| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner eingefangen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.05.2015, 11:17
| #1 |
 |  Trojaner eingefangen? Da in den letzten Tagen mein Rechner mehrfach plötzlich abgestürzt ist und im Task Manager zwischendurch hohe CPU Auslastung auftrat, die ich mir nicht erklären konnte bin ich mir nicht sicher, ob ich einen Trojaner o.ä. eingefangen habe! FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2015 02 Ran by Ernst (administrator) on ELINEU on 15-05-2015 11:09:57 Running from C:\Users\Ernst\Desktop Loaded Profiles: Ernst & UpdatusUser (Available profiles: Ernst & UpdatusUser & Administrator & Gast) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe (Aladdin Knowledge Systems, Ltd.) C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe (Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE () C:\Users\Ernst\AppData\LocalLow\WOT\IE\WOTUpdater.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (TomTom) C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Panasonic Corporation) C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (G Data Software AG) C:\Program Files\G Data\InternetSecurity\GUI\GDSC.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG) HKLM\...\Run: [G Data ASM] => C:\Program Files\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation) HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-3539214255-4280287789-3925056074-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe [1905032 2015-04-28] (TomTom) HKU\S-1-5-21-3539214255-4280287789-3925056074-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-3539214255-4280287789-3925056074-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-3539214255-4280287789-3925056074-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\...\Run: [InfoCockpit] => C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-11-16] (Deutsche Telekom AG, T-Com) HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-03-26] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.3 HD Lite Edition.lnk [2015-03-26] ShortcutTarget: PHOTOfunSTUDIO 6.3 HD Lite Edition.lnk -> C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ernst\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ernst\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ernst\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3539214255-4280287789-3925056074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3539214255-4280287789-3925056074-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1431531089&z=bd607f37b871b2474648360g8zbc1gew9c5g6e7bfm&from=wpc&uid=395049983_1052451_74975161&q={searchTerms} SearchScopes: HKU\S-1-5-21-3539214255-4280287789-3925056074-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1431531089&z=bd607f37b871b2474648360g8zbc1gew9c5g6e7bfm&from=wpc&uid=395049983_1052451_74975161&q={searchTerms} SearchScopes: HKU\S-1-5-21-3539214255-4280287789-3925056074-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1431531089&z=bd607f37b871b2474648360g8zbc1gew9c5g6e7bfm&from=wpc&uid=395049983_1052451_74975161&q={searchTerms} SearchScopes: HKU\S-1-5-21-3539214255-4280287789-3925056074-1000 -> {55A9FE75-E6CD-439D-8012-65202831D22F} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms} SearchScopes: HKU\S-1-5-21-3539214255-4280287789-3925056074-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-02] (Oracle Corporation) BHO: WOT -> {9E571C81-21E7-496B-9E6B-127E60263022} -> C:\Users\Ernst\AppData\LocalLow\WOT\IE\WOT.dll [2012-01-12] (WOT Services Oy) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-02] (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2007-11-07] (Skype Technologies) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.33.2 FireFox: ======== FF ProfilePath: C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default FF DefaultSearchEngine: mystartsearch FF SearchEngineOrder.2: FF SelectedSearchEngine: mystartsearch FF Homepage: https://www.google.de/?gws_rd=ssl FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @innoplus.de/ino3DViewer -> C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll [2012-04-25] (INNOVA-engineering GmbH Dresden) FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-02] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files\Sibelius Software\Scorch\npsibelius.dll [2013-03-11] () FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.1 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-02-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-02-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-02-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-02-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-02-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSibelius.dll [2010-04-08] () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\PDFNetC.dll [2010-03-31] (PDFTron Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ScorchAxPlugin.dll [2010-04-08] () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010-04-08] () FF SearchPlugin: C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\searchplugins\englische-ergebnisse.xml [2012-08-12] FF SearchPlugin: C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\searchplugins\gmx-suche.xml [2012-08-12] FF SearchPlugin: C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\searchplugins\google-images.xml [2014-09-21] FF SearchPlugin: C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\searchplugins\google-maps.xml [2014-09-21] FF SearchPlugin: C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\searchplugins\lastminute.xml [2012-08-12] FF SearchPlugin: C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\searchplugins\webde-suche.xml [2012-08-12] FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox FF Extension: Internet Video Downloader - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2011-01-18] FF HKLM\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\extensions\searchffv2@gmail.com FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-23] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM\...\Chrome\Extension: [nphjeokkkbngjpiofnfpnafjeofjomfb] - C:\Users\Ernst\AppData\LocalLow\WOT\CHROME\WOT.crx [2012-01-12] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [764552 2010-12-11] (Acronis) R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2011-02-01] (Acronis) R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG) R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG) R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2159472 2014-03-25] (G Data Software AG) S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [176128 2011-04-19] () [File not signed] R2 DiagTrack; C:\Windows\system32\diagtrack.dll [851456 2015-04-27] (Microsoft Corporation) R2 eTSrv; C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe [7168 2008-11-03] (Aladdin Knowledge Systems, Ltd.) [File not signed] R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-01-16] (Foxit Software Inc.) R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2409280 2014-01-30] (G Data Software AG) R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG) R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-01-24] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) R2 WOTUpdater; C:\Users\Ernst\AppData\LocalLow\WOT\IE\WOTUpdater.exe [18432 2012-01-12] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation) R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [48296 2008-07-29] (Aladdin Knowledge Systems, Ltd.) S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [34472 2008-07-29] (Aladdin Knowledge Systems, Ltd.) S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [27496 2012-09-04] (AVG Technologies) S3 DCamUSBTP10; C:\Windows\System32\Drivers\iP293x.sys [246272 2008-10-30] (iPassion Technology Inc.) [File not signed] S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14920 2013-03-07] () [File not signed] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9160 2013-03-07] () [File not signed] S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [60104 2010-07-12] (FTDI Ltd.) U0 gcvgj; C:\Windows\System32\drivers\xgpnfb.sys [52440 2015-05-15] (Malwarebytes Corporation) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [44544 2015-03-16] (G Data Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [101504 2015-03-16] (G Data Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [56832 2015-03-16] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2015-03-16] (G Data Software AG) R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2015-03-16] (G Data Software) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [50176 2015-03-16] (G Data Software AG) R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-05-15] (Malwarebytes Corporation) R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2014-08-25] (Audials AG) R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-11-27] (RapidSolution Software AG) R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [27648 2010-04-29] (Acronis) [File not signed] S3 ZMHHPAudioSrv; C:\Windows\System32\drivers\zmhhpau.sys [32000 2010-04-16] (ZOOM) S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [110592 2009-04-09] (ZTE Corporation) S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105344 2009-04-09] (ZTE Incorporated) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Ernst\AppData\Local\Temp\catchme.sys [X] S3 DCamUSBSTK02N; system32\DRIVERS\STK02NW2.sys [X] S3 StarOpen; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-15 11:09 - 2015-05-15 11:10 - 00020056 _____ () C:\Users\Ernst\Desktop\FRST.txt 2015-05-15 11:09 - 2015-05-15 11:10 - 00000000 ____D () C:\FRST 2015-05-15 11:09 - 2015-05-15 11:09 - 00000446 _____ () C:\Users\Ernst\Desktop\defogger_disable.log 2015-05-15 11:09 - 2015-05-15 11:09 - 00000000 _____ () C:\Users\Ernst\defogger_reenable 2015-05-15 08:55 - 2015-05-15 08:55 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\xgpnfb.sys 2015-05-15 07:58 - 2015-05-15 07:58 - 00380416 _____ () C:\Users\Ernst\Desktop\Gmer-19357.exe 2015-05-15 07:56 - 2015-05-15 07:56 - 01145856 _____ (Farbar) C:\Users\Ernst\Desktop\FRST.exe 2015-05-15 07:55 - 2015-05-15 07:55 - 00050477 _____ () C:\Users\Ernst\Desktop\Defogger.exe 2015-05-14 14:45 - 2015-05-15 10:44 - 00091082 _____ () C:\Windows\WindowsUpdate.log 2015-05-14 14:43 - 2015-05-14 19:28 - 00000112 _____ () C:\Windows\setupact.log 2015-05-14 14:43 - 2015-05-14 14:43 - 00000000 _____ () C:\Windows\setuperr.log 2015-05-14 14:42 - 2015-05-14 14:42 - 00567896 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-14 14:42 - 2015-05-14 14:42 - 00002700 _____ () C:\Windows\PFRO.log 2015-05-14 14:03 - 2015-05-14 14:03 - 00182064 _____ () C:\Users\Ernst\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-14 10:24 - 2015-05-14 10:24 - 00000000 ____D () C:\Program Files\Doblon 2015-05-14 03:36 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 17:30 - 2015-05-15 07:41 - 00000000 ____D () C:\Program Files\Quick Login for Google Accounts 2015-05-13 17:30 - 2015-05-15 07:41 - 00000000 ____D () C:\Program Files\PriceMinus 2015-05-13 17:30 - 2015-05-15 07:40 - 00000000 ____D () C:\Program Files\PriicEEMiNus 2015-05-13 17:30 - 2015-05-15 07:40 - 00000000 ____D () C:\Program Files\bestadblocker 2015-05-13 17:30 - 2015-05-13 17:30 - 00000000 ____D () C:\ProgramData\6739778865081373131 2015-05-13 17:28 - 2015-05-15 05:28 - 00000324 ____N () C:\Windows\Tasks\Bidaily Synchronize Task.job 2015-05-13 17:28 - 2015-05-14 19:22 - 00000000 ____D () C:\ProgramData\{f3467395-93d6-35df-f346-6739593dce56} 2015-05-13 13:30 - 2015-05-13 17:12 - 00000000 ____D () C:\Users\Ernst\AppData\Roaming\MediaMonkey 2015-05-13 13:30 - 2015-05-13 13:30 - 00000000 ____D () C:\Users\Ernst\AppData\Local\MediaMonkey 2015-05-13 08:15 - 2015-05-14 10:15 - 00000000 ____D () C:\Program Files\Karaoke5 2015-05-13 07:43 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-13 07:43 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 07:43 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-13 07:43 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 07:43 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 07:43 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-13 07:43 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-13 07:43 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 07:43 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-13 07:43 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 07:43 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 07:43 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-13 07:43 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 07:43 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 07:43 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 07:43 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-13 07:43 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-13 07:43 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-13 07:43 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 07:43 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-13 07:43 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-13 07:43 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 07:43 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 07:43 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 07:43 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 07:43 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-13 07:43 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 07:43 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-13 07:43 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 07:43 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 07:43 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 07:43 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-13 07:42 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-05-13 07:42 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-13 07:42 - 2015-04-27 21:11 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-13 07:42 - 2015-04-27 21:11 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-13 07:42 - 2015-04-27 21:08 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-13 07:42 - 2015-04-27 21:05 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-13 07:42 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-13 07:42 - 2015-04-27 21:05 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-13 07:42 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-13 07:42 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-13 07:42 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-13 07:42 - 2015-04-27 21:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-13 07:42 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-13 07:42 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-13 07:42 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-13 07:42 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-13 07:42 - 2015-04-27 21:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-13 07:42 - 2015-04-27 21:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-13 07:42 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-13 07:42 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-13 07:42 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-13 07:42 - 2015-04-27 21:04 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-13 07:42 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-13 07:42 - 2015-04-27 21:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-13 07:42 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-13 07:42 - 2015-04-27 21:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-13 07:42 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-13 07:42 - 2015-04-27 21:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-13 07:42 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-13 07:42 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-13 07:42 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-13 07:42 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-13 07:42 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-13 07:42 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-13 07:42 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-13 07:42 - 2015-04-27 20:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-13 07:42 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 07:42 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 07:42 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 07:42 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 07:41 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 07:41 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 07:41 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 07:36 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 07:36 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 07:36 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 07:36 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 07:32 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 07:32 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 07:32 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-12 14:41 - 2015-05-12 14:45 - 00000000 ____D () C:\Users\Ernst\Desktop\2015-05-12 2015-05-10 18:11 - 2015-05-10 18:11 - 00003549 _____ () C:\Users\Ernst\Documents\chrofreizeitfulda2015.nra 2015-05-10 08:46 - 2015-05-10 08:51 - 00000000 ____D () C:\Users\Ernst\Desktop\2015-05-10 2015-05-07 14:31 - 2015-05-07 14:31 - 00000000 ____D () C:\Users\Ernst\.chili 2015-05-03 10:27 - 2015-05-03 10:29 - 218207212 _____ () C:\Users\Ernst\Downloads\Med7v801(2).exe 2015-05-02 20:26 - 2015-05-02 20:26 - 23308160 _____ (TomTom International B.V.) C:\Users\Ernst\Downloads\InstallMyDriveConnect.exe 2015-04-30 20:40 - 2015-04-30 20:40 - 00000000 ____D () C:\med7BDT 2015-04-30 13:31 - 2015-04-30 13:31 - 28995288 _____ (DVDVideoSoft Ltd. ) C:\Users\Ernst\Downloads\FreeAudioCDToMP3Converter.exe 2015-04-25 09:33 - 2015-04-25 09:35 - 219637741 _____ () C:\Users\Ernst\Downloads\Med7v801(1).exe 2015-04-23 14:45 - 2015-05-14 11:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-04-22 07:45 - 2015-04-22 07:46 - 39074536 _____ (Microsoft Corporation) C:\Users\Ernst\Downloads\FileFormatConverters.exe 2015-04-18 07:20 - 2015-04-18 07:23 - 219637741 _____ () C:\Users\Ernst\Downloads\Med7v801.exe 2015-04-18 07:01 - 2015-04-18 07:10 - 816849717 _____ () C:\Users\Ernst\Downloads\MMI_PHARMINDEX_2015_Q2_20150315_17.1.0.exe 2015-04-16 16:43 - 2015-04-16 16:43 - 00001016 _____ () C:\Users\Ernst\Desktop\MMI PHARMINDEX.lnk 2015-04-16 03:09 - 2015-05-14 03:34 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-15 17:54 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-15 17:54 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-15 17:54 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-15 17:54 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-15 17:54 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-15 17:54 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-15 17:54 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-15 17:54 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-15 17:54 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-15 17:54 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-15 17:53 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-15 17:51 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-15 17:51 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-15 17:51 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-15 17:51 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-15 17:51 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-15 17:51 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-15 17:51 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-15 17:51 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-15 17:51 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-15 17:51 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-15 17:51 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-15 17:51 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-15 17:51 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-04-15 17:51 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-15 11:09 - 2010-01-16 14:40 - 00000000 ____D () C:\Users\Ernst 2015-05-15 08:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\security 2015-05-15 07:45 - 2015-03-10 21:44 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-15 07:30 - 2011-01-08 10:44 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-15 06:57 - 2012-09-23 10:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-15 03:30 - 2011-01-08 10:44 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-14 22:03 - 2014-10-01 14:23 - 00000000 ____D () C:\Windows\rescache 2015-05-14 19:36 - 2009-07-14 06:34 - 00023168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-14 19:36 - 2009-07-14 06:34 - 00023168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-14 19:29 - 2015-03-21 11:14 - 00000266 _____ () C:\Windows\Tasks\AbelssoftPreloader.job 2015-05-14 19:28 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-14 14:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2015-05-14 14:24 - 2009-07-14 10:56 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-14 13:55 - 2013-09-14 12:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-14 12:01 - 2015-04-02 18:31 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2015-05-14 12:01 - 2013-11-04 14:46 - 00000000 ____D () C:\Users\Ernst\AppData\Local\Help 2015-05-14 12:01 - 2011-08-22 16:37 - 00000000 ____D () C:\ProgramData\tmp 2015-05-14 12:01 - 2010-05-06 13:32 - 00000000 ____D () C:\temp 2015-05-14 12:01 - 2010-03-16 23:02 - 00000000 ____D () C:\Program Files\iPhoto Plus 4 2015-05-14 12:01 - 2010-02-07 11:43 - 00000000 ____D () C:\med7net 2015-05-14 12:01 - 2010-02-07 11:42 - 00000000 ____D () C:\Med7 2015-05-14 11:49 - 2014-01-27 15:35 - 00000000 ____D () C:\Program Files\PDF24 2015-05-14 11:49 - 2013-08-25 09:33 - 00000000 ____D () C:\Users\Ernst\AppData\Roaming\TeamViewer 2015-05-14 11:49 - 2010-01-18 17:53 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack 2015-05-14 11:49 - 2010-01-16 14:45 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-05-14 11:48 - 2015-02-01 10:50 - 00000000 ____D () C:\ProgramData\install_clap 2015-05-14 11:48 - 2013-11-04 09:19 - 00000000 ____D () C:\Users\Ernst\AppData\Local\NETGEARGenie 2015-05-14 11:48 - 2011-01-23 11:06 - 00000000 ____D () C:\Users\Ernst\AppData\Roaming\vlc 2015-05-14 11:47 - 2014-06-29 13:35 - 00000000 ____D () C:\Users\Ernst\AppData\Roaming\MusicNet 2015-05-14 11:47 - 2011-07-09 19:56 - 00000000 ____D () C:\Windows\Minidump 2015-05-14 11:47 - 2010-01-18 18:06 - 00000000 ____D () C:\Users\Ernst\AppData\Roaming\Media Player Classic 2015-05-14 10:14 - 2010-01-16 14:43 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-14 04:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-05-14 03:55 - 2012-08-30 18:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-14 03:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-05-14 03:15 - 2010-12-08 23:11 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-14 03:08 - 2012-08-30 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-13 13:17 - 2010-01-17 15:09 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI 2015-05-12 14:55 - 2013-11-09 19:20 - 00000000 ____D () C:\Users\Ernst\AppData\Local\FRITZ! 2015-05-10 18:14 - 2010-06-08 20:37 - 00000000 ____D () C:\Users\Ernst\AppData\Roaming\Audacity 2015-05-10 17:07 - 2014-09-15 15:57 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2015-05-10 17:07 - 2013-09-06 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-05-10 17:07 - 2013-09-06 18:49 - 00000000 ____D () C:\Users\Ernst\AppData\Roaming\DVDVideoSoft 2015-05-10 17:07 - 2013-09-06 18:49 - 00000000 ____D () C:\Program Files\DVDVideoSoft 2015-05-02 20:58 - 2010-02-05 19:46 - 00000000 ____D () C:\Program Files\Java 2015-05-02 20:56 - 2015-03-18 18:50 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-05-02 20:27 - 2014-12-30 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom 2015-05-02 20:27 - 2014-12-30 14:13 - 00000000 ____D () C:\Program Files\MyDrive Connect 2015-05-02 11:06 - 2015-01-23 18:56 - 00000000 ____D () C:\Users\Ernst\AppData\Roaming\Steganos 2015-05-02 10:26 - 2010-02-09 14:39 - 00000024 _____ () C:\ProgramData\__FileUploader.log 2015-05-01 09:58 - 2010-09-07 14:11 - 00000000 ____D () C:\Users\Ernst\Documents\DVDVideoSoft 2015-05-01 09:54 - 2010-11-27 22:01 - 00001971 _____ () C:\Users\Ernst\Documents\GNMIDI.ini 2015-04-30 13:32 - 2014-09-15 15:57 - 00001197 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2015-04-25 09:24 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-04-25 09:23 - 2012-05-06 18:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-04-22 07:48 - 2010-01-19 14:28 - 00000000 ____D () C:\Program Files\Microsoft Office 2015-04-22 07:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-04-18 10:56 - 2014-10-23 13:17 - 00001656 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Med7 Arztpraxisprogramm.lnk 2015-04-18 10:36 - 2010-02-07 11:40 - 00000000 ____D () C:\Windows\Downloaded Installations 2015-04-16 04:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat 2015-04-16 03:40 - 2014-12-12 04:33 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-16 03:40 - 2014-05-07 03:20 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-15 19:57 - 2012-09-23 10:36 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-04-15 19:57 - 2011-07-10 18:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2010-11-13 18:16 - 2010-11-13 18:16 - 0000604 ____H () C:\Program Files\STFT Notifier 2014-05-08 14:45 - 2014-05-08 14:45 - 0000000 _____ () C:\Users\Ernst\AppData\Roaming\gdfw.log 2014-05-08 14:45 - 2015-03-16 14:53 - 0003116 _____ () C:\Users\Ernst\AppData\Roaming\gdscan.log 2010-01-16 20:02 - 2010-01-15 23:42 - 4302944 _____ () C:\Users\Ernst\AppData\Roaming\IMAG0023.AVI 2014-05-14 21:54 - 2014-05-14 22:06 - 0028268 _____ () C:\Users\Ernst\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2014-12-07 12:01 - 2014-12-07 12:03 - 0583820 _____ () C:\Users\Ernst\AppData\Roaming\Scorch_Install.log 2010-03-08 23:21 - 2010-03-08 23:31 - 0282624 _____ () C:\Users\Ernst\AppData\Local\filesync.metadata 2010-02-09 14:39 - 2015-05-02 10:26 - 0000024 _____ () C:\ProgramData\__FileUploader.log ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-14 21:54 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-05-2015 02
Ran by Ernst at 2015-05-15 11:11:37
Running from C:\Users\Ernst\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3539214255-4280287789-3925056074-500 - Administrator - Enabled) => C:\Users\Administrator
Ernst (S-1-5-21-3539214255-4280287789-3925056074-1000 - Administrator - Enabled) => C:\Users\Ernst
Gast (S-1-5-21-3539214255-4280287789-3925056074-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-3539214255-4280287789-3925056074-1051 - Limited - Enabled)
UpdatusUser (S-1-5-21-3539214255-4280287789-3925056074-1003 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G Data InternetSecurity CBE (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity CBE (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3D-Viewer-innoplus (HKLM\...\{B96DB037-DBEA-4186-9081-9CBD537F82E8}) (Version: 14.00.70 - INNOVA-engineering GmbH)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
AceBackup 3 (HKLM\...\{87B60A11-AA9E-43FE-A68F-B3C4F80F7D2F}) (Version: 3.0.2 - AceBIT)
Acronis*True*Image*Home (HKLM\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7154 - Acronis)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AmazingMIDI (HKLM\...\AmazingMIDI) (Version: - )
Apple Application Support (32-Bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Photo Commander 11 v.11.1.6 (HKLM\...\{C92AB6F1-0F9C-8526-5DF1-0A2FD0FB33D9}_is1) (Version: 11.1.6 - Ashampoo GmbH & Co. KG)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audials (HKLM\...\{356DC986-755B-471C-83C7-49BD0CB1614F}) (Version: 11.0.55900.0 - Audials AG)
Audials (HKLM\...\{69626CD9-18D4-4DA7-BB50-D452A93B3D68}) (Version: 12.0.54100.0 - Audials AG)
AudibleManager (HKLM\...\AudibleManager) (Version: 2000640624.48.56.11209962 - Audible, Inc.)
Aura Video to Audio Converter 1.2.5 (HKLM\...\Aura Video to Audio Converter_is1) (Version: - Aura4You.com)
Aura4You Software Manager 1.0.2 (HKLM\...\Aura4You Software Manager_is1) (Version: - aura4you.com)
AutoHotkey 1.0.48.05 (HKLM\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
AVS Video ReMaker 4.2.2.153 (HKLM\...\AVS Video ReMaker_is1) (Version: 4.2.2.153 - Online Media Technologies Ltd.)
BCL easyConverter 3.0 Licensing Module (BCL License) (Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Loader SDK Module (Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Module (Loader, BCL License) (Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Module (RTF, BCL License) (Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 RTF SDK Module (Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 SDK Module (Version: 3.0.18 - BCL Technologies) Hidden
Biet-O-Matic v2.14.8 (HKLM\...\Biet-O-Matic v2.14.8) (Version: 2.14.8 - BOM Development Team)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon iP7200 series Benutzerregistrierung (HKLM\...\Canon iP7200 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon iP7200 series On-screen Manual (HKLM\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon ScanGear Starter (HKLM\...\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}) (Version: - )
CanoScan Toolbox Ver4.9 (HKLM\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
CardRecovery 6.00 (HKLM\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version: - WinRecovery Software)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - )
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CuteFTP 9 (HKLM\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.0.5 - Globalscape)
CyberLink PhotoDirector 5 (HKLM\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5724.0 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DMPmanager (HKLM\...\DMPmanager) (Version: - )
Dropbox (HKU\S-1-5-21-3539214255-4280287789-3925056074-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
DVAPTray (HKLM\...\{30D1B542-44E0-44F0-8A31-2A101CB626B5}) (Version: 1.0.0.3 - )
DVR-Capture 1.01.1 (HKLM\...\DVR-Capture) (Version: 1.01.1 - Haenien-Software)
EaseUS Partition Master 9.2.2 (HKLM\...\EaseUS Partition Master_is1) (Version: - EaseUS)
eHealth500 Terminal (HKLM\...\{0DAB42A7-C726-4E23-B5B9-1D774B96FC2D}) (Version: 1.07 - SCM Microsystems)
eToken PKI Client 5.0 SP1 (HKLM\...\{11B9A0E0-4FAB-4296-A633-2534F80C60FE}) (Version: 5.00.0.65 - Aladdin Knowledge Systems Ltd.)
EURACOM_4D03 (HKLM\...\EURACOM_4D03) (Version: - )
Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.6.36.116 - Foxit Software Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation)
Free Audio Converter version 5.0.47.906 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.47.906 - DVDVideoSoft Ltd.)
Free DVD MP3 Ripper 1.12 (HKLM\...\Free DVD MP3 Ripper_is1) (Version: - Jodix Technologies Ltd.)
Free M4a to MP3 Converter 6.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Free MP4 Video Converter version 5.0.57.219 (HKLM\...\Free MP4 Video Converter_is1) (Version: 5.0.57.219 - DVDVideoSoft Ltd.)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Video Flip and Rotate version 1.0.8.1215 (HKLM\...\Free Video Flip and Rotate_is1) (Version: 1.0.8.1215 - DVDVideoSoft Ltd.)
Free Video to iPad Converter version 5.0.52.1122 (HKLM\...\Free Video to iPad Converter_is1) (Version: 5.0.52.1122 - DVDVideoSoft Ltd.)
Free Video to iPhone Converter version 5.0.51.1022 (HKLM\...\Free Video to iPhone Converter_is1) (Version: 5.0.51.1022 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.51.1022 (HKLM\...\Free Video to MP3 Converter_is1) (Version: 5.0.51.1022 - DVDVideoSoft Ltd.)
Free YouTube to iPhone Converter version 2.12.45.923 (HKLM\...\Free YouTube to iPhone Converter_is1) (Version: 2.12.45.923 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.49.1022 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.49.1022 - DVDVideoSoft Ltd.)
FreeOCR v5.0 (HKLM\...\freeocr_is1) (Version: - )
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
FRITZ!Box-Fernzugang einrichten (HKLM\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
G Data InternetSecurity CBE (HKLM\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
Gelbe Liste Pharmindex (HKU\S-1-5-21-3539214255-4280287789-3925056074-1000\...\Gelbe Liste Pharmindex GLP) (Version: - )
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
GoGear ARIA Device Manager (HKLM\...\{43B0D334-9A1B-4257-9E51-D3813BD8B9D0}) (Version: 01.05 - Philips)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
GPL Ghostscript 8.56 (HKLM\...\GPL Ghostscript 8.56) (Version: - )
GPL Ghostscript 9.00 (HKLM\...\GPL Ghostscript 9.00) (Version: - )
GPL Ghostscript Fonts (HKLM\...\GPL Ghostscript Fonts) (Version: - )
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
H-Series_ASIO32 (HKLM\...\{17FE3002-491F-11DF-9F17-00269E8DC781}) (Version: 1.1.0 - ZOOM)
iBackupBot 5.1.7 (HKLM\...\iBackupBot) (Version: 5.1.7 - VOWSoft, Ltd.)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.7.2386.747 - )
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.1.0 - LIGHTNING UK!)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 40 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.25 - Oracle Corporation)
KaraFun Player (HKLM\...\KaraFun Player_is1) (Version: 1.20.86.771 - Recisio)
KaraFun Player 2 (HKLM\...\KaraFun Player 2_is1) (Version: 2.1.30.158 - Recisio)
KeyView for Lotus 97 (HKLM\...\KeyView for Lotus) (Version: - )
K-Lite Codec Pack 5.2.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 5.2.0 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
LightScribe System Software 1.12.29.2 (HKLM\...\{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}) (Version: 1.12.29.2 - hxxp://www.lightscribe.com)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Med7 (HKLM\...\{04DA1E4E-F84C-45B4-90E2-1C7AA63C5DCB}) (Version: 7.97.0014 - Bitron GmbH)
Med7 (HKLM\...\{0CC63C00-BEF6-4CF8-BB4D-E576201A9EE1}) (Version: 7.98.0008 - Bitron GmbH)
Med7 (HKLM\...\{14CD8819-7665-41D3-AC82-D417F2B66F79}) (Version: 7.82.0021 - Bitron GmbH)
Med7 (HKLM\...\{1904F9D8-C3F3-4AC8-9CDA-950C5995B69D}) (Version: 7.98.0062 - Bitron GmbH)
Med7 (HKLM\...\{1AC9A8F0-A373-4329-892A-5062032408BD}) (Version: 7.93.0022 - Bitron GmbH)
Med7 (HKLM\...\{207FD790-4234-4815-A0C3-2FE7C7994EDD}) (Version: 7.77.0004 - Bitron GmbH)
Med7 (HKLM\...\{3C374744-04A9-45BF-BCE0-A9E0DF1FC9E0}) (Version: 7.77.0026 - Bitron GmbH)
Med7 (HKLM\...\{3D3380D6-3445-49A1-865B-8E35B8D0B551}) (Version: 7.96.0009 - Bitron GmbH)
Med7 (HKLM\...\{4640E6BE-D987-4F21-8919-5CECE52DF023}) (Version: 7.76.0038 - Bitron GmbH)
Med7 (HKLM\...\{50259A1D-0095-4F7D-AB68-7A081D154142}) (Version: 7.98.0034 - Bitron GmbH)
Med7 (HKLM\...\{5AEC8DBB-2711-4E25-8799-C5481F78185B}) (Version: 7.99.0019 - Bitron GmbH)
Med7 (HKLM\...\{5FE3AC79-8507-4458-BD5D-F976FCE4BC93}) (Version: 7.87.0002 - Bitron GmbH)
Med7 (HKLM\...\{74E5B1D3-6AD3-4579-8721-325DDA7F33F7}) (Version: 7.96.0012 - Bitron GmbH)
Med7 (HKLM\...\{7DF1EA59-F9CA-4EF3-850C-B27BF084A4EE}) (Version: 7.98.0033 - Bitron GmbH)
Med7 (HKLM\...\{810D62D2-5216-470F-84C7-429CF829424A}) (Version: 7.98.0037 - Bitron GmbH)
Med7 (HKLM\...\{81E08CC8-E93F-428C-BDAD-6EA2A6980D54}) (Version: 7.99.0007 - Bitron GmbH)
Med7 (HKLM\...\{83504068-F2AA-4A93-B6C7-3671AE4DD5DA}) (Version: 7.97.0005 - Bitron GmbH)
Med7 (HKLM\...\{8589EB24-4CA3-4B5F-8D1E-55432FADBAAC}) (Version: 7.98.0011 - Bitron GmbH)
Med7 (HKLM\...\{86DC298C-6468-4B58-A793-28128828497C}) (Version: 7.95.0011 - Bitron GmbH)
Med7 (HKLM\...\{963234F7-5757-4E53-9CC6-F0F122F7AA0D}) (Version: 7.94.0010 - Bitron GmbH)
Med7 (HKLM\...\{9BB904D7-2CDB-4DE7-9713-EC4D607FE26C}) (Version: 7.80.0010 - Bitron GmbH)
Med7 (HKLM\...\{A086E995-265F-4FC0-8A9B-BD036E297494}) (Version: 7.98.0050 - Bitron GmbH)
Med7 (HKLM\...\{A283FAC3-E628-499B-AF19-48C3863EBBB4}) (Version: 7.82.0011 - Bitron GmbH)
Med7 (HKLM\...\{A343BBE3-BA27-4406-8377-C0A0F0141363}) (Version: 7.84.0002 - Bitron GmbH)
Med7 (HKLM\...\{A798BD1D-BD81-4CAF-8870-9F14A3010410}) (Version: 7.82.0019 - Bitron GmbH)
Med7 (HKLM\...\{AEFF6F11-9F11-446F-8723-13097A8931A1}) (Version: 7.84.0017 - Bitron GmbH)
Med7 (HKLM\...\{AF22E4F0-1F5B-4252-B912-1A9DFAA44634}) (Version: 7.98.0012 - Bitron GmbH)
Med7 (HKLM\...\{B187514D-0A81-4C5C-919A-AAED78F21BA2}) (Version: 7.98.0060 - Bitron GmbH)
Med7 (HKLM\...\{B71D7ECF-334E-4FE3-AC9B-5DB2104BDFB6}) (Version: 7.98.0052 - Bitron GmbH)
Med7 (HKLM\...\{B7B279AC-EFF6-4EBC-A559-DA2C2D05C55A}) (Version: 7.99.0023 - Bitron GmbH)
Med7 (HKLM\...\{BA0972B9-BE7C-4FEE-9EEE-DFC42AC935D2}) (Version: 7.80.0005 - Bitron GmbH)
Med7 (HKLM\...\{BEBBC42A-E7A2-466B-9E12-BAA6F4FCD28D}) (Version: 7.77.0010 - Bitron GmbH)
Med7 (HKLM\...\{C09D663B-A9ED-4EEE-8CC3-2C7A3DB63514}) (Version: 7.85.0014 - Bitron GmbH)
Med7 (HKLM\...\{C09D663B-A9ED-4EEE-8CC3-2C7A3DB63526}) (Version: 7.86.0011 - Bitron GmbH)
Med7 (HKLM\...\{C09D663B-A9ED-4EEE-8CC3-2C7A3DB63527}) (Version: 7.86.0012 - Bitron GmbH)
Med7 (HKLM\...\{C09D663B-A9ED-4EEE-8CC3-2C7A3DB63534}) (Version: 7.86.0019 - Bitron GmbH)
Med7 (HKLM\...\{C09D663B-A9ED-4EEE-8CC3-2C7A3DB63535}) (Version: 7.86.0021 - Bitron GmbH)
Med7 (HKLM\...\{C09D663B-A9ED-4EEE-8CC3-2C7A3DB63537}) (Version: 7.86.0023 - Bitron GmbH)
Med7 (HKLM\...\{C751A1AB-5BD1-428C-BC0D-BB3274CAA5F4}) (Version: 7.99.0004 - Bitron GmbH)
Med7 (HKLM\...\{CA674646-942F-45C2-998E-01B4B52D3506}) (Version: 7.98.0039 - Bitron GmbH)
Med7 (HKLM\...\{CAF793AB-C155-4CF6-98F9-8616ADA85D01}) (Version: 7.98.0007 - Bitron GmbH)
Med7 (HKLM\...\{CBD38EDF-5414-4F5F-87C7-E11A5F07B437}) (Version: 7.82.0020 - Bitron GmbH)
Med7 (HKLM\...\{D3407639-1992-49A3-B6A6-F1C3485B9234}) (Version: 7.84.0010 - Bitron GmbH)
Med7 (HKLM\...\{D3407639-1992-49A3-B6A6-F1C3485B9238}) (Version: 7.84.0014 - Bitron GmbH)
Med7 (HKLM\...\{D81B70B9-BAE2-4196-9798-75107C196978}) (Version: 7.99.0008 - Bitron GmbH)
Med7 (HKLM\...\{D93A0256-9E7F-4670-A616-1AA8073FCC09}) (Version: 7.98.0014 - Bitron GmbH)
Med7 (HKLM\...\{E29657DB-B1A5-4C57-B1E5-B9B2AC07EADC}) (Version: 7.77.0032 - Bitron GmbH)
Med7 (HKLM\...\{E8A31658-96D9-4205-9201-5AE4D00AC760}) (Version: 7.98.0005 - Bitron GmbH)
Med7 (HKLM\...\{ECD8C743-11D9-409A-ADAF-D096A67A3557}) (Version: 7.94.0010 - Bitron GmbH)
Med7 (HKLM\...\{F321B542-E142-43A9-8933-6D44CCEF181C}) (Version: 7.84.0003 - Bitron GmbH)
Med7 (HKLM\...\{F9FCBD97-B2E3-4890-B5EE-BE68F33E101E}) (Version: 8.01.0026 - Bitron GmbH)
Media Converter for Philips (HKLM\...\{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}) (Version: 2.5.2.232 - ArcSoft)
MEDION GoPal Assistant (HKLM\...\{B9D45A76-61DF-4387-B0FE-CA165D582B57}) (Version: 6.3.6.13143 - MEDION)
Medion GoPal Assistant 4.03.006 (HKLM\...\Medion GoPal Assistant) (Version: 4.3.6.0 - Medion)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 (x86) (HKLM\...\{A8BD5A60-E843-46DC-8271-ABF20756BE0F}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 (x86) (HKLM\...\{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MMI PHARMINDEX (HKLM\...\Gelbe Liste Pharmindex) (Version: - )
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.2 (x86 de) (HKLM\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 4.0.2.2123 (HKLM\...\MyDriveConnect) (Version: 4.0.2.2123 - TomTom)
MyVoice (HKLM\...\MyVoice) (Version: - )
Nero 7 Essentials (HKLM\...\{7BAA9BA8-0761-42EF-842A-23FAA5321031}) (Version: 7.03.0976 - Nero AG)
Neuratron AudioScore Lite (HKLM\...\Neuratron AudioScore Lite) (Version: 6.5.0 - Neuratron Limited)
Neuratron PhotoScore Lite (HKLM\...\Neuratron PhotoScore Lite) (Version: 6.0.0 - Neuratron Limited)
nLite 1.4.9.1 (HKLM\...\nLite_is1) (Version: 1.4.9.1 - Dino Nuhagic (nuhi))
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-3539214255-4280287789-3925056074-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
PantsOff 2.0 (HKLM\...\{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1) (Version: 2.0 - Christoph Bünger Software)
PC-Putzer 2015 (HKLM\...\PC-Putzer 2015_is1) (Version: 19.3 - Abelssoft)
PDF Editor 3 (HKLM\...\PDF Editor 3) (Version: - )
PDF24 Creator 6.5.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF2Word Converter Version 1.1.0 (Build 164, 7-PDF) (HKLM\...\PDF2Word Converter (7-PDF)_is1) (Version: PDF2Word Converter - Version 1.1.0 (Build 164) - 7-PDF, Germany - Thorsten Hodes)
PhoneClean 3.6.0 (HKLM\...\{2FAFFE02-4D6B-4C0A-906B-1B33DAF0DD14}}_is1) (Version: 3.6.0 - iMobie Inc.)
Pinnacle VideoSpin (HKLM\...\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}) (Version: 2.0.0.669 - Pinnacle Systems)
Pixum Fotobuch (HKLM\...\Pixum Fotobuch) (Version: - )
Plantronics Software (HKLM\...\{348B0E64-D410-4CA2-866B-FD1C60BCB3CE}) (Version: 2.2.41656.0 - Plantronics, Inc.)
POIbase 1.071 (HKLM\...\POIbase_is1) (Version: - POIbase)
proDAD Heroglyph 2.5 (HKLM\...\proDAD-Heroglyph-2.5) (Version: - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SDFormatter (HKLM\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Security Task Manager 1.8g (HKLM\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Sibelius 6 First (HKLM\...\Sibelius 6 First_is1) (Version: - )
Sibelius Scorch (all browsers) (HKLM\...\{F533A90F-4E9E-4A17-A085-BD285B6AA57A}) (Version: 6.1.0 - Sibelius Software)
Sibelius Scorch (Firefox, Opera, Netscape only) (HKLM\...\{10ABE49D-343A-463E-9753-C4C5A05ECEF9}) (Version: 6.2.0 - Sibelius Software)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
SmartCutter Ps/Ts 20091004 (HKLM\...\SmartCutter Ps/Ts 20091004) (Version: - )
Songbird 1.9.1 (Build 1920) (HKLM\...\Songbird-release-1920) (Version: - )
Stream What You Hear (SWYH) Version 1.3 (HKLM\...\{5FBEA9D3-668E-4B88-BF6C-E1BCF441ECFD}_is1) (Version: 1.3 - Sebastien.warin.fr)
Studio 11 (HKLM\...\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}) (Version: 11.0 - Pinnacle Systems)
Studio 11 (Version: 11.0.0.0 - Pinnacle Systems) Hidden
sv.net (HKLM\...\sv.net) (Version: 15.0 - ITSG GmbH)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synchredible v3.1 (HKLM\...\Synchredible_is1) (Version: - ASCOMP Software GmbH)
TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)
T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version: - )
T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version: - )
v2011.build.46 (HKLM\...\{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1) (Version: v2011.build.46 - eRightSoft)
vanBasco's Karaoke Player (HKLM\...\VMidi) (Version: - )
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows 7 Codec Pack 2.7.0 (HKLM\...\Windows 7 - Codec Pack) (Version: - Windows 7 Codec Pack)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.00 beta 8 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
WireNote (remove only) (HKLM\...\WireNote_is1) (Version: - )
Yahoo! Desktop Login (Version: 1.00.0001 - Pinnacle Systems) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ernst\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1000_Classes\CLSID\{112EA537-7AB9-4e22-8BFB-7FD5FCB19849}\localserver32 -> C:\Program Files\Globalscape\CuteFTP\ftpte.exe (Globalscape, Inc.)
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1000_Classes\CLSID\{503E492B-C90C-4E23-842B-EB05CDA61DC9}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ernst\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Ernst\AppData\Local\Temp\6AD0\temp\7410.exe No File
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ernst\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ernst\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ernst\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ernst\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ernst\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ernst\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ernst\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ernst\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1003_Classes\CLSID\{112EA537-7AB9-4e22-8BFB-7FD5FCB19849}\localserver32 -> C:\Program Files\Globalscape\CuteFTP\ftpte.exe (Globalscape, Inc.)
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1003_Classes\CLSID\{503E492B-C90C-4E23-842B-EB05CDA61DC9}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1003_Classes\CLSID\{7ad3508e-238c-584c-9c26-b0d3417ae12f}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-3539214255-4280287789-3925056074-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
==================== Restore Points =========================
24-04-2015 22:09:23 Windows Update
02-05-2015 00:00:03 Geplanter Prüfpunkt
10-05-2015 17:51:22 Geplanter Prüfpunkt
14-05-2015 03:00:42 Windows Update
14-05-2015 14:22:48 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2015-03-16 20:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {163BB014-C95E-4B4B-8758-241C89892594} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {28AA8D00-4D1B-4DD0-B32D-113E8074F015} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {2B69D7B1-2E23-4695-A6BB-BBC553FC13F3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {39144606-BA14-4EA4-8B0D-D5DE5D07F99B} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation)
Task: {4CACA859-6530-4A7D-95CF-2FF34112CD7B} - System32\Tasks\{C4550220-FBAF-421B-BC1A-384FD99EA6E4} => C:\Program Files\IPE\MyVoice\MyVoice.exe [2010-03-14] (Copyright© 2002-2003 International Print Edition M.Vachal)
Task: {4DE9049B-CD3F-4278-8B5A-AF41B01A9AD4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {50DDD3A0-ED96-4A68-ACCE-D8D73F384CB3} - System32\Tasks\{5EF930E6-E5DC-45BC-8529-00E0E2333E37} => C:\Program Files\IPE\MyVoice\MyVoice.exe [2010-03-14] (Copyright© 2002-2003 International Print Edition M.Vachal)
Task: {6E1B0DDD-FD99-46E0-8614-F2FB222CBE8B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {7184CE8D-AC2F-4BDF-8160-21D9EBD4BEFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {745E2502-2BB6-4C3C-9BA1-7A149D58F2F7} - System32\Tasks\{C800BC0C-157D-4E75-83B8-C6BF1EE32352} => pcalua.exe -a C:\Users\Ernst\Downloads\paipw(3).exe -d C:\Users\Ernst\Downloads
Task: {76A4C466-5365-4F01-839E-AB25B2C603AD} - System32\Tasks\{A63B9182-3EEB-406E-A139-EE54FAD4F760} => pcalua.exe -a C:\Windows\NVUnInst\Setup.exe
Task: {7D3252B5-11CE-41D4-A311-28BDF18A86E3} - System32\Tasks\AbelssoftPreloader => C:\Program Files\WashAndGo\AbelssoftPreloader.exe [2015-03-06] (Microsoft)
Task: {8AE32741-6070-454F-AF87-B224025DC0F1} - System32\Tasks\{C0989A87-AB97-47AF-966C-9389E1B3B971} => pcalua.exe -a C:\Users\Ernst\Downloads\vkaraoke(2).exe -d C:\Users\Ernst\Downloads
Task: {925794A6-364B-4ACC-808E-2C597D4639D8} - System32\Tasks\{2C2740A6-6145-41B2-A146-2C5CE2339E51} => pcalua.exe -a D:\NeroExpress\setupx.exe -d D:\NeroExpress
Task: {A7073F9C-D60D-4219-B5E6-45C72BAB5D0F} - System32\Tasks\Synchredible-Ernst => C:\Program Files\ASCOMP Software\Synchredible\synchredible.exe [2011-02-04] (ASCOMP Software GmbH)
Task: {A944BEAA-7485-422A-9F61-1D000D78B489} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)
Task: {A94D229D-4DF4-427C-9598-81AE0908AE47} - \Bidaily Synchronize Task No Task File <==== ATTENTION
Task: {AAA52C27-D57E-4669-98EF-07C13E5C181C} - System32\Tasks\{D74FDF6A-0D09-44B9-AAA7-A13DDE9F0B1A} => pcalua.exe -a "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Task: {B58BD9F5-6E25-4AC7-82FA-E0C34453C6A3} - System32\Tasks\{00F428A2-13E7-4E9B-BD2E-748E56309617} => pcalua.exe -a C:\Users\Ernst\Downloads\paipw(2).exe -d C:\Users\Ernst\Downloads
Task: {BEB1B996-A9CD-4214-81FA-D0A859390347} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {C14E3E27-7B98-4B69-B7D2-62D9EAAB7872} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {C1FD0453-8080-40BA-BD92-AFC65A3C0FF7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F596A9DE-8B4E-43F9-B6E9-CBD07B550759} - System32\Tasks\{B3BFF757-8659-4205-915B-FFFD4049EC0C} => C:\Program Files\IPE\MyVoice\MyVoice.exe [2010-03-14] (Copyright© 2002-2003 International Print Edition M.Vachal)
Task: {F96B266D-170D-40A7-8E04-56239AD54517} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\AbelssoftPreloader.job =>
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job =>
Task: C:\Windows\Tasks\Bidaily Synchronize Task.job => <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job =>
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job =>
==================== Loaded Modules (Whitelisted) ==============
2013-08-24 23:36 - 2013-12-19 20:37 - 00107296 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2010-09-18 10:13 - 2005-01-06 18:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2013-06-28 14:12 - 2013-06-28 13:12 - 00024064 _____ () C:\Windows\System32\ssj1mlm.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-12 12:23 - 2012-01-12 12:23 - 00018432 _____ () C:\Users\Ernst\AppData\LocalLow\WOT\IE\WOTUpdater.exe
2010-03-27 18:39 - 2010-12-11 20:18 - 01002224 _____ () C:\Program Files\Acronis\TrueImageHome\tishell.dll
2013-12-19 04:42 - 2013-12-19 04:42 - 00287864 ____N () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll
2015-04-28 19:53 - 2015-04-28 19:53 - 00140288 _____ () C:\Program Files\MyDrive Connect\quazip.dll
2014-09-11 17:06 - 2014-09-11 17:06 - 00878592 _____ () C:\Program Files\MyDrive Connect\Plugins\platforms\qwindows.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 00036352 _____ () C:\Program Files\MyDrive Connect\Plugins\bearer\qgenericbearer.dll
2014-09-11 17:06 - 2014-09-11 17:06 - 00038912 _____ () C:\Program Files\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00032256 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qdds.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 00021504 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qgif.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00027648 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qicns.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 00021504 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qico.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00381952 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qjp2.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 00204800 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qjpeg.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00218112 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qmng.dll
2014-09-11 17:08 - 2014-09-11 17:08 - 00015872 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qsvg.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00015360 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qtga.dll
2014-09-11 17:15 - 2014-09-11 17:15 - 00307712 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qtiff.dll
2014-09-11 17:15 - 2014-09-11 17:15 - 00014848 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qwbmp.dll
2014-09-11 17:15 - 2014-09-11 17:15 - 00252928 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qwebp.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7775 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3539214255-4280287789-3925056074-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.33.2
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Ernst^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: DVAPTray => C:\Windows\System32\DVAPTray.exe
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
MSCONFIG\startupreg: eTMonitor => "C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe"
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{8B827819-153B-4CBA-967C-FE6BD54C3565}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{2A7E9954-701E-48E4-B0C6-BA4C424FA9C1}] => (Allow) E:\Program Files\Pinnacle\Studio 11\programs\RM.exe
FirewallRules: [{BC60A0D5-B6A9-4A76-B728-1299EA3BE491}] => (Allow) E:\Program Files\Pinnacle\Studio 11\programs\RM.exe
FirewallRules: [{E4611160-CD3E-4B61-BDA5-5F9071CE8551}] => (Allow) E:\Program Files\Pinnacle\Studio 11\programs\Studio.exe
FirewallRules: [{A35C937C-C653-407E-A154-B001FE6ECD65}] => (Allow) E:\Program Files\Pinnacle\Studio 11\programs\Studio.exe
FirewallRules: [{27E09C16-924D-4370-8A6D-EFAC87B56C45}] => (Allow) E:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe
FirewallRules: [{6E822718-0DF3-4F1E-B617-712747A436F8}] => (Allow) E:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe
FirewallRules: [{7FCB8A21-A319-4E41-8A24-4DBC8CC1C6B6}] => (Allow) E:\Program Files\Pinnacle\Studio 11\programs\umi.exe
FirewallRules: [{60C8D496-7AAF-4BCA-B415-5EEBC71F9A5A}] => (Allow) E:\Program Files\Pinnacle\Studio 11\programs\umi.exe
FirewallRules: [TCP Query User{FE8BE8F1-0C3E-4047-93BF-6F8379540BA1}C:\program files\wiredplane\wirenote\wirenote.exe] => (Allow) C:\program files\wiredplane\wirenote\wirenote.exe
FirewallRules: [UDP Query User{C62C6DC2-357A-44CB-80B5-59544034B814}C:\program files\wiredplane\wirenote\wirenote.exe] => (Allow) C:\program files\wiredplane\wirenote\wirenote.exe
FirewallRules: [TCP Query User{D2432D45-9203-40CD-8605-1C2D1B7293BD}C:\program files\wiredplane\wirenote\wirenote.exe] => (Block) C:\program files\wiredplane\wirenote\wirenote.exe
FirewallRules: [UDP Query User{4A3D1466-225A-4590-AD7C-05A559ADB213}C:\program files\wiredplane\wirenote\wirenote.exe] => (Block) C:\program files\wiredplane\wirenote\wirenote.exe
FirewallRules: [TCP Query User{080F6A03-99D3-4663-B963-880584C950DD}C:\program files\ws_ftp\ws_ftp95.exe] => (Block) C:\program files\ws_ftp\ws_ftp95.exe
FirewallRules: [UDP Query User{B86DF262-35FB-4223-8479-F27B66C54127}C:\program files\ws_ftp\ws_ftp95.exe] => (Block) C:\program files\ws_ftp\ws_ftp95.exe
FirewallRules: [{FBE64AD7-26C2-42E4-9C3C-971BBFF9786C}] => (Allow) D:\NeroExpress\Installation\SetupX.exe
FirewallRules: [{36C3DB1E-79FD-4DA6-B123-FB6616BFE3C6}] => (Allow) D:\NeroExpress\Installation\SetupX.exe
FirewallRules: [TCP Query User{C0BE8010-5EB3-424D-95AD-8ACC77393CA4}C:\program files\nero\nero 7\nero home\nerohome.exe] => (Block) C:\program files\nero\nero 7\nero home\nerohome.exe
FirewallRules: [UDP Query User{DD5126E1-B430-48F2-96AB-D114037F8B3E}C:\program files\nero\nero 7\nero home\nerohome.exe] => (Block) C:\program files\nero\nero 7\nero home\nerohome.exe
FirewallRules: [TCP Query User{15975A09-6F7A-4A0A-B89C-4AAD45C384A3}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{A56C8C6A-6308-4C6E-8D5C-8B52EE124DF7}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [TCP Query User{D2318EC5-6B3B-44DA-BB1D-28C4849691B0}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{849D6DB9-29DD-4457-B37F-BF026A417E86}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{A2F1005A-C687-4B70-B0EF-2291A68D48B5}C:\windows\system32\wfs.exe] => (Block) C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{2C61D6CB-4099-4478-AA11-9168ABFC37EB}C:\windows\system32\wfs.exe] => (Block) C:\windows\system32\wfs.exe
FirewallRules: [{A645B862-99F9-4C83-B905-5CF25A527765}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe
FirewallRules: [{E89BB41A-91F1-4DC1-99C6-FC45700A2354}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe
FirewallRules: [{31D71CF0-E360-4ABB-991E-E4476581AA56}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe
FirewallRules: [{BE8ECD78-D56C-43E4-880C-0FC07E4A9550}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe
FirewallRules: [{76C651F8-7BF6-41F5-9560-B6203638682A}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe
FirewallRules: [{F9615484-6C67-4118-85B8-4822CA68188F}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe
FirewallRules: [TCP Query User{A739ABBB-6D20-4826-B9D9-71852D4D700F}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{050AD8A8-AA77-4854-B6A9-59CA0D3CDF80}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [{0B6906FE-5419-49B8-B9A3-A1C7AC63D029}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FEE88298-8934-4F6F-9371-4F9E041E7E6F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8C185BF2-98B0-4096-828E-702CE44B16DA}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{0C8E2415-AF0E-4FBD-AA2A-329C63F88CF0}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{DAF90C96-86B3-47E7-A303-51C8C937CE56}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{5511D929-76AD-48BC-8ACF-6AD2AA1E03C0}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{4CDBA1E0-26CD-4057-B737-4878AC19CFBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{32CC6B4C-7888-45E9-A74F-16B07CA77AC3}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{629D9513-6A11-4DF3-94CA-433646DD7BBD}] => (Allow) C:\Users\Ernst\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1546608D-C02D-40DF-BE58-93992E1A9FD1}] => (Allow) C:\Users\Ernst\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{4BDE8623-0300-40FA-B3AA-413AC168E6A8}C:\users\ernst\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ernst\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{90A3A3E7-C2AB-4C82-9618-65004CEBDD67}C:\users\ernst\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ernst\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{D4596064-8C94-417C-B780-602DE01C1950}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{999AA3E9-4650-4048-B834-BA3D6BA2026B}C:\program files\fritz!\frifax32.exe] => (Allow) C:\program files\fritz!\frifax32.exe
FirewallRules: [UDP Query User{9D00BBFB-06CB-43E6-8A68-1878BE8F65D4}C:\program files\fritz!\frifax32.exe] => (Allow) C:\program files\fritz!\frifax32.exe
FirewallRules: [{38524A6E-CB30-4E3F-97A5-97EC38210625}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{75020967-E3C2-400D-B55C-A979DEB023DA}] => (Allow) LPort=2869
FirewallRules: [{910A795A-66A4-4936-ABB4-BABB5F39CFF4}] => (Allow) LPort=1900
FirewallRules: [{1707B53F-8F99-47FD-8B34-F0CB1BDFACC4}] => (Allow) C:\Program Files\Audials\Audials 11\Audials.exe
FirewallRules: [{41F1E003-9E44-4C4A-B7A3-E19923E0C2BF}] => (Allow) LPort=12972
FirewallRules: [{4889EE94-DC1C-4CB7-BA86-9CCCA305620A}] => (Allow) LPort=14714
FirewallRules: [{19BF172D-96E2-47BE-857A-CBE20DA7C973}] => (Allow) LPort=31931
FirewallRules: [{549278F8-520B-44BA-AE7D-A075BBDE3124}] => (Allow) E:\Program Files\Audials\Audials 12\Audials.exe
FirewallRules: [{71E96D00-086F-4108-B9C1-AEC32937B768}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C369B193-7561-4E3D-A91A-A102A443E3F3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4A88FF4C-E4E3-43AB-A653-AAA9F3ABA34E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E87C7856-D225-47E8-8362-910F26D84C34}] => (Allow) C:\Program Files\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{DBBEB1E0-3DB1-4D78-9362-3B6DEF7176FB}] => (Allow) C:\Program Files\Sony\PlayMemories Home\PMBBrowser.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/15/2015 00:12:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/15/2015 00:12:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/15/2015 00:11:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PCLE.DiscAPI,processorArchitecture="x86",type="win32",version="3.0.0.0"1".
Die abhängige Assemblierung "PCLE.DiscAPI,processorArchitecture="x86",type="win32",version="3.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/15/2015 00:08:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/15/2015 00:08:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/15/2015 00:08:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/15/2015 00:08:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/15/2015 00:07:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/15/2015 00:07:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/15/2015 00:07:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (05/14/2015 07:29:27 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (05/14/2015 07:28:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (05/14/2015 02:44:51 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (05/14/2015 02:43:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (05/14/2015 02:41:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Diagnostics Tracking Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (05/15/2015 00:12:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"E:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_CacheAgent.exe.Manifest
Error: (05/15/2015 00:12:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"E:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_AudioCacheAgent.exe.Manifest
Error: (05/15/2015 00:11:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: PCLE.DiscAPI,processorArchitecture="x86",type="win32",version="3.0.0.0"e:\program files\Pinnacle\studio 11\patch_backup\studio.exe
Error: (05/15/2015 00:08:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"E:\Program Files\Audials\Audials 12\tbhsd\tools64\uninstall.exe
Error: (05/15/2015 00:08:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"E:\Program Files\Audials\Audials 12\tbhsd\tools64\install.exe
Error: (05/15/2015 00:08:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"E:\Program Files\Audials\Audials 12\HookHelper64.exe
Error: (05/15/2015 00:08:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"E:\Program Files\Audials\Audials 12\tbhsd\tools64\cleanup.exe
Error: (05/15/2015 00:07:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Audials\Audials 11\tbhsd\tools64\uninstall.exe
Error: (05/15/2015 00:07:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Audials\Audials 11\tbhsd\tools64\cleanup.exe
Error: (05/15/2015 00:07:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Audials\Audials 11\tbhsd\tools64\install.exe
==================== Memory info ===========================
Processor: AMD Phenom(tm) 8650 Triple-Core Processor
Percentage of memory in use: 44%
Total physical RAM: 3583.55 MB
Available physical RAM: 1976.09 MB
Total Pagefile: 11258.36 MB
Available Pagefile: 9286.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1873 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:196.12 GB) (Free:23.47 GB) NTFS
Drive e: (Platte E) (Fixed) (Total:269.54 GB) (Free:138.29 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C4BE7463)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=196.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=269.5 GB) - (Type=OF Extended)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-15 12:10:09
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000068 TOSHIBA_ rev.MS1O 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Ernst\AppData\Local\Temp\ufldapog.sys
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRequestPort + 14CD 83445B55 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 83465E62 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
init C:\Windows\system32\DRIVERS\aksifdh.sys entry point in "init" section [0x953B2090]
---- Devices - GMER 2.1 ----
Device Ntfs.sys
AttachedDevice tdrpm273.sys
Device volmgr.sys
AttachedDevice fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@0340DA30 2238
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{CC04A9CA-0F0D-11E3-9CC6-806E6F6E6963} 13443299480
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- EOF - GMER 2.1 ----
|
| Themen zu Trojaner eingefangen? |
| adware, auslastung, bonjour, browser, canon, converter, cpu, downloader, entfernen, fehler, flash player, google, helper, hohe cpu, home, homepage, install.exe, launch, lightning, lotus, monitor, mozilla, registry, scan, security, software, svchost.exe, system, trojaner, udp, windows |
Baum-Darstellung