\Praktikumsorganisation
2014-01-19 14:24 - 2014-01-19 14:24 - 00296096 _____ C:\WINDOWS\Minidump\011914-17437-01.dmp
2014-01-19 14:07 - 2014-01-19 14:07 - 00292472 _____ C:\WINDOWS\Minidump\011914-17109-01.dmp
2014-01-18 19:28 - 2014-01-18 19:28 - 00296144 _____ C:\WINDOWS\Minidump\011814-18187-01.dmp
2014-01-18 04:50 - 2014-01-18 04:50 - 00296152 _____ C:\WINDOWS\Minidump\011814-17078-01.dmp
2014-01-17 23:34 - 2014-01-19 23:06 - 00000000 ____D C:\Users\MarcoD\Desktop\Praktikumsbetreuung
2014-01-17 17:11 - 2014-01-17 17:11 - 00000000 ___RD C:\Users\MarcoD\Documents\Notes
2014-01-17 15:11 - 2014-01-17 15:11 - 00296152 _____ C:\WINDOWS\Minidump\011714-17296-01.dmp
2014-01-16 11:47 - 2014-01-16 11:47 - 00296120 _____ C:\WINDOWS\Minidump\011614-17062-01.dmp
2014-01-15 17:46 - 2014-01-15 17:46 - 00000000 ____D C:\Users\MarcoD\Desktop\BilderHamburg
2014-01-15 16:31 - 2014-01-15 16:31 - 00000000 ____D C:\Users\MarcoD\Desktop\EmailAdressen
2014-01-15 16:17 - 2014-01-15 16:17 - 00000000 ____D C:\Users\MarcoD\Desktop\Termine
2014-01-15 12:15 - 2014-01-15 12:15 - 00292952 _____ C:\WINDOWS\Minidump\011514-17203-01.dmp
2014-01-15 07:02 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-15 07:02 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-15 07:02 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-15 07:02 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-15 07:02 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-15 07:02 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 07:02 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-15 07:02 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 07:02 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-15 07:02 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 07:02 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-15 06:59 - 2014-01-15 06:59 - 00000000 ____D C:\Users\MarcoD\Documents\OneNote-Notizbücher
2014-01-15 06:57 - 2014-01-15 06:57 - 00296120 _____ C:\WINDOWS\Minidump\011514-16953-01.dmp
2014-01-14 16:08 - 2014-01-14 16:08 - 00296088 _____ C:\WINDOWS\Minidump\011414-17078-01.dmp
2014-01-14 14:55 - 2014-01-14 14:55 - 00296016 _____ C:\WINDOWS\Minidump\011414-17218-01.dmp
2014-01-14 09:11 - 2014-01-14 09:11 - 00296040 _____ C:\WINDOWS\Minidump\011414-17156-01.dmp
2014-01-13 22:11 - 2014-01-13 22:11 - 01458680 _____ C:\Users\MarcoD\Desktop\Vertretungsplan_pdf - Google Drive.mht
2014-01-13 14:27 - 2014-01-13 14:27 - 00292088 _____ C:\WINDOWS\Minidump\011314-17234-01.dmp
2014-01-13 08:53 - 2014-01-13 08:53 - 00296152 _____ C:\WINDOWS\Minidump\011314-17625-01.dmp
2014-01-12 11:45 - 2014-01-12 11:45 - 00296128 _____ C:\WINDOWS\Minidump\011214-17828-01.dmp
2014-01-11 15:08 - 2014-01-11 15:08 - 00296120 _____ C:\WINDOWS\Minidump\011114-16937-01.dmp
2014-01-11 11:00 - 2014-01-11 11:00 - 00289920 _____ C:\WINDOWS\Minidump\011114-17093-01.dmp
2014-01-10 20:23 - 2014-01-10 20:23 - 00296104 _____ C:\WINDOWS\Minidump\011014-17078-01.dmp
2014-01-10 18:32 - 2014-01-14 18:35 - 00000000 ____D C:\Users\MarcoD\Desktop\LSE Alt
2014-01-10 13:46 - 2014-01-10 13:46 - 00291032 _____ C:\WINDOWS\Minidump\011014-16859-01.dmp
2014-01-10 07:25 - 2014-01-10 07:25 - 00296088 _____ C:\WINDOWS\Minidump\011014-17671-01.dmp
2014-01-10 06:58 - 2014-01-10 06:58 - 00296088 _____ C:\WINDOWS\Minidump\011014-8875-01.dmp
2014-01-09 16:14 - 2014-01-12 19:39 - 00000000 ____D C:\Users\MarcoD\Desktop\KlausurenanHelga
2014-01-09 13:03 - 2014-01-09 13:03 - 00294528 _____ C:\WINDOWS\Minidump\010914-8656-01.dmp
2014-01-07 13:56 - 2014-01-07 13:56 - 00830326 _____ C:\Users\MarcoD\Desktop\Lehrerzimmer Arbeiten und Klausuren Anzahl und Dauer 2013_14_php.mht
2014-01-07 10:25 - 2014-01-07 10:30 - 00000000 ____D C:\Users\MarcoD\Desktop\hp8600
2014-01-04 19:44 - 2014-01-07 14:00 - 00000000 ____D C:\Users\MarcoD\Desktop\Klausur8und11PDFAuswertung
2014-01-04 18:03 - 2014-01-04 18:03 - 00002028 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\Program Files (x86)\HP
2014-01-04 18:02 - 2014-01-04 18:03 - 06123336 _____ C:\Users\MarcoD\Desktop\HPPSdr.exe
2014-01-04 18:02 - 2014-01-04 18:02 - 06123336 _____ C:\Users\MarcoD\Downloads\HPPSdr.exe
2013-12-31 14:33 - 2013-12-31 14:33 - 00004633 _____ C:\Users\MarcoD\Desktop\AufgabeFlüsse.ggb
==================== One Month Modified Files and Folders =======
2014-01-20 08:11 - 2014-01-20 08:11 - 00000000 ____D C:\FRST
2014-01-20 08:11 - 2014-01-20 08:07 - 00000000 ____D C:\Users\MarcoD\Desktop\Defrogger
2014-01-20 08:09 - 2014-01-20 08:09 - 00000474 _____ C:\Users\MarcoD\Desktop\defogger_disable.log
2014-01-20 08:09 - 2014-01-20 08:09 - 00000000 _____ C:\Users\MarcoD\defogger_reenable
2014-01-20 08:09 - 2013-10-26 20:48 - 00000000 ____D C:\Users\MarcoD
2014-01-20 08:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-20 07:39 - 2013-03-28 19:04 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-20 07:31 - 2014-01-20 07:31 - 00000000 ____D C:\Users\MarcoD\Desktop\AntivirProtokoll
2014-01-20 06:42 - 2013-10-26 20:45 - 01935255 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-20 02:45 - 2013-10-26 21:08 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B21ED4F7-B563-4994-AD1E-7B12D346DC76}
2014-01-19 23:07 - 2014-01-19 20:15 - 00000000 ____D C:\Users\MarcoD\Desktop\Praktikumsorganisation
2014-01-19 23:06 - 2014-01-17 23:34 - 00000000 ____D C:\Users\MarcoD\Desktop\Praktikumsbetreuung
2014-01-19 20:18 - 2013-09-30 05:14 - 01686150 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-19 20:18 - 2013-09-30 04:56 - 00726688 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-19 20:18 - 2013-09-30 04:56 - 00151380 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-19 18:06 - 2013-03-28 18:56 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3059932948-4090955212-1715894310-1001
2014-01-19 17:39 - 2013-03-28 19:04 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-19 14:25 - 2013-10-26 21:05 - 00000000 __RDO C:\Users\MarcoD\SkyDrive
2014-01-19 14:24 - 2014-01-19 14:24 - 00296096 _____ C:\WINDOWS\Minidump\011914-17437-01.dmp
2014-01-19 14:24 - 2013-11-04 18:14 - 391306265 _____ C:\WINDOWS\MEMORY.DMP
2014-01-19 14:24 - 2013-11-04 18:14 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-19 14:24 - 2013-10-26 20:46 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-19 14:24 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-19 14:07 - 2014-01-19 14:07 - 00292472 _____ C:\WINDOWS\Minidump\011914-17109-01.dmp
2014-01-18 20:41 - 2013-10-02 14:13 - 00000000 ____D C:\Users\MarcoD\Desktop\MatheKlasse8d2013
2014-01-18 19:28 - 2014-01-18 19:28 - 00296144 _____ C:\WINDOWS\Minidump\011814-18187-01.dmp
2014-01-18 04:50 - 2014-01-18 04:50 - 00296152 _____ C:\WINDOWS\Minidump\011814-17078-01.dmp
2014-01-18 04:50 - 2013-09-29 20:04 - 00004200 _____ C:\WINDOWS\PFRO.log
2014-01-17 17:11 - 2014-01-17 17:11 - 00000000 ___RD C:\Users\MarcoD\Documents\Notes
2014-01-17 15:13 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-17 15:11 - 2014-01-17 15:11 - 00296152 _____ C:\WINDOWS\Minidump\011714-17296-01.dmp
2014-01-16 11:59 - 2013-08-22 15:46 - 00348098 _____ C:\WINDOWS\setupact.log
2014-01-16 11:47 - 2014-01-16 11:47 - 00296120 _____ C:\WINDOWS\Minidump\011614-17062-01.dmp
2014-01-15 19:11 - 2013-03-28 21:13 - 00000000 ____D C:\Users\MarcoD\Desktop\WORDII
2014-01-15 18:39 - 2013-07-17 09:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-15 18:38 - 2013-03-30 12:22 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 17:46 - 2014-01-15 17:46 - 00000000 ____D C:\Users\MarcoD\Desktop\BilderHamburg
2014-01-15 17:24 - 2013-03-28 21:13 - 00000000 ____D C:\Users\MarcoD\Desktop\WORDDateien
2014-01-15 17:08 - 2013-11-10 19:50 - 00000000 ____D C:\Users\MarcoD\Desktop\WORDII1
2014-01-15 17:07 - 2013-09-12 20:35 - 00000000 ____D C:\Users\MarcoD\Desktop\MatheLK2013Q1
2014-01-15 16:52 - 2013-10-02 13:53 - 00000000 ____D C:\Users\MarcoD\Desktop\MatheKurseBeginn2013
2014-01-15 16:31 - 2014-01-15 16:31 - 00000000 ____D C:\Users\MarcoD\Desktop\EmailAdressen
2014-01-15 16:17 - 2014-01-15 16:17 - 00000000 ____D C:\Users\MarcoD\Desktop\Termine
2014-01-15 14:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-15 14:46 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-15 13:19 - 2013-03-28 19:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 12:15 - 2014-01-15 12:15 - 00292952 _____ C:\WINDOWS\Minidump\011514-17203-01.dmp
2014-01-15 06:59 - 2014-01-15 06:59 - 00000000 ____D C:\Users\MarcoD\Documents\OneNote-Notizbücher
2014-01-15 06:59 - 2013-03-28 17:08 - 00000000 ___RD C:\Users\MarcoD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-15 06:57 - 2014-01-15 06:57 - 00296120 _____ C:\WINDOWS\Minidump\011514-16953-01.dmp
2014-01-14 18:35 - 2014-01-10 18:32 - 00000000 ____D C:\Users\MarcoD\Desktop\LSE Alt
2014-01-14 16:08 - 2014-01-14 16:08 - 00296088 _____ C:\WINDOWS\Minidump\011414-17078-01.dmp
2014-01-14 14:55 - 2014-01-14 14:55 - 00296016 _____ C:\WINDOWS\Minidump\011414-17218-01.dmp
2014-01-14 09:11 - 2014-01-14 09:11 - 00296040 _____ C:\WINDOWS\Minidump\011414-17156-01.dmp
2014-01-13 22:11 - 2014-01-13 22:11 - 01458680 _____ C:\Users\MarcoD\Desktop\Vertretungsplan_pdf - Google Drive.mht
2014-01-13 14:27 - 2014-01-13 14:27 - 00292088 _____ C:\WINDOWS\Minidump\011314-17234-01.dmp
2014-01-13 08:53 - 2014-01-13 08:53 - 00296152 _____ C:\WINDOWS\Minidump\011314-17625-01.dmp
2014-01-12 19:39 - 2014-01-09 16:14 - 00000000 ____D C:\Users\MarcoD\Desktop\KlausurenanHelga
2014-01-12 11:45 - 2014-01-12 11:45 - 00296128 _____ C:\WINDOWS\Minidump\011214-17828-01.dmp
2014-01-11 15:08 - 2014-01-11 15:08 - 00296120 _____ C:\WINDOWS\Minidump\011114-16937-01.dmp
2014-01-11 11:00 - 2014-01-11 11:00 - 00289920 _____ C:\WINDOWS\Minidump\011114-17093-01.dmp
2014-01-10 20:23 - 2014-01-10 20:23 - 00296104 _____ C:\WINDOWS\Minidump\011014-17078-01.dmp
2014-01-10 18:23 - 2013-03-28 21:28 - 00000000 ____D C:\Users\MarcoD\Desktop\VERWALTUNG
2014-01-10 18:18 - 2013-12-15 22:27 - 00000000 ____D C:\Users\MarcoD\Desktop\Überstunden
2014-01-10 13:46 - 2014-01-10 13:46 - 00291032 _____ C:\WINDOWS\Minidump\011014-16859-01.dmp
2014-01-10 07:25 - 2014-01-10 07:25 - 00296088 _____ C:\WINDOWS\Minidump\011014-17671-01.dmp
2014-01-10 06:58 - 2014-01-10 06:58 - 00296088 _____ C:\WINDOWS\Minidump\011014-8875-01.dmp
2014-01-09 13:03 - 2014-01-09 13:03 - 00294528 _____ C:\WINDOWS\Minidump\010914-8656-01.dmp
2014-01-07 14:00 - 2014-01-04 19:44 - 00000000 ____D C:\Users\MarcoD\Desktop\Klausur8und11PDFAuswertung
2014-01-07 13:56 - 2014-01-07 13:56 - 00830326 _____ C:\Users\MarcoD\Desktop\Lehrerzimmer Arbeiten und Klausuren Anzahl und Dauer 2013_14_php.mht
2014-01-07 10:30 - 2014-01-07 10:25 - 00000000 ____D C:\Users\MarcoD\Desktop\hp8600
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-04 18:03 - 2014-01-04 18:03 - 00002028 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\Program Files (x86)\HP
2014-01-04 18:03 - 2014-01-04 18:02 - 06123336 _____ C:\Users\MarcoD\Desktop\HPPSdr.exe
2014-01-04 18:03 - 2013-10-26 20:45 - 00000000 ____D C:\ProgramData\HP
2014-01-04 18:02 - 2014-01-04 18:02 - 06123336 _____ C:\Users\MarcoD\Downloads\HPPSdr.exe
2013-12-31 18:44 - 2013-11-10 19:51 - 00000000 ____D C:\Users\MarcoD\Desktop\BilderII1
2013-12-31 18:44 - 2013-03-28 21:10 - 00000000 ____D C:\Users\MarcoD\Desktop\BILDERII
2013-12-31 14:33 - 2013-12-31 14:33 - 00004633 _____ C:\Users\MarcoD\Desktop\AufgabeFlüsse.ggb
2013-12-30 08:21 - 2013-03-29 02:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
Some content of TEMP:
====================
C:\Users\MarcoD\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 14:44
==================== End Of Log ============================
und die Addition.txt-Datei kommt jetzt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2014 04
Ran by MarcoD at 2014-01-20 08:12:27
Running from C:\Users\MarcoD\Desktop\Defrogger
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar (x32 Version: 12.10.0.2949 - APN, LLC)
Bing-Desktop (x32 Version: 1.3.171.0 - Microsoft Corporation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon Utilities Solution Menu (x32 Version: - )
Free M4a to MP3 Converter 8.0 (x32 Version: - ManiacTools.com)
GeoGebra 4.2 (x32 Version: 4.2.60.0 - International GeoGebra Institute)
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hotspot Shield 3.19 (x32 Version: 3.19 - AnchorFree Inc.)
iCloud (Version: 2.1.2.8 - Apple Inc.)
iTunes (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 25 (x32 Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
LibreOffice 4.0.3.3 (x32 Version: 4.0.3.3 - The Document Foundation)
Magical Jelly Bean KeyFinder (x32 Version: 2.0.9.8 - Magical Jelly Bean)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Maintenance Service (x32 Version: 24.2.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)
NETGEAR WNA1100 N150 Wireless USB Adapter (x32 Version: 2.1.0.1 - NETGEAR)
NVIDIA 3D Vision Controller-Treiber 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
Paragon Backup & Recovery™ 2013 Free (x32 Version: 90.00.0003 - Paragon Software)
Texmaker (x32 Version: - )
TrueCrypt (x32 Version: 7.1a - TrueCrypt Foundation)
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
Wacom (Version: 5.3.2-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (Version: 2.1.0.2 - Wacom Technology Corp.)
==================== Restore Points =========================
30-12-2013 08:27:12 Geplanter Prüfpunkt
06-01-2014 13:56:13 Geplanter Prüfpunkt
14-01-2014 17:05:13 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4B9C09AB-D977-4157-916B-11AFB6989624} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28] (Google Inc.)
Task: {67810075-9A65-4C08-B5C9-3535F7E2BBE1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6B4E62DD-59BB-4A30-A7AF-643C5177E50A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-04-05] (Apple Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7A880AA0-861D-496A-A12C-79BAD39AF0A9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-15] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-04-05 11:58 - 2013-04-05 11:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2013-03-28 20:02 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-12-12 16:01 - 2013-12-12 16:02 - 01656488 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.1929.1134_x64__8wekyb3d8bbwe\Office.UI.Xaml.OneNote.dll
2013-12-12 16:01 - 2013-12-12 16:02 - 04902056 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.1929.1134_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2013-10-28 17:24 - 2013-10-28 17:23 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-18 23:16 - 2013-10-18 23:16 - 00902952 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2013-07-13 17:22 - 2012-10-11 12:30 - 00372736 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2013-07-13 17:22 - 2012-10-11 12:28 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\MarcoD\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Der angeforderte Dienst wurde bereits gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
==================== Memory info ===========================
Percentage of memory in use: 67%
Total physical RAM: 3070.18 MB
Available physical RAM: 999.34 MB
Total Pagefile: 6534.82 MB
Available Pagefile: 2727.89 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:48.74 GB) NTFS
Drive e: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:931.41 GB) (Free:87.79 GB) NTFS
Drive k: () (Removable) (Total:3.76 GB) (Free:3.75 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 1CFB6398)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C07E8AC8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
========================================================
Disk: 6 (Size: 4 GB) (Disk ID: 6E652072)
No partition Table on disk 6.
==================== End Of Log ============================
Gmer hat folgendes Protokoll erstellt, nachdem ich das Internet beendet hatte und leider auch den Virenscanner deinstalliert habe: Code:
ATTFilter GMER 2.1.19322 - hxxp://www.gmer.net
Rootkit scan 2014-01-20 14:58:23
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000029 Samsung_SSD_840_Series rev.DXT07B0Q 232,89GB
Running: gmer.exe; Driver: C:\Users\MarcoD\AppData\Local\Temp\uwdyypog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600016f700 15 bytes [00, EA, 0F, 02, 00, 7F, 6F, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff9600016f710 11 bytes [00, 1F, FC, FF, 80, 52, DE, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2584] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffc12cb169a 4 bytes [CB, 12, FC, 7F]
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2584] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffc12cb16a2 4 bytes [CB, 12, FC, 7F]
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2584] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffc12cb181a 4 bytes [CB, 12, FC, 7F]
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2584] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffc12cb1832 4 bytes [CB, 12, FC, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[7592] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffc12cb169a 4 bytes [CB, 12, FC, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[7592] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffc12cb16a2 4 bytes [CB, 12, FC, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[7592] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffc12cb181a 4 bytes [CB, 12, FC, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[7592] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffc12cb1832 4 bytes [CB, 12, FC, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [528:552] fffff960008df4d0
---- Services - GMER 2.1 ----
Service C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (*** hidden *** ) [AUTO] AntiVirSchedulerService <-- ROOTKIT !!!
Service C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (*** hidden *** ) [AUTO] AntiVirService <-- ROOTKIT !!!
Service C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (*** hidden *** ) [AUTO] AntiVirWebService <-- ROOTKIT !!!
Service system32\DRIVERS\avgntflt.sys (*** hidden *** ) [AUTO] avgntflt <-- ROOTKIT !!!
Service system32\DRIVERS\avipbb.sys (*** hidden *** ) [SYSTEM] avipbb <-- ROOTKIT !!!
Service system32\DRIVERS\avkmgr.sys (*** hidden *** ) [SYSTEM] avkmgr <-- ROOTKIT !!!
Service system32\DRIVERS\avnetflt.sys (*** hidden *** ) [AUTO] avnetflt <-- ROOTKIT !!!
Service C:\Program Files (x86)\Windows Defender\MsMpEng.exe (*** hidden *** ) [MANUAL] WinDefend <-- ROOTKIT !!!
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{79D4F6F6-A6CF-4C62-9263-466AD3D43182}\Connection@Name isatap.fritz.box
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -745601255
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService@Type 16
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService@ImagePath "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService@DisplayName Avira Planer
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService@Group NetworkProvider
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService@Description Dienst zur Steuerung von Avira Free Antivirus Pr?fauftr?gen und Updates.
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirService
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirService@Type 16
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirService@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirService@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirService@ImagePath "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirService@DisplayName Avira Echtzeit-Scanner
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirService@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirService@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirService@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirService@Description Bietet permanenten Schutz vor Viren und Malware mit der Avira Suchengine.
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirService
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirWebService
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirWebService@Type 16
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirWebService@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirWebService@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirWebService@ImagePath "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe"
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirWebService@DisplayName Avira Browser-Schutz
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirWebService@DependOnService AntiVirService?
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirWebService@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirWebService@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirWebService@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirWebService@Description Bietet Webbrowsern permanenten Schutz vor Viren und Malware mit der Avira Suchengine.
Reg HKLM\SYSTEM\CurrentControlSet\Services\AntiVirWebService
Reg HKLM\SYSTEM\CurrentControlSet\Services\avgntflt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\avgntflt\Instances\avgntflt
Reg HKLM\SYSTEM\CurrentControlSet\Services\avgntflt\Instances\avgntflt@Altitude 320500
Reg HKLM\SYSTEM\CurrentControlSet\Services\avgntflt\Instances\avgntflt@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\avgntflt
Reg HKLM\SYSTEM\CurrentControlSet\Services\avipbb
Reg HKLM\SYSTEM\CurrentControlSet\Services\avipbb@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\avipbb@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\avipbb@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\avipbb@ImagePath \SystemRoot\system32\DRIVERS\avipbb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\avipbb@DisplayName avipbb
Reg HKLM\SYSTEM\CurrentControlSet\Services\avipbb@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\avipbb@Description Avira Security Enhancement Driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\avipbb@Group Avira
Reg HKLM\SYSTEM\CurrentControlSet\Services\avipbb@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\avipbb@DebugFlags 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\avipbb@DependOnService avkmgr
Reg HKLM\SYSTEM\CurrentControlSet\Services\avipbb@AviraRegAcl 0xE7 0x2D 0xA1 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\avipbb@AviraFileAcl 0xE7 0x2D 0xA1 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\avipbb@InternalFlags 81
Reg HKLM\SYSTEM\CurrentControlSet\Services\avipbb
Reg HKLM\SYSTEM\CurrentControlSet\Services\avkmgr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\avkmgr
Reg HKLM\SYSTEM\CurrentControlSet\Services\avnetflt
Reg HKLM\SYSTEM\CurrentControlSet\Services\avnetflt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\avnetflt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\avnetflt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\avnetflt@ImagePath \SystemRoot\system32\DRIVERS\avnetflt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\avnetflt@DisplayName avnetflt
Reg HKLM\SYSTEM\CurrentControlSet\Services\avnetflt@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\avnetflt@Description Avira WFP Network Driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\avnetflt@UseInjectThread 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\avnetflt
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Antivirus@CategoryMessageFile C:\Program Files (x86)\Avira\AntiVir Desktop\avevtrc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Antivirus@EventMessageFile C:\Program Files (x86)\Avira\AntiVir Desktop\avevtrc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Antivirus@TypesSupported 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Antivirus@CategoryCount 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System\avgntflt
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System\avgntflt@TypesSupported 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System\avgntflt@EventMessageFile %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\avgntflt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System\avgntflt@CategoryCount 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System\avgntflt@CategoryMessageFile C:\WINDOWS\SYSTEM32\drivers\avgntflt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{79D4F6F6-A6CF-4C62-9263-466AD3D43182}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{79D4F6F6-A6CF-4C62-9263-466AD3D43182}@DefunctTimestamp 0x17 0x24 0xD8 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 2897
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 826
Reg HKLM\SYSTEM\CurrentControlSet\Services\WdBoot@Group _Early-Launch
Reg HKLM\SYSTEM\CurrentControlSet\Services\WdBoot@ImagePath \SystemRoot\system32\drivers\WdBoot.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\WdBoot@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\WdBoot
Reg HKLM\SYSTEM\CurrentControlSet\Services\WdFilter@ImagePath \SystemRoot\system32\drivers\WdFilter.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\WdFilter@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\WdFilter
Reg HKLM\SYSTEM\CurrentControlSet\Services\WinDefend@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\WinDefend
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\iexplore@Count 22689
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\iexplore@Blocked 22689
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7}\iexplore@Count 28862
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7}\iexplore@Blocked 28862
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore@Count 22554
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore@Blocked 22554
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}\iexplore@Count 23269
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}\iexplore@Blocked 22689
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore@Count 22554
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore@Blocked 22554
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014011320140120
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014011320140120@CachePrefix :2014011320140120:
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014011320140120@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014011320140120
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014011320140120@CacheOptions 11
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014011320140120@CacheRepair 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014011320140120@CacheLimit 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@PolicyDocumentLastRefresh 0x7B 0xF8 0xE3 0x88 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsBandwidthBucketDrainTime 0x08 0x78 0x75 0xA3 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x35 0x5C 0x45 0x40 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x35 0x5C 0x45 0x40 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherBandwidthBucketCounter 59186
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherRequestBucketCounter 246
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x35 0x5C 0x45 0x40 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter 256378
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalBandwidthBucketDrainTime 0x27 0x6D 0xB9 0x92 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 246
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x35 0x5C 0x45 0x40 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime 0xC8 0xE7 0x24 0x41 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 60
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\bestofmediagroup.tomshardware_vsk5ceyf850a0-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\booking.com.booking.com_kan823tth5akw-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\BrowserChoice_cw5n1h2txyewy-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\c27eb4ba.dropbox_xbfy0k16fey96-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\checkpoint.vpn_cw5n1h2txyewy-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\energyschweizag.energyradio_j028rhm5gx59m-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\everimagingco.limited.fotor_7mgsahepr4x5w-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\evernote.evernote_q4d96b2w5wcc2-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\f5.vpn.client_cw5n1h2txyewy-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\filemanager_cw5n1h2txyewy-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\idgtechmediagmbh.pc-welt_ks81z24avvce2-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\junipernetworks.junospulsevpn_cw5n1h2txyewy-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.bingfinance_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.bingfoodanddrink_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.binghealthandfitness_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.bingmaps_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.bingnews_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.bingsports_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.bingtravel_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.bingweather_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.helpandtips_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.media.playreadyclient.2_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.media.playreadyclient_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.mocamera_cw5n1h2txyewy-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.office.onenote_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.reader_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.skypeapp_kzf8qxf38zg5c-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.vclibs.110.00_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.vclibs.120.00_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.windowsalarms_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.windowscalculator_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.windowscommunicationsapps_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.windowsreadinglist_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.windowsscan_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.windowssoundrecorder_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.winjs.1.0_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\Microsoft.WinJS.2.0.Preview_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.winjs.2.0_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\Microsoft.WinJS.Preview.1_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.xboxlivegames_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.zunemusic_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.zunevideo_8wekyb3d8bbwe-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\n-tvnachrichtenfernseheng.n-tvnachrichten_hf9cm24zcg85p-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\prosiebensat.1digitalgmbh.prosieben_fzbtnr0mjybby-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\sonicwall.mobileconnect_cw5n1h2txyewy-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\stimulsoft.stimulsoftdesigner_h0v4psr6pkrd6-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\vevollc.vevo_q6c550x48bf80-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\wetter.comag.wetter.com_4trx7dm9mtcw2-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\windows.immersivecontrolpanel_cw5n1h2txyewy-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\winstore_cw5n1h2txyewy-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\zattooeuropaag.zattoolivetv_cwpjhwd4pd0ma-0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\accessibility@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\aep@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\appsync@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\backstack@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\commandprompt@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\credentials@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\emojimfu@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\explorer@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\homegroup@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\imejpn@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\imekor@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\inputpersonalization@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\inputsettings@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\language@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\lockscreen@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\moimechs@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\mouse@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\narrator@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\openwith@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\osk@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\picturepasswordpicture@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\screenmagnifier@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\secondarytiles@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\slideshow@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\spellingdictionary@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\startlayout@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\startpersonalization@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\storepurchaseinformation@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\taskbar@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\tethering@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\theme@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\userlibraries@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\usertile@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\windowcolorization@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\wireless@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\001a1179.windows8einfhrung_7wr7kgwejpwsm@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\17655dreamteammobile.gmaps_drr96ftsfk4j0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\18953it.mike.microsoftofficechannel_yendmgv45ybgr@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\35124netzkino.netzkino_843rhjq2hbnd4@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\35227ca4b1ec.youtubeplayer_vz2dsdkbwapd8@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\3718.12514fb00dc68_8aydmnc5fg7fe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\41914orangefloatstudio.mangaflow_c69rw3w0wadsy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\53566anas.windows8tipsandinfo_gsx96snbj04n8@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\ad2f1837.hpprintercontrol_v10z8vjag6ke6@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\amazon.com.amazon_343d40qqvtj1t@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\audialsag.audialsradio_3eby6px24ctcy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\axelspringerag.bildtablet_3hvdpzcjm2jp6@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\bestofmediagroup.tomshardware_vsk5ceyf850a0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\booking.com.booking.com_kan823tth5akw@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\browserchoice_cw5n1h2txyewy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\c27eb4ba.dropbox_xbfy0k16fey96@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\checkpoint.vpn_cw5n1h2txyewy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\energyschweizag.energyradio_j028rhm5gx59m@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\everimagingco.limited.fotor_7mgsahepr4x5w@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\evernote.evernote_q4d96b2w5wcc2@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\f5.vpn.client_cw5n1h2txyewy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\filemanager_cw5n1h2txyewy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\idgtechmediagmbh.pc-welt_ks81z24avvce2@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\junipernetworks.junospulsevpn_cw5n1h2txyewy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.bingfinance_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.bingfoodanddrink_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.binghealthandfitness_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.bingmaps_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.bingnews_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.bingsports_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.bingtravel_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.bingweather_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.helpandtips_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.media.playreadyclient.2_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.mocamera_cw5n1h2txyewy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.office.onenote_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.reader_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.skypeapp_kzf8qxf38zg5c@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.vclibs.110.00_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.vclibs.120.00_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.windowsalarms_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.windowscalculator_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.windowscommunicationsapps_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.windowsreadinglist_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.windowsscan_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.windowssoundrecorder_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.winjs.1.0_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\Microsoft.WinJS.2.0.Preview_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.winjs.2.0_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\Microsoft.WinJS.Preview.1_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.xboxlivegames_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.zunemusic_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.zunevideo_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\n-tvnachrichtenfernseheng.n-tvnachrichten_hf9cm24zcg85p@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-001a1179.windows8einfhrung_7wr7kgwejpwsm@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-17655dreamteammobile.gmaps_drr96ftsfk4j0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-18953it.mike.microsoftofficechannel_yendmgv45ybgr@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-35124netzkino.netzkino_843rhjq2hbnd4@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-35227ca4b1ec.youtubeplayer_vz2dsdkbwapd8@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-3718.12514fb00dc68_8aydmnc5fg7fe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-41914orangefloatstudio.mangaflow_c69rw3w0wadsy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-53566anas.windows8tipsandinfo_gsx96snbj04n8@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-ad2f1837.hpprintercontrol_v10z8vjag6ke6@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-amazon.com.amazon_343d40qqvtj1t@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-audialsag.audialsradio_3eby6px24ctcy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-axelspringerag.bildtablet_3hvdpzcjm2jp6@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-bestofmediagroup.tomshardware_vsk5ceyf850a0@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-booking.com.booking.com_kan823tth5akw@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-browserchoice_cw5n1h2txyewy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-c27eb4ba.dropbox_xbfy0k16fey96@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-checkpoint.vpn_cw5n1h2txyewy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-energyschweizag.energyradio_j028rhm5gx59m@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-everimagingco.limited.fotor_7mgsahepr4x5w@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-evernote.evernote_q4d96b2w5wcc2@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-f5.vpn.client_cw5n1h2txyewy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-filemanager_cw5n1h2txyewy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-idgtechmediagmbh.pc-welt_ks81z24avvce2@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-junipernetworks.junospulsevpn_cw5n1h2txyewy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.bingfinance_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.bingfoodanddrink_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.binghealthandfitness_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.bingmaps_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.bingnews_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.bingsports_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.bingtravel_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.bingweather_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.helpandtips_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.media.playreadyclient.2_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.mocamera_cw5n1h2txyewy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.office.onenote_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.reader_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.skypeapp_kzf8qxf38zg5c@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.vclibs.110.00_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.vclibs.120.00_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.windowsalarms_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.windowscalculator_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.windowscommunicationsapps_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.windowsreadinglist_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.windowsscan_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.windowssoundrecorder_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.winjs.1.0_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\Notifications-Microsoft.WinJS.2.0.Preview_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.winjs.2.0_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\Notifications-Microsoft.WinJS.Preview.1_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.xboxlivegames_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.zunemusic_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.zunevideo_8wekyb3d8bbwe@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-n-tvnachrichtenfernseheng.n-tvnachrichten_hf9cm24zcg85p@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-prosiebensat.1digitalgmbh.prosieben_fzbtnr0mjybby@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-sonicwall.mobileconnect_cw5n1h2txyewy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-stimulsoft.stimulsoftdesigner_h0v4psr6pkrd6@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-vevollc.vevo_q6c550x48bf80@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-wetter.comag.wetter.com_4trx7dm9mtcw2@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-windows.immersivecontrolpanel_cw5n1h2txyewy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-winstore_cw5n1h2txyewy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-zattooeuropaag.zattoolivetv_cwpjhwd4pd0ma@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\prosiebensat.1digitalgmbh.prosieben_fzbtnr0mjybby@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\sonicwall.mobileconnect_cw5n1h2txyewy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\stimulsoft.stimulsoftdesigner_h0v4psr6pkrd6@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\vevollc.vevo_q6c550x48bf80@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\wetter.comag.wetter.com_4trx7dm9mtcw2@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\windows.immersivecontrolpanel_cw5n1h2txyewy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\winstore_cw5n1h2txyewy@PendingOperations 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\zattooeuropaag.zattoolivetv_cwpjhwd4pd0ma@PendingOperations 0
---- EOF - GMER 2.1 ----
Ich bedanke mich schon für jede Form der Hilfe und hoffe, dass ich den Anweisungen gefolgt bin. Viele Grüße Marco Viele |
|
20.01.2014, 21:18
| #2 |
| /// the machine /// TB-Ausbilder    | Computer wird langsam und will ständig ein Java-Update durchführen. Virenfund nach scan. hi,
__________________Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
21.01.2014, 18:17
| #3 |
| | Computer wird langsam und will ständig ein Java-Update durchführen. Virenfund nach scan. Hallo und vielen Dank für die super schnelle und umfangreiche Antwort!!
__________________Nach dem Scan von Malwarebytes musste ich den Computer neustarten und habe folgende Logdatei erhalten: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.21.05 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16476 MarcoD :: MARCOD-PC [Administrator] Schutz: Aktiviert 21.01.2014 17:36:54 mbam-log-2014-01-21 (17-36-54).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 248239 Laufzeit: 5 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\MarcoD\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MarcoD\AppData\Roaming\OpenCandy\F16B43DFD28244399CB44BA684132748 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 1 C:\Users\MarcoD\AppData\Roaming\OpenCandy\F16B43DFD28244399CB44BA684132748\Setupsft_chr_p1v7.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 21/01/2014 um 17:51:57
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro (64 bits)
# Benutzername : MarcoD - MARCOD-PC
# Gestartet von : C:\Users\MarcoD\Desktop\Defrogger\AdwCleaner\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : APNMCP
Dienst Gelöscht : hshld
[#] Dienst Gelöscht : hsstrayservice
Dienst Gelöscht : hsswd
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\ProgramData\hotspot shield
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files (x86)\hotspot shield
Ordner Gelöscht : C:\Users\MarcoD\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\MarcoD\AppData\Local\Temp\hotspot shield
Ordner Gelöscht : C:\Users\MarcoD\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\MarcoD\AppData\Roaming\hotspot shield
Ordner Gelöscht : C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41564952-412D-5637-00A7-7A786E7484D7}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41564952-412D-5637-00A7-7A786E7484D7}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\Software\hotspotshield
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\AskPartnerNetwork
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16384
-\\ Google Chrome v32.0.1700.76
[ Datei : C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
*************************
AdwCleaner[R0].txt - [4514 octets] - [21/01/2014 17:49:16]
AdwCleaner[S0].txt - [4322 octets] - [21/01/2014 17:51:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4382 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 8.1 Pro x64
Ran by MarcoD on 21.01.2014 at 17:57:52,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Chrome
Successfully deleted: [Folder] C:\Users\MarcoD\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.01.2014 at 18:07:13,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by MarcoD (administrator) on MARCOD-PC on 21-01-2014 18:08:53
Running from C:\Users\MarcoD\Desktop\Defrogger
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4.0\program\swriter.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4.0\program\soffice.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4.0\program\soffice.bin
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.1929.1134_x64__8wekyb3d8bbwe\onenoteim.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Thisisu) C:\Users\MarcoD\Desktop\Defrogger\JunkwareRemovalTool\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [jswtrayutil] - "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
Startup: C:\Users\MarcoD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.heise.de/ct/artikel/Remix-it-2063603.html
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCE62E11B57D5CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.8,en-US;q=0.5,en;q=0.3
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-28]
CHR Extension: (Google Drive) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-28]
CHR Extension: (YouTube) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-28]
CHR Extension: (Google-Suche) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-28]
CHR Extension: (Google Wallet) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Google Mail) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-28]
==================== Services (Whitelisted) =================
U2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
U2 jswpbapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe [241664 2012-03-26] (Atheros Communications, Inc.)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
U2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [307488 2012-10-16] ()
U2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2013-11-22] (AnchorFree Inc.)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
U3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
U1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
U1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-21 18:07 - 2014-01-21 18:07 - 00000777 _____ C:\Users\MarcoD\Desktop\JRT.txt
2014-01-21 17:57 - 2014-01-21 17:57 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-21 17:49 - 2014-01-21 17:54 - 00000000 ____D C:\AdwCleaner
2014-01-21 17:33 - 2014-01-21 17:33 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-21 17:33 - 2014-01-21 17:33 - 00000000 ____D C:\Users\MarcoD\AppData\Roaming\Malwarebytes
2014-01-21 17:33 - 2014-01-21 17:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 17:33 - 2014-01-21 17:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-21 17:33 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-20 15:01 - 2013-11-22 00:59 - 00044744 _____ (AnchorFree Inc.) C:\WINDOWS\system32\Drivers\hssdrv6.sys
2014-01-20 08:11 - 2014-01-21 18:08 - 00000000 ____D C:\FRST
2014-01-20 08:09 - 2014-01-20 08:09 - 00000474 _____ C:\Users\MarcoD\Desktop\defogger_disable.log
2014-01-20 08:09 - 2014-01-20 08:09 - 00000000 _____ C:\Users\MarcoD\defogger_reenable
2014-01-20 08:07 - 2014-01-21 18:08 - 00000000 ____D C:\Users\MarcoD\Desktop\Defrogger
2014-01-20 07:31 - 2014-01-20 07:31 - 00000000 ____D C:\Users\MarcoD\Desktop\AntivirProtokoll
2014-01-19 20:15 - 2014-01-20 08:34 - 00000000 ____D C:\Users\MarcoD\Desktop\Praktikumsorganisation
2014-01-19 14:24 - 2014-01-19 14:24 - 00296096 _____ C:\WINDOWS\Minidump\011914-17437-01.dmp
2014-01-19 14:07 - 2014-01-19 14:07 - 00292472 _____ C:\WINDOWS\Minidump\011914-17109-01.dmp
2014-01-18 19:28 - 2014-01-18 19:28 - 00296144 _____ C:\WINDOWS\Minidump\011814-18187-01.dmp
2014-01-18 04:50 - 2014-01-18 04:50 - 00296152 _____ C:\WINDOWS\Minidump\011814-17078-01.dmp
2014-01-17 23:34 - 2014-01-20 08:34 - 00000000 ____D C:\Users\MarcoD\Desktop\Praktikumsbetreuung
2014-01-17 17:11 - 2014-01-17 17:11 - 00000000 ___RD C:\Users\MarcoD\Documents\Notes
2014-01-17 15:11 - 2014-01-17 15:11 - 00296152 _____ C:\WINDOWS\Minidump\011714-17296-01.dmp
2014-01-16 11:47 - 2014-01-16 11:47 - 00296120 _____ C:\WINDOWS\Minidump\011614-17062-01.dmp
2014-01-15 17:46 - 2014-01-15 17:46 - 00000000 ____D C:\Users\MarcoD\Desktop\BilderHamburg
2014-01-15 16:31 - 2014-01-15 16:31 - 00000000 ____D C:\Users\MarcoD\Desktop\EmailAdressen
2014-01-15 16:17 - 2014-01-15 16:17 - 00000000 ____D C:\Users\MarcoD\Desktop\Termine
2014-01-15 12:15 - 2014-01-15 12:15 - 00292952 _____ C:\WINDOWS\Minidump\011514-17203-01.dmp
2014-01-15 07:02 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-15 07:02 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-15 07:02 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-15 07:02 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-15 07:02 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-15 07:02 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 07:02 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-15 07:02 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 07:02 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-15 07:02 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 07:02 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-15 06:59 - 2014-01-15 06:59 - 00000000 ____D C:\Users\MarcoD\Documents\OneNote-Notizbücher
2014-01-15 06:57 - 2014-01-15 06:57 - 00296120 _____ C:\WINDOWS\Minidump\011514-16953-01.dmp
2014-01-14 16:08 - 2014-01-14 16:08 - 00296088 _____ C:\WINDOWS\Minidump\011414-17078-01.dmp
2014-01-14 14:55 - 2014-01-14 14:55 - 00296016 _____ C:\WINDOWS\Minidump\011414-17218-01.dmp
2014-01-14 09:11 - 2014-01-14 09:11 - 00296040 _____ C:\WINDOWS\Minidump\011414-17156-01.dmp
2014-01-13 22:11 - 2014-01-13 22:11 - 01458680 _____ C:\Users\MarcoD\Desktop\Vertretungsplan_pdf - Google Drive.mht
2014-01-13 14:27 - 2014-01-13 14:27 - 00292088 _____ C:\WINDOWS\Minidump\011314-17234-01.dmp
2014-01-13 08:53 - 2014-01-13 08:53 - 00296152 _____ C:\WINDOWS\Minidump\011314-17625-01.dmp
2014-01-12 11:45 - 2014-01-12 11:45 - 00296128 _____ C:\WINDOWS\Minidump\011214-17828-01.dmp
2014-01-11 15:08 - 2014-01-11 15:08 - 00296120 _____ C:\WINDOWS\Minidump\011114-16937-01.dmp
2014-01-11 11:00 - 2014-01-11 11:00 - 00289920 _____ C:\WINDOWS\Minidump\011114-17093-01.dmp
2014-01-10 20:23 - 2014-01-10 20:23 - 00296104 _____ C:\WINDOWS\Minidump\011014-17078-01.dmp
2014-01-10 18:32 - 2014-01-14 18:35 - 00000000 ____D C:\Users\MarcoD\Desktop\LSE Alt
2014-01-10 13:46 - 2014-01-10 13:46 - 00291032 _____ C:\WINDOWS\Minidump\011014-16859-01.dmp
2014-01-10 07:25 - 2014-01-10 07:25 - 00296088 _____ C:\WINDOWS\Minidump\011014-17671-01.dmp
2014-01-10 06:58 - 2014-01-10 06:58 - 00296088 _____ C:\WINDOWS\Minidump\011014-8875-01.dmp
2014-01-09 16:14 - 2014-01-12 19:39 - 00000000 ____D C:\Users\MarcoD\Desktop\KlausurenanHelga
2014-01-09 13:03 - 2014-01-09 13:03 - 00294528 _____ C:\WINDOWS\Minidump\010914-8656-01.dmp
2014-01-07 13:56 - 2014-01-07 13:56 - 00830326 _____ C:\Users\MarcoD\Desktop\Lehrerzimmer Arbeiten und Klausuren Anzahl und Dauer 2013_14_php.mht
2014-01-07 10:25 - 2014-01-07 10:30 - 00000000 ____D C:\Users\MarcoD\Desktop\hp8600
2014-01-04 19:44 - 2014-01-07 14:00 - 00000000 ____D C:\Users\MarcoD\Desktop\Klausur8und11PDFAuswertung
2014-01-04 18:03 - 2014-01-04 18:03 - 00002028 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\Program Files (x86)\HP
2014-01-04 18:02 - 2014-01-04 18:03 - 06123336 _____ C:\Users\MarcoD\Desktop\HPPSdr.exe
2014-01-04 18:02 - 2014-01-04 18:02 - 06123336 _____ C:\Users\MarcoD\Downloads\HPPSdr.exe
2013-12-31 14:33 - 2013-12-31 14:33 - 00004633 _____ C:\Users\MarcoD\Desktop\AufgabeFlüsse.ggb
==================== One Month Modified Files and Folders =======
2014-01-21 18:08 - 2014-01-20 08:11 - 00000000 ____D C:\FRST
2014-01-21 18:08 - 2014-01-20 08:07 - 00000000 ____D C:\Users\MarcoD\Desktop\Defrogger
2014-01-21 18:07 - 2014-01-21 18:07 - 00000777 _____ C:\Users\MarcoD\Desktop\JRT.txt
2014-01-21 18:07 - 2013-10-26 20:45 - 01180343 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-21 18:06 - 2013-03-28 18:56 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3059932948-4090955212-1715894310-1001
2014-01-21 18:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-21 17:58 - 2013-09-30 05:14 - 01686150 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-21 17:58 - 2013-09-30 04:56 - 00726688 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-21 17:58 - 2013-09-30 04:56 - 00151380 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-21 17:57 - 2014-01-21 17:57 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-21 17:55 - 2014-01-21 17:49 - 00000000 ____D C:\AdwCleaner
2014-01-21 17:54 - 2013-10-26 21:05 - 00000000 __RDO C:\Users\MarcoD\SkyDrive
2014-01-21 17:54 - 2013-03-28 19:04 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-21 17:53 - 2013-10-26 20:46 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-21 17:53 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-21 17:53 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-21 17:45 - 2013-09-29 20:04 - 00006898 _____ C:\WINDOWS\PFRO.log
2014-01-21 17:39 - 2013-03-28 19:04 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-21 17:33 - 2014-01-21 17:33 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-21 17:33 - 2014-01-21 17:33 - 00000000 ____D C:\Users\MarcoD\AppData\Roaming\Malwarebytes
2014-01-21 17:33 - 2014-01-21 17:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 17:33 - 2014-01-21 17:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-21 17:30 - 2013-10-26 21:08 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B21ED4F7-B563-4994-AD1E-7B12D346DC76}
2014-01-21 17:28 - 2013-11-21 20:26 - 00000000 ____D C:\Users\MarcoD\Desktop\Klasse7bSport
2014-01-21 16:12 - 2013-10-02 14:13 - 00000000 ____D C:\Users\MarcoD\Desktop\MatheKlasse8d2013
2014-01-21 09:16 - 2013-08-22 15:46 - 00348893 _____ C:\WINDOWS\setupact.log
2014-01-20 16:04 - 2013-10-26 20:48 - 00000000 ____D C:\Users\MarcoD
2014-01-20 15:01 - 2013-12-18 14:48 - 00001064 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2014-01-20 13:24 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-20 08:34 - 2014-01-19 20:15 - 00000000 ____D C:\Users\MarcoD\Desktop\Praktikumsorganisation
2014-01-20 08:34 - 2014-01-17 23:34 - 00000000 ____D C:\Users\MarcoD\Desktop\Praktikumsbetreuung
2014-01-20 08:09 - 2014-01-20 08:09 - 00000474 _____ C:\Users\MarcoD\Desktop\defogger_disable.log
2014-01-20 08:09 - 2014-01-20 08:09 - 00000000 _____ C:\Users\MarcoD\defogger_reenable
2014-01-20 07:31 - 2014-01-20 07:31 - 00000000 ____D C:\Users\MarcoD\Desktop\AntivirProtokoll
2014-01-19 14:24 - 2014-01-19 14:24 - 00296096 _____ C:\WINDOWS\Minidump\011914-17437-01.dmp
2014-01-19 14:24 - 2013-11-04 18:14 - 391306265 _____ C:\WINDOWS\MEMORY.DMP
2014-01-19 14:24 - 2013-11-04 18:14 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-19 14:07 - 2014-01-19 14:07 - 00292472 _____ C:\WINDOWS\Minidump\011914-17109-01.dmp
2014-01-19 08:38 - 2013-03-30 12:35 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-18 19:28 - 2014-01-18 19:28 - 00296144 _____ C:\WINDOWS\Minidump\011814-18187-01.dmp
2014-01-18 04:50 - 2014-01-18 04:50 - 00296152 _____ C:\WINDOWS\Minidump\011814-17078-01.dmp
2014-01-17 17:11 - 2014-01-17 17:11 - 00000000 ___RD C:\Users\MarcoD\Documents\Notes
2014-01-17 15:11 - 2014-01-17 15:11 - 00296152 _____ C:\WINDOWS\Minidump\011714-17296-01.dmp
2014-01-16 11:47 - 2014-01-16 11:47 - 00296120 _____ C:\WINDOWS\Minidump\011614-17062-01.dmp
2014-01-15 19:11 - 2013-03-28 21:13 - 00000000 ____D C:\Users\MarcoD\Desktop\WORDII
2014-01-15 18:39 - 2013-07-17 09:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-15 18:38 - 2013-03-30 12:22 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 17:46 - 2014-01-15 17:46 - 00000000 ____D C:\Users\MarcoD\Desktop\BilderHamburg
2014-01-15 17:24 - 2013-03-28 21:13 - 00000000 ____D C:\Users\MarcoD\Desktop\WORDDateien
2014-01-15 17:08 - 2013-11-10 19:50 - 00000000 ____D C:\Users\MarcoD\Desktop\WORDII1
2014-01-15 17:07 - 2013-09-12 20:35 - 00000000 ____D C:\Users\MarcoD\Desktop\MatheLK2013Q1
2014-01-15 16:52 - 2013-10-02 13:53 - 00000000 ____D C:\Users\MarcoD\Desktop\MatheKurseBeginn2013
2014-01-15 16:31 - 2014-01-15 16:31 - 00000000 ____D C:\Users\MarcoD\Desktop\EmailAdressen
2014-01-15 16:17 - 2014-01-15 16:17 - 00000000 ____D C:\Users\MarcoD\Desktop\Termine
2014-01-15 14:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-15 13:19 - 2013-03-28 19:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 12:15 - 2014-01-15 12:15 - 00292952 _____ C:\WINDOWS\Minidump\011514-17203-01.dmp
2014-01-15 06:59 - 2014-01-15 06:59 - 00000000 ____D C:\Users\MarcoD\Documents\OneNote-Notizbücher
2014-01-15 06:59 - 2013-03-28 17:08 - 00000000 ___RD C:\Users\MarcoD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-15 06:57 - 2014-01-15 06:57 - 00296120 _____ C:\WINDOWS\Minidump\011514-16953-01.dmp
2014-01-14 18:35 - 2014-01-10 18:32 - 00000000 ____D C:\Users\MarcoD\Desktop\LSE Alt
2014-01-14 16:08 - 2014-01-14 16:08 - 00296088 _____ C:\WINDOWS\Minidump\011414-17078-01.dmp
2014-01-14 14:55 - 2014-01-14 14:55 - 00296016 _____ C:\WINDOWS\Minidump\011414-17218-01.dmp
2014-01-14 09:11 - 2014-01-14 09:11 - 00296040 _____ C:\WINDOWS\Minidump\011414-17156-01.dmp
2014-01-13 22:11 - 2014-01-13 22:11 - 01458680 _____ C:\Users\MarcoD\Desktop\Vertretungsplan_pdf - Google Drive.mht
2014-01-13 14:27 - 2014-01-13 14:27 - 00292088 _____ C:\WINDOWS\Minidump\011314-17234-01.dmp
2014-01-13 08:53 - 2014-01-13 08:53 - 00296152 _____ C:\WINDOWS\Minidump\011314-17625-01.dmp
2014-01-12 19:39 - 2014-01-09 16:14 - 00000000 ____D C:\Users\MarcoD\Desktop\KlausurenanHelga
2014-01-12 11:45 - 2014-01-12 11:45 - 00296128 _____ C:\WINDOWS\Minidump\011214-17828-01.dmp
2014-01-11 15:08 - 2014-01-11 15:08 - 00296120 _____ C:\WINDOWS\Minidump\011114-16937-01.dmp
2014-01-11 11:00 - 2014-01-11 11:00 - 00289920 _____ C:\WINDOWS\Minidump\011114-17093-01.dmp
2014-01-10 20:23 - 2014-01-10 20:23 - 00296104 _____ C:\WINDOWS\Minidump\011014-17078-01.dmp
2014-01-10 18:23 - 2013-03-28 21:28 - 00000000 ____D C:\Users\MarcoD\Desktop\VERWALTUNG
2014-01-10 18:18 - 2013-12-15 22:27 - 00000000 ____D C:\Users\MarcoD\Desktop\Überstunden
2014-01-10 13:46 - 2014-01-10 13:46 - 00291032 _____ C:\WINDOWS\Minidump\011014-16859-01.dmp
2014-01-10 07:25 - 2014-01-10 07:25 - 00296088 _____ C:\WINDOWS\Minidump\011014-17671-01.dmp
2014-01-10 06:58 - 2014-01-10 06:58 - 00296088 _____ C:\WINDOWS\Minidump\011014-8875-01.dmp
2014-01-09 13:03 - 2014-01-09 13:03 - 00294528 _____ C:\WINDOWS\Minidump\010914-8656-01.dmp
2014-01-07 14:00 - 2014-01-04 19:44 - 00000000 ____D C:\Users\MarcoD\Desktop\Klausur8und11PDFAuswertung
2014-01-07 13:56 - 2014-01-07 13:56 - 00830326 _____ C:\Users\MarcoD\Desktop\Lehrerzimmer Arbeiten und Klausuren Anzahl und Dauer 2013_14_php.mht
2014-01-07 10:30 - 2014-01-07 10:25 - 00000000 ____D C:\Users\MarcoD\Desktop\hp8600
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-04 18:03 - 2014-01-04 18:03 - 00002028 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\Program Files (x86)\HP
2014-01-04 18:03 - 2014-01-04 18:02 - 06123336 _____ C:\Users\MarcoD\Desktop\HPPSdr.exe
2014-01-04 18:03 - 2013-10-26 20:45 - 00000000 ____D C:\ProgramData\HP
2014-01-04 18:02 - 2014-01-04 18:02 - 06123336 _____ C:\Users\MarcoD\Downloads\HPPSdr.exe
2013-12-31 18:44 - 2013-11-10 19:51 - 00000000 ____D C:\Users\MarcoD\Desktop\BilderII1
2013-12-31 18:44 - 2013-03-28 21:10 - 00000000 ____D C:\Users\MarcoD\Desktop\BILDERII
2013-12-31 14:33 - 2013-12-31 14:33 - 00004633 _____ C:\Users\MarcoD\Desktop\AufgabeFlüsse.ggb
2013-12-30 08:21 - 2013-03-29 02:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
Some content of TEMP:
====================
C:\Users\MarcoD\AppData\Local\Temp\avgnt.exe
C:\Users\MarcoD\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-21 10:34
==================== End Of Log ============================
Während eines Scans ging wieder ein Fenster auf, in dem ein Java-Update gestartet werden sollte. Ich habe das Fenster oben rechts mit [x] geschlossen. War das richtig? Und eine Frage habe ich noch. Ich habe auf einer externen Festplatte noch Sicherungen des Desktops. Wie soll ich diese untersuchen - oder ist die Systemfestplatte erstmal wichtiger? Nochmal vielen Dank für die schnelle und so detaillierte Antwort!!! Viele Grüße Marco |
|
22.01.2014, 12:08
| #4 |
| /// the machine /// TB-Ausbilder | Computer wird langsam und will ständig ein Java-Update durchführen. Virenfund nach scan. Das machen wir jetzt mit dem Onlinescan  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.01.2014, 13:01
| #5 |
| | Computer wird langsam und will ständig ein Java-Update durchführen. Virenfund nach scan. Super - nochmals tausend Dank!!!  Folgendes hat eset angezeigt: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9679a2fbb2c2d74b8ed804b26a629ab4
# engine=16757
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-23 06:23:21
# local_time=2014-01-23 07:23:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1799 16775165 100 94 48332 3876363 41082 0
# compatibility_mode=5893 16776574 100 94 136600 13291903 0 0
# scanned=831338
# found=2
# cleaned=0
# scan_time=29745
sh=407837A1D9ADA53A32EC954E31C739C5DAD3AC94 ft=1 fh=d6417535bd706cba vn="a variant of Win32/SpeedingUpMyPC.B application" ac=I fn="F:\Users\Marco\AppData\Local\Temp\OptimizerPro.exe"
sh=4269068273E12D4AEDE73C65A01CF92F621687F9 ft=1 fh=004f691db4ff12d1 vn="a variant of Win32/AdWare.PricePeep.A application" ac=I fn="F:\Users\Marco\AppData\Local\Temp\pricepeep_130001_1001.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.79
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 25
Java version out of Date!
Adobe Reader XI
Mozilla Thunderbird (24.2.0)
Google Chrome 31.0.1650.63
Google Chrome 32.0.1700.76
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Und FRST hat diese Meldung in der Logdatei ausgegeben: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by MarcoD (administrator) on MARCOD-PC on 23-01-2014 12:52:56
Running from C:\Users\MarcoD\Desktop\Defrogger
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(APN LLC.) C:\Users\MarcoD\AppData\Local\VNT\vntldr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.1929.1134_x64__8wekyb3d8bbwe\onenoteim.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [jswtrayutil] - "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [202192 2013-12-20] (APN LLC.)
HKLM-x32\...\RunOnce: [PIP] - C:\Users\MarcoD\AppData\Local\Temp\Offercast_AVIRAV7_.exe -pid AVIRAV7 -rebootRetry [1326512 2013-12-09] (Ask.com)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
Startup: C:\Users\MarcoD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.heise.de/ct/artikel/Remix-it-2063603.html
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCE62E11B57D5CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.8,en-US;q=0.5,en;q=0.3
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-28]
CHR Extension: (Google Drive) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-28]
CHR Extension: (YouTube) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-28]
CHR Extension: (Google-Suche) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-28]
CHR Extension: (Google Wallet) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm [2014-01-22]
CHR Extension: (Google Mail) - C:\Users\MarcoD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-28]
CHR HKLM-x32\...\Chrome\Extension: [pcoohmdcpejoeggdnihdfhohjgdbllgm] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\ToolbarCR.crx [2013-12-20]
==================== Services (Whitelisted) =================
U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
U2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
U2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
U2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
U2 jswpbapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe [241664 2012-03-26] (Atheros Communications, Inc.)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
U2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [307488 2012-10-16] ()
U2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
U2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2013-11-22] (AnchorFree Inc.)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
U3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
U1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
U1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-23 12:50 - 2014-01-23 12:50 - 00987425 _____ C:\Users\MarcoD\Downloads\SecurityCheck (1).exe
2014-01-23 12:49 - 2014-01-23 12:49 - 00987425 _____ C:\Users\MarcoD\Downloads\SecurityCheck.exe
2014-01-22 23:05 - 2014-01-22 23:05 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-22 15:49 - 2014-01-22 15:49 - 00000000 ____D C:\Users\MarcoD\AppData\Local\AskPartnerNetwork
2014-01-22 06:57 - 2014-01-22 06:57 - 00000000 ____D C:\Users\MarcoD\AppData\Local\VNT
2014-01-22 06:56 - 2014-01-22 06:56 - 00000000 ____D C:\Users\MarcoD\AppData\Roaming\Avira
2014-01-22 06:56 - 2014-01-22 06:56 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2014-01-22 06:56 - 2014-01-22 06:56 - 00000000 ____D C:\ProgramData\APN
2014-01-22 06:56 - 2014-01-22 06:56 - 00000000 ____D C:\Program Files (x86)\VNT
2014-01-22 06:56 - 2014-01-22 06:56 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2014-01-22 06:56 - 2013-10-04 22:50 - 00509872 _____ (Ask Partner Network) C:\Users\MarcoD\Documents\APNSetup.exe
2014-01-22 06:55 - 2014-01-22 06:55 - 00002086 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2014-01-22 06:55 - 2014-01-22 06:55 - 00000000 ____D C:\ProgramData\Avira
2014-01-22 06:55 - 2014-01-22 06:55 - 00000000 ____D C:\Program Files (x86)\Avira
2014-01-22 06:55 - 2013-12-09 11:37 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-01-22 06:55 - 2013-12-09 11:37 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-01-22 06:55 - 2013-12-09 11:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-01-22 06:55 - 2013-12-09 11:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2014-01-21 20:45 - 2014-01-21 20:45 - 00082744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys.1390333558
2014-01-21 18:07 - 2014-01-21 18:07 - 00000777 _____ C:\Users\MarcoD\Desktop\JRT.txt
2014-01-21 17:57 - 2014-01-21 17:57 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-21 17:49 - 2014-01-21 17:55 - 00000000 ____D C:\AdwCleaner
2014-01-21 17:33 - 2014-01-21 17:33 - 00000000 ____D C:\Users\MarcoD\AppData\Roaming\Malwarebytes
2014-01-21 17:33 - 2014-01-21 17:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-20 15:01 - 2013-11-22 00:59 - 00044744 _____ (AnchorFree Inc.) C:\WINDOWS\system32\Drivers\hssdrv6.sys
2014-01-20 08:11 - 2014-01-21 18:08 - 00000000 ____D C:\FRST
2014-01-20 08:09 - 2014-01-20 08:09 - 00000474 _____ C:\Users\MarcoD\Desktop\defogger_disable.log
2014-01-20 08:09 - 2014-01-20 08:09 - 00000000 _____ C:\Users\MarcoD\defogger_reenable
2014-01-20 08:07 - 2014-01-23 12:52 - 00000000 ____D C:\Users\MarcoD\Desktop\Defrogger
2014-01-20 07:31 - 2014-01-20 07:31 - 00000000 ____D C:\Users\MarcoD\Desktop\AntivirProtokoll
2014-01-19 20:15 - 2014-01-21 22:23 - 00000000 ____D C:\Users\MarcoD\Desktop\Praktikumsorganisation
2014-01-19 14:24 - 2014-01-19 14:24 - 00296096 _____ C:\WINDOWS\Minidump\011914-17437-01.dmp
2014-01-19 14:07 - 2014-01-19 14:07 - 00292472 _____ C:\WINDOWS\Minidump\011914-17109-01.dmp
2014-01-18 19:28 - 2014-01-18 19:28 - 00296144 _____ C:\WINDOWS\Minidump\011814-18187-01.dmp
2014-01-18 04:50 - 2014-01-18 04:50 - 00296152 _____ C:\WINDOWS\Minidump\011814-17078-01.dmp
2014-01-17 17:11 - 2014-01-17 17:11 - 00000000 ___RD C:\Users\MarcoD\Documents\Notes
2014-01-17 15:11 - 2014-01-17 15:11 - 00296152 _____ C:\WINDOWS\Minidump\011714-17296-01.dmp
2014-01-16 11:47 - 2014-01-16 11:47 - 00296120 _____ C:\WINDOWS\Minidump\011614-17062-01.dmp
2014-01-15 12:15 - 2014-01-15 12:15 - 00292952 _____ C:\WINDOWS\Minidump\011514-17203-01.dmp
2014-01-15 07:02 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-15 07:02 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-15 07:02 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-15 07:02 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-15 07:02 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-15 07:02 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 07:02 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-15 07:02 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 07:02 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-15 07:02 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 07:02 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-15 06:59 - 2014-01-15 06:59 - 00000000 ____D C:\Users\MarcoD\Documents\OneNote-Notizbücher
2014-01-15 06:57 - 2014-01-15 06:57 - 00296120 _____ C:\WINDOWS\Minidump\011514-16953-01.dmp
2014-01-14 16:08 - 2014-01-14 16:08 - 00296088 _____ C:\WINDOWS\Minidump\011414-17078-01.dmp
2014-01-14 14:55 - 2014-01-14 14:55 - 00296016 _____ C:\WINDOWS\Minidump\011414-17218-01.dmp
2014-01-14 09:11 - 2014-01-14 09:11 - 00296040 _____ C:\WINDOWS\Minidump\011414-17156-01.dmp
2014-01-13 22:11 - 2014-01-13 22:11 - 01458680 _____ C:\Users\MarcoD\Desktop\Vertretungsplan_pdf - Google Drive.mht
2014-01-13 14:27 - 2014-01-13 14:27 - 00292088 _____ C:\WINDOWS\Minidump\011314-17234-01.dmp
2014-01-13 08:53 - 2014-01-13 08:53 - 00296152 _____ C:\WINDOWS\Minidump\011314-17625-01.dmp
2014-01-12 11:45 - 2014-01-12 11:45 - 00296128 _____ C:\WINDOWS\Minidump\011214-17828-01.dmp
2014-01-11 15:08 - 2014-01-11 15:08 - 00296120 _____ C:\WINDOWS\Minidump\011114-16937-01.dmp
2014-01-11 11:00 - 2014-01-11 11:00 - 00289920 _____ C:\WINDOWS\Minidump\011114-17093-01.dmp
2014-01-10 20:23 - 2014-01-10 20:23 - 00296104 _____ C:\WINDOWS\Minidump\011014-17078-01.dmp
2014-01-10 13:46 - 2014-01-10 13:46 - 00291032 _____ C:\WINDOWS\Minidump\011014-16859-01.dmp
2014-01-10 07:25 - 2014-01-10 07:25 - 00296088 _____ C:\WINDOWS\Minidump\011014-17671-01.dmp
2014-01-10 06:58 - 2014-01-10 06:58 - 00296088 _____ C:\WINDOWS\Minidump\011014-8875-01.dmp
2014-01-09 13:03 - 2014-01-09 13:03 - 00294528 _____ C:\WINDOWS\Minidump\010914-8656-01.dmp
2014-01-07 13:56 - 2014-01-07 13:56 - 00830326 _____ C:\Users\MarcoD\Desktop\Lehrerzimmer Arbeiten und Klausuren Anzahl und Dauer 2013_14_php.mht
2014-01-07 10:25 - 2014-01-07 10:30 - 00000000 ____D C:\Users\MarcoD\Desktop\hp8600
2014-01-04 19:44 - 2014-01-07 14:00 - 00000000 ____D C:\Users\MarcoD\Desktop\Klausur8und11PDFAuswertung
2014-01-04 18:03 - 2014-01-04 18:03 - 00002028 _____ C:\Users\MarcoD\Downloads\HP Print and Scan Doctor.lnk
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\Program Files (x86)\HP
2014-01-04 18:02 - 2014-01-04 18:03 - 06123336 _____ C:\Users\MarcoD\Downloads\HPPSdr.exe
==================== One Month Modified Files and Folders =======
2014-01-23 12:52 - 2014-01-20 08:07 - 00000000 ____D C:\Users\MarcoD\Desktop\Defrogger
2014-01-23 12:50 - 2014-01-23 12:50 - 00987425 _____ C:\Users\MarcoD\Downloads\SecurityCheck (1).exe
2014-01-23 12:50 - 2013-10-26 21:08 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B21ED4F7-B563-4994-AD1E-7B12D346DC76}
2014-01-23 12:49 - 2014-01-23 12:49 - 00987425 _____ C:\Users\MarcoD\Downloads\SecurityCheck.exe
2014-01-23 12:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-23 07:31 - 2013-03-28 18:56 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3059932948-4090955212-1715894310-1001
2014-01-23 07:24 - 2013-10-26 20:45 - 01325675 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-23 06:39 - 2013-03-28 19:04 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-23 02:26 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-22 23:05 - 2014-01-22 23:05 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-22 21:35 - 2013-10-02 14:13 - 00000000 ____D C:\Users\MarcoD\Desktop\MatheKlasse8d2013
2014-01-22 17:39 - 2013-03-28 19:04 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-22 15:49 - 2014-01-22 15:49 - 00000000 ____D C:\Users\MarcoD\AppData\Local\AskPartnerNetwork
2014-01-22 06:57 - 2014-01-22 06:57 - 00000000 ____D C:\Users\MarcoD\AppData\Local\VNT
2014-01-22 06:56 - 2014-01-22 06:56 - 00000000 ____D C:\Users\MarcoD\AppData\Roaming\Avira
2014-01-22 06:56 - 2014-01-22 06:56 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2014-01-22 06:56 - 2014-01-22 06:56 - 00000000 ____D C:\ProgramData\APN
2014-01-22 06:56 - 2014-01-22 06:56 - 00000000 ____D C:\Program Files (x86)\VNT
2014-01-22 06:56 - 2014-01-22 06:56 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2014-01-22 06:55 - 2014-01-22 06:55 - 00002086 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2014-01-22 06:55 - 2014-01-22 06:55 - 00000000 ____D C:\ProgramData\Avira
2014-01-22 06:55 - 2014-01-22 06:55 - 00000000 ____D C:\Program Files (x86)\Avira
2014-01-22 06:53 - 2013-09-30 05:14 - 01686150 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-22 06:53 - 2013-09-30 04:56 - 00726688 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-22 06:53 - 2013-09-30 04:56 - 00151380 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-22 06:49 - 2013-10-26 21:05 - 00000000 __RDO C:\Users\MarcoD\SkyDrive
2014-01-22 06:47 - 2013-10-26 20:46 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-22 06:47 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-22 06:46 - 2013-09-29 20:04 - 00340140 _____ C:\WINDOWS\PFRO.log
2014-01-22 06:46 - 2013-03-30 12:46 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-22 06:45 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-21 22:50 - 2013-09-04 06:09 - 00000000 ____D C:\Users\MarcoD\Desktop\Schnittpunkt Parabel, Gerade-Dateien
2014-01-21 22:49 - 2013-09-05 15:13 - 00000000 ____D C:\Users\MarcoD\Desktop\Mathe10EFm4
2014-01-21 22:48 - 2013-03-28 21:28 - 00000000 ____D C:\Users\MarcoD\Desktop\VERWALTUNG
2014-01-21 22:46 - 2013-09-12 20:35 - 00000000 ____D C:\Users\MarcoD\Desktop\MatheLK2013Q1
2014-01-21 22:46 - 2013-03-28 21:13 - 00000000 ____D C:\Users\MarcoD\Desktop\KlausurenHelga2011
2014-01-21 22:46 - 2013-03-28 21:10 - 00000000 ____D C:\Users\MarcoD\Desktop\BILDERI
2014-01-21 22:44 - 2013-03-28 21:23 - 00000000 ____D C:\Users\MarcoD\Desktop\photobooth
2014-01-21 22:23 - 2014-01-19 20:15 - 00000000 ____D C:\Users\MarcoD\Desktop\Praktikumsorganisation
2014-01-21 22:23 - 2013-08-22 15:46 - 00349688 _____ C:\WINDOWS\setupact.log
2014-01-21 20:45 - 2014-01-21 20:45 - 00082744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys.1390333558
2014-01-21 20:41 - 2013-09-08 17:06 - 00000000 ____D C:\Users\MarcoD\Desktop\AnnetteOrga2013u14
2014-01-21 20:41 - 2013-03-29 20:59 - 00000000 ____D C:\Users\MarcoD\Desktop\MatheKLASSEN
2014-01-21 20:37 - 2013-03-28 21:29 - 00000000 ____D C:\Users\MarcoD\Desktop\STICKS
2014-01-21 20:37 - 2013-03-28 21:23 - 00000000 ____D C:\Users\MarcoD\Desktop\PDFI
2014-01-21 20:37 - 2013-03-28 21:13 - 00000000 ____D C:\Users\MarcoD\Desktop\WORDDateien
2014-01-21 18:08 - 2014-01-20 08:11 - 00000000 ____D C:\FRST
2014-01-21 18:07 - 2014-01-21 18:07 - 00000777 _____ C:\Users\MarcoD\Desktop\JRT.txt
2014-01-21 17:57 - 2014-01-21 17:57 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-21 17:55 - 2014-01-21 17:49 - 00000000 ____D C:\AdwCleaner
2014-01-21 17:33 - 2014-01-21 17:33 - 00000000 ____D C:\Users\MarcoD\AppData\Roaming\Malwarebytes
2014-01-21 17:33 - 2014-01-21 17:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 17:28 - 2013-11-21 20:26 - 00000000 ____D C:\Users\MarcoD\Desktop\Klasse7bSport
2014-01-20 16:04 - 2013-10-26 20:48 - 00000000 ____D C:\Users\MarcoD
2014-01-20 15:01 - 2013-12-18 14:48 - 00001064 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2014-01-20 08:09 - 2014-01-20 08:09 - 00000474 _____ C:\Users\MarcoD\Desktop\defogger_disable.log
2014-01-20 08:09 - 2014-01-20 08:09 - 00000000 _____ C:\Users\MarcoD\defogger_reenable
2014-01-20 07:31 - 2014-01-20 07:31 - 00000000 ____D C:\Users\MarcoD\Desktop\AntivirProtokoll
2014-01-19 14:24 - 2014-01-19 14:24 - 00296096 _____ C:\WINDOWS\Minidump\011914-17437-01.dmp
2014-01-19 14:24 - 2013-11-04 18:14 - 391306265 _____ C:\WINDOWS\MEMORY.DMP
2014-01-19 14:24 - 2013-11-04 18:14 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-19 14:07 - 2014-01-19 14:07 - 00292472 _____ C:\WINDOWS\Minidump\011914-17109-01.dmp
2014-01-19 08:38 - 2013-03-30 12:35 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-18 19:28 - 2014-01-18 19:28 - 00296144 _____ C:\WINDOWS\Minidump\011814-18187-01.dmp
2014-01-18 04:50 - 2014-01-18 04:50 - 00296152 _____ C:\WINDOWS\Minidump\011814-17078-01.dmp
2014-01-17 17:11 - 2014-01-17 17:11 - 00000000 ___RD C:\Users\MarcoD\Documents\Notes
2014-01-17 15:11 - 2014-01-17 15:11 - 00296152 _____ C:\WINDOWS\Minidump\011714-17296-01.dmp
2014-01-16 11:47 - 2014-01-16 11:47 - 00296120 _____ C:\WINDOWS\Minidump\011614-17062-01.dmp
2014-01-15 18:39 - 2013-07-17 09:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-15 18:38 - 2013-03-30 12:22 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 16:52 - 2013-10-02 13:53 - 00000000 ____D C:\Users\MarcoD\Desktop\MatheKurseBeginn2013
2014-01-15 14:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-15 13:19 - 2013-03-28 19:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 12:15 - 2014-01-15 12:15 - 00292952 _____ C:\WINDOWS\Minidump\011514-17203-01.dmp
2014-01-15 06:59 - 2014-01-15 06:59 - 00000000 ____D C:\Users\MarcoD\Documents\OneNote-Notizbücher
2014-01-15 06:59 - 2013-03-28 17:08 - 00000000 ___RD C:\Users\MarcoD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-15 06:57 - 2014-01-15 06:57 - 00296120 _____ C:\WINDOWS\Minidump\011514-16953-01.dmp
2014-01-14 16:08 - 2014-01-14 16:08 - 00296088 _____ C:\WINDOWS\Minidump\011414-17078-01.dmp
2014-01-14 14:55 - 2014-01-14 14:55 - 00296016 _____ C:\WINDOWS\Minidump\011414-17218-01.dmp
2014-01-14 09:11 - 2014-01-14 09:11 - 00296040 _____ C:\WINDOWS\Minidump\011414-17156-01.dmp
2014-01-13 22:11 - 2014-01-13 22:11 - 01458680 _____ C:\Users\MarcoD\Desktop\Vertretungsplan_pdf - Google Drive.mht
2014-01-13 14:27 - 2014-01-13 14:27 - 00292088 _____ C:\WINDOWS\Minidump\011314-17234-01.dmp
2014-01-13 08:53 - 2014-01-13 08:53 - 00296152 _____ C:\WINDOWS\Minidump\011314-17625-01.dmp
2014-01-12 11:45 - 2014-01-12 11:45 - 00296128 _____ C:\WINDOWS\Minidump\011214-17828-01.dmp
2014-01-11 15:08 - 2014-01-11 15:08 - 00296120 _____ C:\WINDOWS\Minidump\011114-16937-01.dmp
2014-01-11 11:00 - 2014-01-11 11:00 - 00289920 _____ C:\WINDOWS\Minidump\011114-17093-01.dmp
2014-01-10 20:23 - 2014-01-10 20:23 - 00296104 _____ C:\WINDOWS\Minidump\011014-17078-01.dmp
2014-01-10 13:46 - 2014-01-10 13:46 - 00291032 _____ C:\WINDOWS\Minidump\011014-16859-01.dmp
2014-01-10 07:25 - 2014-01-10 07:25 - 00296088 _____ C:\WINDOWS\Minidump\011014-17671-01.dmp
2014-01-10 06:58 - 2014-01-10 06:58 - 00296088 _____ C:\WINDOWS\Minidump\011014-8875-01.dmp
2014-01-09 13:03 - 2014-01-09 13:03 - 00294528 _____ C:\WINDOWS\Minidump\010914-8656-01.dmp
2014-01-07 14:00 - 2014-01-04 19:44 - 00000000 ____D C:\Users\MarcoD\Desktop\Klausur8und11PDFAuswertung
2014-01-07 13:56 - 2014-01-07 13:56 - 00830326 _____ C:\Users\MarcoD\Desktop\Lehrerzimmer Arbeiten und Klausuren Anzahl und Dauer 2013_14_php.mht
2014-01-07 10:30 - 2014-01-07 10:25 - 00000000 ____D C:\Users\MarcoD\Desktop\hp8600
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-04 18:03 - 2014-01-04 18:03 - 00002028 _____ C:\Users\MarcoD\Downloads\HP Print and Scan Doctor.lnk
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\Program Files (x86)\HP
2014-01-04 18:03 - 2014-01-04 18:02 - 06123336 _____ C:\Users\MarcoD\Downloads\HPPSdr.exe
2014-01-04 18:03 - 2013-10-26 20:45 - 00000000 ____D C:\ProgramData\HP
2013-12-30 08:21 - 2013-03-29 02:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
Some content of TEMP:
====================
C:\Users\MarcoD\AppData\Local\Temp\avgnt.exe
C:\Users\MarcoD\AppData\Local\Temp\Offercast_AVIRAV7_.exe
C:\Users\MarcoD\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-22 07:08
==================== End Of Log ============================
Eset hat wohl anscheinend etwas gefunden. Die Scans haben etwas gedauert, weil ich vorher noch einen Check mit dem Virenscanner gemacht habe. Vielen Dank!!!! Marco |
|
24.01.2014, 08:01
| #6 |
| /// the machine /// TB-Ausbilder | Computer wird langsam und will ständig ein Java-Update durchführen. Virenfund nach scan. Java updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Computer wird langsam und will ständig ein Java-Update durchführen. Virenfund nach scan. |
|
24.01.2014, 15:20
| #7 |
| | Computer wird langsam und will ständig ein Java-Update durchführen. Virenfund nach scan. Hallo, ich kann mich einfach nur bedanken!! Allerdings weiß ich nicht, ob ich Defrogger richtig bedient habe. Nach re-enable kam das gleiche Fenster direkt wieder. Oder musste dann noch etwas anderes erscheinen. Und durfte das Internet dann schon wieder aktiviert sein? Dann werde ich jetzt erstmal mein System neustarten und deine Tipps befolgen! Bist wirklich eine riesen Hilfe! Was studierst du denn nebenher, wenn ich fragen darf - bzw. wo arbeitest du? Viele Grüße Marco |
|
25.01.2014, 12:18
| #8 |
| /// the machine /// TB-Ausbilder | Computer wird langsam und will ständig ein Java-Update durchführen. Virenfund nach scan. Ich studiere Informatik, aber nur nebenbei, zum Spass quasi Ja Defogger passt so Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Computer wird langsam und will ständig ein Java-Update durchführen. Virenfund nach scan. |
| 32 bit, 4d36e972-e325-11ce-bfc1-08002be10318, antivirus, askbar, bonjour, computer, converter, desktop, diagnostics, homepage, hotspot, langsam, malware, minidump, mozilla, netgear, object, problem, pup.optional.opencandy, registry, rundll, schutz, security, software, svchost.exe, system, tablet, win32/adware.pricepeep.a, win32/speedingupmypc.b, win32k.sys, windowsapps |
Hybrid-Darstellung
