Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.10.2015, 17:17   #1
tb87
 
Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar - Standard

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar



Hallo,

es geht um den PC meines Schwiegervaters, der sich seit einigen Tagen komisch verhält:

- PDF Dateien im Outlook Posteingang sind kaputt (unvollständig, ein beträchtlicher Teil wird abgeschnitten), gleicher Effekt wenn man PDFs herunterlädt; im Firefox mit PDF.js kann man PDFs aber noch anschauen.

- beim Booten kommt eine Fehlermeldung vom Amazon MP3-Downloader Installer NSIS:


- man kann den Amazon MP3-Downloader nicht deinstallieren (da kommt die gleiche Meldung)

- mit MS Paint kann man keine Bilder speichern (ist mir eben beim Screenshot-Speichern aufgefallen, mit IrfanView geht es aber), egal wo (weder C: noch auf dem USB-Stick)

- in der Browserhistory sind eine Menge ominöser EXE Downloads, an die sich mein Schwiegervater nicht erinnern kann

- die Load ist generell recht hoch, Lüfter läuft praktisch immer




Hier die Logs:

Defogger hat kein Log erzeugt, nur ein defogger_disable.log mit binärem Inhalt, hier der Hexdump, falls das was hilft:
Code:
ATTFilter
0000000 0064 0065 0066 006f 0067 0067 0065 0072
0000010 005f 0064 0069 0073 0061 0062 006c 0065
0000020 0020 0062 0079 0020 006a 0070 0073 0068
0000030 006f 0072 0074 0073 0074 0075 0066 0066
0000040 0020 0028 0032 0033 002e 0030 0032 002e
0000050 0031 0030 002e 0031 0029 000d 000a 004c
0000060 006f 0067 0020 0063 0072 0065 0061 0074
0000070 0065 0064 0020 0061 0074 0020 0031 0036
0000080 003a 0031 0035 0020 006f 006e 0020 0032
0000090 0030 002f 0031 0030 002f 0032 0030 0031
00000a0 0035 0020 0028 0047 00fc 006e 0074 0065
00000b0 0072 0020 0052 0069 0065 0077 0065 0073
00000c0 0065 006c 0029 000d 000a 000d 000a 0043
00000d0 0068 0065 0063 006b 0069 006e 0067 0020
00000e0 0066 006f 0072 0020 0061 0075 0074 006f
00000f0 0073 0074 0061 0072 0074 0020 0076 0061
0000100 006c 0075 0065 0073 002e 002e 002e 000d
0000110 000a 0048 004b 0043 0055 005c 007e 005c
0000120 0052 0075 006e 0020 0076 0061 006c 0075
0000130 0065 0073 0020 0072 0065 0074 0072 0069
0000140 0065 0076 0065 0064 002e 000d 000a 0048
0000150 004b 004c 004d 005c 007e 005c 0052 0075
0000160 006e 0020 0076 0061 006c 0075 0065 0073
0000170 0020 0072 0065 0074 0072 0069 0065 0076
0000180 0065 0064 002e 000d 000a 000d 000a 0043
0000190 0068 0065 0063 006b 0069 006e 0067 0020
00001a0 0066 006f 0072 0020 0073 0065 0072 0076
00001b0 0069 0063 0065 0073 002f 0064 0072 0069
00001c0 0076 0065 0072 0073 002e 002e 002e 000d
00001d0 000a 000d 000a 000d 000a 002d 003d 0045
00001e0 002e 004f 002e 0046 003d 002d          
00001ec
         
weitere Logs siehe nächste Postings, war zu gross für eines.

FRST.txt:

FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:18-10-2015
durchgeführt von Günter Meier (Administrator) auf GÜNTER-PC (20-10-2015 16:17:13)
Gestartet von E:\winguenter\bin
Geladene Profile: Günter Meier (Verfügbare Profile: Günter Meier & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files\Deutsche Telekom AG\Browser 7\Browser7.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(G Data Software AG) C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\AVKProxy\GDKBFltExe32.exe
(simplitec GmbH) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
() C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(G DATA Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
() C:\Program Files\Amazon Browser Bar\search_protect.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Omega Partners Ltd) C:\Program Files\AppGraffiti\AppGraffiti.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [Performance Center] => C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Run: [Performance Center] => C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Run: [AGupdate] => C:\Program Files\AppGraffiti\AGupdate.exe [894048 2013-03-19] (Omega Partners Ltd)
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Windows\system32\config\systemprofile\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Run: [AppGraffiti] => C:\Program Files\AppGraffiti\AppGraffiti.exe [1220544 2015-06-25] (Omega Partners Ltd)
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\MountPoints2: E - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\MountPoints2: {d03db3b6-1d03-11e2-a160-001bfcd9fd0e} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\MountPoints2: {e9dbfc9b-1cfd-11e2-a85b-0000fcd9fd0e} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\MountPoints2: {e9dbfcc7-1cfd-11e2-a85b-0000fcd9fd0e} - E:\.\Setup.exe AUTORUN=1
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
Startup: C:\Users\Günter Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-08-05]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{92B1362F-D2B4-4AA3-8BF2-48D0F0646CDB}: [DhcpNameServer] 192.168.2.1 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_sp_
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tag=bds-p08-serp-de-ie-21&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_ds_&query={searchTerms}
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {05C72334-11F3-4e9f-8740-98128F52EFB9} URL = hxxp://google.ie7pro.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tag=bds-p08-serp-de-ie-21&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_ds_&query={searchTerms}
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {BE9654C9-9D79-42ec-B55A-3CAEB12DBF58} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {CB779390-9FC4-4A00-B031-3CD9A1C8A67A} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box_fs
BHO: Kein Name -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> C:\Program Files\SiteRanker\SiteRank.dll [2012-12-06] (Crawler, LLC)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: AppGraffiti -> {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} -> C:\Program Files\AppGraffiti\AppGraffiti.dll [2015-06-25] (Omega Partners Ltd)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Kein Name -> {CCB69577-088B-4004-9ED8-FF5BCC83A039} -> Keine Datei
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-03] (Sun Microsystems, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> Kein Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} -  Keine Datei
Toolbar: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  Keine Datei
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default
FF DefaultSearchEngine: MyStart Suche
FF DefaultSearchUrl: hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF SelectedSearchEngine: Inbox Suchen
FF Homepage: hxxp://www.inbox.com/homepage.aspx?tbid=80772&iwk=293&lng=de
FF Keyword.URL: hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-26] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-12-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-12-23] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-3597727890-3998022267-917300989-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3597727890-3998022267-917300989-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3597727890-3998022267-917300989-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Windows\system32\config\systemprofile\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-04-16] (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\user.js [2014-11-30]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2008-06-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2009-08-03] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-12-23] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-12-23] (RealPlayer)
FF SearchPlugin: C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\searchplugins\inbox-search.xml [2014-02-03]
FF SearchPlugin: C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\searchplugins\MyStart Search.xml [2011-02-07]
FF Extension: AppGraffiti - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\Extensions\AppGraffiti@AppGraffiti.com [2013-01-04] [ist nicht signiert]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-27] [ist nicht signiert]
FF Extension: Yahoo! Toolbar - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010-08-18] [ist nicht signiert]
FF Extension: Blue Ice 2 - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\Extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa} [2008-08-04] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-11] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-23] [ist nicht signiert]
FF Extension: Kein Name - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [nicht gefunden]
FF Extension: Kein Name - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [nicht gefunden]

Chrome: 
=======
CHR Profile: C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AppGraffiti - Free Facebook Layouts) - C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl [2013-03-06]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-04-01]
CHR Extension: (RebateInformer) - C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\odbbfaealmlpnodchplhdomkgpdkeeal [2013-03-06]
CHR HKLM\...\Chrome\Extension: [angobeimajilfhlcpeiccndaifchnppl] - C:\Program Files\AppGraffiti\Chrome\graff_chr.crx [2012-12-20]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AVKProxy; C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2528888 2015-04-16] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2876888 2015-04-07] (G Data Software AG)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [Datei ist nicht signiert]
S3 Browser7Maintenance; C:\Program Files\Browser 7 Maintenance Service\maintenanceservice.exe [148792 2015-08-20] (Deutsche Telekom AG)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-08] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R3 GDFwSvc; C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2539560 2015-02-20] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert]
S3 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 StarMoney 10 OnlineUpdate; C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688784 2015-07-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S4 StarMoney 7.0 OnlineUpdate; C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S4 TeamViewer; C:\Program Files\TeamViewer3\TeamViewer_Host.exe [90112 2007-11-29] () [Datei ist nicht signiert]
R2 Updater Service for AMZN; C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2013-03-21] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [108032 2015-04-07] (G Data Software AG)
R3 GDKBB; C:\Windows\system32\drivers\GDKBB32.sys [24192 2015-04-07] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt32.sys [20352 2015-04-07] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [161792 2015-04-07] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon32.sys [29400 2011-07-31] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [73216 2015-04-07] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2015-07-12] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2015-09-17] (G Data Software)
S1 HCW88AUD; C:\Windows\System32\drivers\hcw88aud.sys [11904 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88BDA; C:\Windows\System32\drivers\hcw88bda.sys [207872 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88TSE; C:\Windows\System32\drivers\hcw88tse.sys [299776 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88TUNE; C:\Windows\System32\drivers\hcw88tun.sys [149504 2007-01-23] (Hauppauge Computer Works, Inc.)
S3 hcw88vid; C:\Windows\System32\drivers\hcw88vid.sys [498176 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88XBAR; C:\Windows\System32\drivers\HCW88BAR.sys [23552 2007-01-23] (Hauppauge Computer Works, Inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [87040 2015-04-07] (G Data Software AG)
R1 hwinterface; C:\Windows\System32\Drivers\hwinterface.sys [3026 2007-09-17] (Logix4u) [Datei ist nicht signiert]
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [48768 2007-07-05] (JMicron Technology Corp.)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-10-17] (SCM Microsystems Inc.)
S3 STC2DFU; C:\Windows\System32\DRIVERS\Stc2Dfu.SYS [7796 2004-10-25] (SCM Microsystems Inc.) [Datei ist nicht signiert]
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (VIA Technologies, Inc.)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [91527 2005-02-26] (VM)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-20 16:16 - 2015-10-20 16:17 - 00000000 ____D C:\FRST
2015-10-20 16:15 - 2015-10-20 16:15 - 00000000 _____ C:\Users\Günter Meier\defogger_reenable
2015-10-17 15:51 - 2015-09-18 19:47 - 00023384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-17 15:51 - 2015-09-18 19:44 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-17 15:51 - 2015-09-18 19:44 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-17 15:51 - 2015-09-18 19:44 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-17 15:51 - 2015-09-18 19:44 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-17 15:51 - 2015-09-18 19:44 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-17 15:51 - 2015-09-18 19:35 - 00999936 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-14 14:00 - 2015-09-18 20:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 14:00 - 2015-09-16 05:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 14:00 - 2015-09-16 05:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 14:00 - 2015-09-16 05:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 14:00 - 2015-09-16 05:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 14:00 - 2015-09-16 05:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 14:00 - 2015-09-16 05:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 14:00 - 2015-09-16 05:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 14:00 - 2015-09-16 05:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 14:00 - 2015-09-16 05:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 14:00 - 2015-09-16 05:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 14:00 - 2015-09-16 05:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 14:00 - 2015-09-16 05:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 14:00 - 2015-09-16 05:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 14:00 - 2015-09-16 05:23 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 14:00 - 2015-09-16 05:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 14:00 - 2015-09-16 05:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 14:00 - 2015-09-16 05:18 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 14:00 - 2015-09-16 05:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 14:00 - 2015-09-16 05:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 14:00 - 2015-09-16 05:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 14:00 - 2015-09-16 05:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 14:00 - 2015-09-16 05:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 14:00 - 2015-09-16 05:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 14:00 - 2015-09-16 05:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 14:00 - 2015-09-16 04:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 14:00 - 2015-09-16 04:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 14:00 - 2015-09-16 04:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 14:00 - 2015-09-16 04:56 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 14:00 - 2015-09-16 04:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 14:00 - 2015-09-16 04:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 14:00 - 2015-09-16 04:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 14:00 - 2015-09-16 04:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 14:00 - 2015-09-16 04:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 13:57 - 2015-10-01 19:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 13:57 - 2015-10-01 19:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 13:57 - 2015-10-01 19:50 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 13:57 - 2015-10-01 19:50 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 13:57 - 2015-10-01 19:50 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 13:57 - 2015-10-01 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 13:57 - 2015-09-29 05:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-10-14 13:57 - 2015-09-29 05:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 13:57 - 2015-09-29 05:02 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 13:57 - 2015-09-29 04:58 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 13:57 - 2015-09-29 04:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 13:57 - 2015-09-29 04:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 13:57 - 2015-09-29 04:58 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 13:57 - 2015-09-29 04:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 13:57 - 2015-09-29 04:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 13:57 - 2015-09-29 04:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 13:57 - 2015-09-29 04:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 13:57 - 2015-09-29 04:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 13:57 - 2015-09-29 04:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 13:57 - 2015-09-29 03:43 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 13:57 - 2015-09-29 03:43 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 13:57 - 2015-09-29 03:43 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 13:57 - 2015-09-15 19:42 - 00139096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 13:57 - 2015-09-15 19:42 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 13:57 - 2015-09-15 19:36 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 13:57 - 2015-09-15 19:35 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 13:56 - 2015-09-25 19:59 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 13:56 - 2015-09-25 19:58 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 13:56 - 2015-09-25 19:58 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 13:56 - 2015-09-25 19:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 13:56 - 2015-09-25 19:58 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 13:56 - 2015-08-06 19:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 13:56 - 2015-08-06 19:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 16:55 - 2015-10-13 16:54 - 00524288 _____ (Simon Tatham) C:\Windows\putty.exe
2015-10-13 14:09 - 2015-10-13 14:09 - 00000000 ____D C:\Users\G�nter Meier
2015-10-12 18:09 - 2015-10-12 18:09 - 00000000 ____D C:\ProgramData\McAfee
2015-10-12 18:08 - 2015-10-17 15:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-12 18:08 - 2015-10-13 14:34 - 00002017 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-12 16:11 - 2015-10-12 16:11 - 28565300 _____ C:\Users\Günter Meier\Downloads\AdbeRdr920_de_DE.rar
2015-10-06 22:38 - 2015-10-13 13:42 - 00001508 _____ C:\Windows\PFRO.log
2015-09-25 21:58 - 2015-10-20 16:10 - 00711789 _____ C:\Windows\setupact.log
2015-09-25 21:58 - 2015-09-25 21:58 - 00000000 _____ C:\Windows\setuperr.log

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-20 16:15 - 2009-10-23 23:35 - 00000000 ____D C:\Users\Günter Meier
2015-10-20 16:15 - 2009-10-23 23:34 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-20 16:15 - 2009-10-23 23:34 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-20 16:12 - 2009-10-24 00:23 - 01648344 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-20 16:10 - 2011-02-28 19:30 - 00000000 ____D C:\Temp
2015-10-20 16:10 - 2009-10-24 00:12 - 01606529 _____ C:\Windows\WindowsUpdate.log
2015-10-20 16:07 - 2015-09-14 09:43 - 00000470 _____ C:\Windows\Tasks\simplitec Power Suite (Tray).job
2015-10-20 16:07 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-18 17:43 - 2015-06-12 18:54 - 00000000 ____D C:\Program Files\StarMoney 10
2015-10-18 17:26 - 2014-04-08 08:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-18 17:26 - 2009-08-11 10:55 - 00001160 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597727890-3998022267-917300989-1000UA.job
2015-10-18 09:49 - 2014-08-09 12:34 - 00000000 ____D C:\Program Files\StarMoney 9.0
2015-10-17 16:25 - 2014-12-12 10:32 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-17 16:25 - 2014-05-06 17:55 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-17 14:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2015-10-17 14:10 - 2015-08-10 13:32 - 00000000 ____D C:\Program Files\Amazon Browser Bar
2015-10-17 14:10 - 2015-04-05 22:09 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-17 14:10 - 2014-11-12 17:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-17 14:10 - 2011-07-05 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
2015-10-17 14:10 - 2011-03-27 17:48 - 00000000 ____D C:\ProgramData\Real
2015-10-17 14:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2015-10-17 14:09 - 2009-11-07 21:52 - 00000000 __RHD C:\MSOCache
2015-10-15 09:26 - 2015-07-08 15:57 - 00000412 _____ C:\Windows\Tasks\simplitec Power Suite.job
2015-10-15 09:21 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-10-14 19:10 - 2007-09-17 13:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 19:09 - 2013-08-02 21:57 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 19:01 - 2009-11-11 20:46 - 141105520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-14 19:00 - 2006-11-02 12:23 - 00000219 _____ C:\Windows\win.ini
2015-10-14 13:18 - 2015-07-08 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
2015-10-14 13:17 - 2015-07-08 15:56 - 00000000 ____D C:\Program Files\simplitec
2015-10-13 16:53 - 2013-01-04 19:34 - 00000000 ____D C:\Program Files\AppGraffiti
2015-10-13 16:50 - 2008-08-04 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
2015-10-12 18:07 - 2007-09-17 13:17 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-12 18:07 - 2007-09-17 13:17 - 00000000 ____D C:\Program Files\Adobe
2015-10-12 17:36 - 2007-09-17 13:17 - 00000000 ____D C:\ProgramData\Adobe
2015-10-07 21:17 - 2015-07-13 22:31 - 00000000 ____D C:\Users\Günter Meier\Documents\Bible
2015-10-06 22:35 - 2015-08-10 13:31 - 00000000 ____D C:\Program Files\Amazon
2015-09-23 21:08 - 2015-06-12 18:57 - 00002108 _____ C:\Users\Public\Desktop\StarMoney 10.lnk
2015-09-23 14:21 - 2014-09-24 11:24 - 00000071 _____ C:\Users\Günter Meier\Desktop\i_view32.ini

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-07-08 12:06 - 2015-07-09 09:31 - 0000053 _____ () C:\Users\Günter Meier\AppData\Roaming\LogFile.txt
2007-11-23 10:39 - 2009-01-08 19:29 - 0024206 _____ () C:\Users\Günter Meier\AppData\Roaming\UserTile.png
2015-02-12 10:59 - 2015-02-12 10:59 - 0000000 ____H () C:\Users\Günter Meier\AppData\Local\BITD367.tmp
2009-10-24 11:19 - 2009-10-24 11:19 - 0007609 _____ () C:\Users\Günter Meier\AppData\Local\Resmon.ResmonCfg
2011-12-23 21:57 - 2011-12-23 21:57 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{05CAAA34-0796-4266-BD12-2057BBECAF0B}
2011-07-30 09:28 - 2011-07-30 09:28 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{0766507E-53D7-44AF-A88E-C7EAEF153760}
2011-07-02 10:03 - 2011-07-02 10:08 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{0AE71263-88B3-4D37-9C7D-C0FC1B1FC4B9}
2011-10-18 13:16 - 2011-10-18 13:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{0B5A5CEB-9F36-4CEE-B0B7-2278D1CD416B}
2011-12-16 08:43 - 2011-12-16 08:43 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{17694828-0365-4695-AE08-08D098F41174}
2011-06-09 08:56 - 2011-06-09 08:56 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{189E3064-3E60-407D-B479-4EA6071C647E}
2012-01-11 12:36 - 2012-01-11 12:36 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{1CC4BC34-506A-4F28-849E-9BB689FDD145}
2011-05-12 22:19 - 2011-05-12 22:19 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{1D3488B1-AC49-4CE9-B01A-347A723C9E47}
2014-05-30 09:09 - 2014-05-30 09:09 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{23E58F2C-8DC4-4DE3-8FEF-766B1EEA544E}
2011-12-16 19:24 - 2011-12-16 19:24 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{28F4E85B-9194-4962-B72F-BDF01365858E}
2011-10-19 17:19 - 2011-10-19 17:19 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{29037809-5BF9-45EB-A551-B4F9944569EC}
2011-06-16 22:36 - 2011-06-16 22:36 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{29891808-A8FD-4F02-99A0-45E554B54B83}
2011-05-12 22:15 - 2011-05-12 22:15 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{2A589BD2-D8B8-4CE0-9AEC-9FD96C7E3A7C}
2011-11-10 16:20 - 2011-11-10 16:23 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{33620E34-0CC5-45B2-972D-B205D971AEFF}
2012-01-26 22:26 - 2012-01-26 22:26 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{338C8C87-226E-42F5-97CC-CDDC0BD39DC5}
2011-10-22 17:29 - 2011-10-22 17:29 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{35741B3A-B90E-4C17-980D-693DDC6D92B2}
2015-04-17 09:45 - 2015-04-17 09:49 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{37601423-536C-48D0-BBDF-BB556A35E507}
2011-11-10 16:23 - 2011-11-10 16:23 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{38CD506F-C922-4793-9DB1-A1F71DAE1C80}
2011-06-15 16:11 - 2011-06-15 16:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{3F1A741B-0E83-40B7-9293-F608619820F4}
2011-11-06 20:59 - 2011-11-06 20:59 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{41EB32F3-12BB-4F05-9EEA-C094A182864A}
2011-05-27 09:13 - 2011-05-27 09:13 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{451DD174-B044-4C44-BF45-A905F6CA4F5A}
2011-06-23 17:01 - 2011-06-23 17:01 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{4A257FA5-1DDC-43F7-BC1C-0101E86330DF}
2012-01-20 22:04 - 2012-01-20 22:04 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{4F835A43-90C0-45A9-A01D-30D12E39DA18}
2011-07-15 20:00 - 2011-07-15 20:00 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{5266879B-59A6-4F0B-99B1-F32396F78B0B}
2011-07-07 15:25 - 2011-07-07 15:25 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{565FA85B-71E4-48E4-BC1B-B4D473C9583E}
2011-06-26 16:03 - 2011-06-26 16:03 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{5DD604CF-949E-4EF9-AAE2-E98BF823D8DC}
2011-08-05 21:36 - 2011-08-05 21:36 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{618E2725-2A74-492B-AB68-9C9A7FBC60FA}
2014-09-17 11:32 - 2014-09-17 11:32 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{64A4A4AE-C52B-4208-9DC1-F3A515D33732}
2015-02-12 10:55 - 2015-02-12 10:59 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{6DA6D618-2D09-4E54-B6EA-D48FD2EE3E59}
2011-05-20 21:37 - 2011-05-20 21:37 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{71902AA3-3597-4958-BDBA-6C46016CED28}
2011-09-06 17:20 - 2011-09-06 17:21 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{724E8FC5-F413-4D0C-B0B8-8E9B13C5BE25}
2011-06-17 18:09 - 2011-06-17 18:09 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{77EFB568-7ED5-4EB2-8D60-8BC1540A9FF4}
2011-09-19 18:00 - 2011-09-19 18:04 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{79059305-E922-4911-B8D2-9135AFC051E0}
2012-01-06 19:58 - 2012-01-06 19:58 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{7BD81CF8-BA1F-405F-A974-8E15A12D1560}
2011-12-16 19:26 - 2011-12-16 19:26 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{7E6C24A7-A380-4862-909B-3C42CE67B411}
2011-07-17 08:29 - 2011-07-17 08:33 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{7ECE3187-654D-4E3E-B1E1-FB987C5DC824}
2011-11-10 16:25 - 2011-11-10 16:25 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{80059459-AD63-4EF3-B458-80436D4A91C3}
2011-09-19 18:02 - 2011-09-19 18:02 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{801DF4EC-2545-48AD-9E6B-B9E5F525FB45}
2011-09-14 19:39 - 2011-09-14 19:43 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{8433C909-3DE4-4FF7-BDB5-C71244205008}
2011-07-17 08:30 - 2011-07-17 08:35 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{875F79BE-EE0D-4267-8DE4-28ADBEDD6A58}
2011-07-30 09:29 - 2011-07-30 09:29 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{877CAC26-F3F4-4A4E-9FC9-D8B8DC3DC326}
2011-11-06 20:56 - 2011-11-06 20:56 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{89E76C26-CEDF-4184-82AE-3B1E5394A189}
2011-06-14 14:42 - 2011-06-14 14:42 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{8ED483F8-95C4-449A-B875-08FBA12129FF}
2011-10-07 18:16 - 2011-10-07 18:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{91EFF962-614A-45F8-9B30-57FBF9D336C6}
2011-06-15 16:09 - 2011-06-15 16:14 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{94858006-C678-4BCF-B655-CC82F18CB6C1}
2011-10-30 15:06 - 2011-10-30 15:06 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{96A82280-66E2-438B-BA18-9357DF72FEDD}
2011-11-03 18:14 - 2011-11-03 18:14 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{97F44D2C-D6DE-4D4B-8FF6-9DA56B1FB7E5}
2011-06-08 12:25 - 2011-06-08 12:25 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A01F53D9-7AFF-4AA4-8C51-541D0653CD1E}
2011-06-09 08:58 - 2011-06-09 08:58 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A1C1B8D0-278C-4B74-92BE-77ABC7A2B36B}
2011-12-06 10:44 - 2011-12-06 10:44 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A31325A4-1936-4BBF-A614-C4901C6F3313}
2011-12-17 11:13 - 2011-12-17 11:13 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A34EC897-35C0-45AE-9061-6D13B9F064C5}
2011-11-15 15:53 - 2011-11-15 15:53 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A50C05E7-36C0-41CD-A151-312C267A8F93}
2011-10-02 22:06 - 2011-10-02 22:06 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A6546426-9765-47B3-A4B5-8833E3728509}
2011-11-03 18:16 - 2011-11-03 18:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A65891F9-D1DC-4710-A18B-59195499AD25}
2012-01-06 19:56 - 2012-01-06 19:56 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A7E6BDF8-283D-4421-AFB2-449C1D5038C4}
2012-02-01 09:28 - 2012-02-01 09:28 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{AA7D708B-14B4-48CA-BB7B-EBC8D4578E6C}
2012-01-11 22:22 - 2012-01-11 22:22 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{AAB15AF0-99F7-416A-A202-9B120F5AFC76}
2014-07-11 09:15 - 2014-07-11 09:15 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{ABEA0400-D334-4F95-BDB4-85D0FFE3916D}
2011-07-17 18:35 - 2011-07-17 18:35 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{AC3DF61D-2DE3-41B9-B4A9-239938F825C7}
2011-07-06 09:24 - 2011-07-06 09:24 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{B2A65E21-ED83-41A4-BDF9-6898D2BD17C7}
2011-08-01 11:03 - 2011-08-01 11:04 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{BC517638-F267-4F06-926C-C1BBB488A79F}
2011-06-19 13:12 - 2011-06-19 13:12 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{BDA60C25-42C9-4EC4-9957-33B1206E85A2}
2011-11-09 22:01 - 2011-11-09 22:03 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{C102085D-C45E-4EA1-B94A-70AD439FE9EA}
2011-10-12 12:33 - 2011-10-12 12:33 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{CDD78E85-8B3D-43A0-B667-60152FD93FA4}
2011-12-16 08:45 - 2011-12-16 08:45 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{CEC7DA45-826C-4850-8A58-567EC29FC7D4}
2011-09-14 19:41 - 2011-09-14 19:41 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{D161D418-F4E5-4391-A183-9A90BA48F3AD}
2011-06-24 12:21 - 2011-06-24 12:21 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{D5119CE5-BDA0-4DDC-AAAF-21CCABC1C9DD}
2011-11-03 18:17 - 2011-11-03 18:17 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{D82FFAB7-3D57-49A8-8D08-5AFE6035D856}
2012-01-09 11:33 - 2012-01-09 11:34 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DAB70909-1C31-4C50-BA6D-8A1DBC16C007}
2011-06-11 17:02 - 2011-06-11 17:02 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DB4E76D0-D1A0-4DED-9618-FBC8D03F53C2}
2011-06-10 18:00 - 2011-06-10 18:01 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DC29E31A-B235-4BC6-A04B-0D1810A2B392}
2011-09-19 18:06 - 2011-09-19 18:06 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DF19300C-A2C8-4C8B-AA5F-2FDEA33BA72A}
2011-10-10 22:01 - 2011-10-10 22:01 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E1D28314-940E-4F2E-950F-7B627D0F8245}
2011-06-23 16:59 - 2011-06-23 16:59 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E3048784-D47B-4F95-BCB2-17CAC094F43A}
2011-07-31 11:49 - 2011-07-31 11:49 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E467D0D2-A4F5-469E-A910-783FD1A073CE}
2011-12-04 16:38 - 2011-12-04 16:38 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E58633B9-ACF2-4DF5-B796-C6E479EF246D}
2011-10-14 16:21 - 2011-10-14 16:21 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{EAD67AE9-0963-41F1-B934-5FB345612BE3}
2011-09-16 10:57 - 2011-09-16 10:57 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{F3CC78FF-402B-4FF3-A996-24ED5C370D3F}
2011-06-24 12:17 - 2011-06-24 12:17 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{F5C3197E-C3C0-42C9-BE75-9A8896599CD3}
2011-12-17 11:16 - 2011-12-17 11:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{FB2FD8B0-9BAB-4F35-9EE2-00E8FC1372C6}

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Günter Meier\ger21008.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-24 21:57

==================== Ende vom FRST.txt ============================
         
--- --- ---

Addition.txt:

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:18-10-2015
durchgeführt von Günter Meier (2015-10-20 16:18:38)
Gestartet von E:\winguenter\bin
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2009-10-24 08:10:48)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3597727890-3998022267-917300989-500 - Administrator - Disabled)
Gast (S-1-5-21-3597727890-3998022267-917300989-501 - Limited - Enabled)
Günter Meier (S-1-5-21-3597727890-3998022267-917300989-1000 - Administrator - Enabled) => C:\Users\Günter Meier
UpdatusUser (S-1-5-21-3597727890-3998022267-917300989-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: G DATA INTERNET SECURITY (Disabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA INTERNET SECURITY (Disabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Disabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90000000001}_Adobe Reader 9 - Deutsch) (Version:  - )
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Browser 7 der Telekom 39.0.15 (x86 de) (HKLM\...\Browser 7 der Telekom 39.0.15 (x86 de)) (Version: 39.0.15 - Deutsche Telekom AG)
Browser 7 Maintenance Service (HKLM\...\Browser7MaintenanceService) (Version: 33.1.17 - Deutsche Telekom AG)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version:  - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon MG8200 series Benutzerregistrierung (HKLM\...\Canon MG8200 series Benutzerregistrierung) (Version:  - )
Canon MG8200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8200_series) (Version:  - )
Canon MG8200 series On-screen Manual (HKLM\...\Canon MG8200 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM\...\MP Navigator EX 5.1) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
CHIPDRIVE Smartcard Commander (HKLM\...\CHIPDRIVE Smartcard Commander_CDInst21) (Version:  - SCM Microsystems)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.0 - Corel Corporation) Hidden
Duden Korrektor (HKLM\...\InstallShield_{91BF142C-E8C0-4279-A98D-A61A4404CF56}) (Version: 5.00.1507.00 - Duden)
Duden Korrektor (Version: 5.00.1507.00 - Duden) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen)
G DATA INTERNET SECURITY (HKLM\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.4 - G DATA Software AG)
GEAR 32bit Driver Installer (HKLM\...\{E89B484C-B913-49A0-959B-89E836001658}) (Version: 2.005.1 - GEAR Software, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth (HKLM\...\{9509674F-3972-11DE-806D-005056806466}) (Version: 5.0.11733.9347 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Herrnhuter Losungen (HKLM\...\{2DEEC41F-02B0-4BC4-819A-2355E8B1C398}) (Version: 3.4.0 - Evang. Brüderunität Herrnhut)
ICQ6.5 (HKLM\...\{60DE4033-9503-48D1-A483-7846BD217CA9}) (Version: 6.5 - ICQ)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
JMB36X Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
LightScribe  1.4.136.1 (Version: 1.4.136.1 - hxxp://www.lightscribe.com) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XML Parser und SDK (HKLM\...\{35343FF7-939B-401A-87B3-FF90A5123D88}) (Version: 4.10.9404.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Premium (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301031}) (Version: 7.02.9753 - Nero AG)
Office-Bibliothek (HKLM\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.00.3 - Bibliographisches Institut & F.A. Brockhaus AG)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Online Bibel 12.07.02 (HKLM\...\OnlineBible) (Version:  - )
Online Bibel 12.07.02 (HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\OnlineBible) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paint.NET v3.30 (HKLM\...\{FF09A6A1-4DE5-467D-AA26-EF18C0EA4DAB}) (Version: 3.30.0 - dotPDN LLC)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Platform (Version: 1.24 - VIA Technologies, Inc.) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SCR3xx USB Smart Card Reader (HKLM\...\{7EABFCD9-9F26-4E2C-A762-73ABE2C54E95}) (Version: 8.18.0001 - SCM Microsystems)
simfy (HKLM\...\Simfy) (Version: 1.4.8 - simfy GmbH)
simfy (Version: 1.4.8 - simfy GmbH) Hidden
simplitec Power Suite (HKLM\...\simplitec POWER SUITE_is1) (Version: 2.3.2.873 - simplitec GmbH)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.6140 - Analog Devices)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
StarMoney (Version: 2.0 - StarFinanz) Hidden
StarMoney (Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney (Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10  (HKLM\...\{BEA4756B-BD9D-49AA-9260-C496B3D8F8E1}) (Version: 10 - Star Finanz GmbH)
StarMoney 6.0 S-Edition (HKLM\...\{60459C52-DCD5-408F-925E-4AD20D9DAFD8}) (Version: 6.0 - StarFinanz GmbH)
StarMoney 9.0  (HKLM\...\{172EC92E-003F-47B8-8E38-00A3FD455467}) (Version:  - )
StarMoney 9.0  (HKLM\...\{2262CF96-D326-4926-885E-AA3B7E4E7368}) (Version: 9.0 - Star Finanz GmbH)
TeamViewer 3 (HKLM\...\TeamViewer 3) (Version:  - TeamViewer GmbH)
TSP_CODEC (HKLM\...\{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}) (Version: 1.00.0000 - Bytescribe)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{0C5B0539-7EDE-4297-947E-48890971B557}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PRO_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PRO_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PRO_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PRO_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{1796A329-04C1-4C07-B28E-E4A807935C06}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{1A239250-B650-4B63-B4CF-7FCC4DC07DC6}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{2C9357FA-97F8-4213-B712-A4CCF03AE379}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\AlexaWebSearch.dll (Bitmanagement)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Windows\system32\config\systemprofile\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{42DF0D46-7D49-4AE5-8EF6-9CA6E41EFEC1}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{44EA0FF7-08B7-4B7F-A594-F7F94A2B60F7}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\GoogleSearch.dll (SpaceTime)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.1\psuser.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{5D052CD7-6CAE-463C-99FF-0159EABFE66E}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\SpaceTime3D.ocx (SpaceTime 3D, Inc)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{63E6BE14-A742-4EEA-8AF3-0EC39F10F850}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{645EEE5A-BD51-4C05-A6AF-6F2CF8950AAB}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{77C4C807-E257-43AD-BB3F-7CA88760BD29}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{8097D7E9-DB9E-4AEF-9B28-61D82A1DF784}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{9059C329-4661-49B2-9984-8753C45DB7B9}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{9919BE4D-9E6F-4732-9E4E-5F83ABB62FEB}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\websearch.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{998FA181-D5BB-4548-9CB6-7FC105A0A327}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\wavdest.ax ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{A2D4475B-C9AA-48E2-A029-1DB829DACF7B}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{A4F65992-5738-475B-9C16-CF102BCDE153}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{B153D707-447A-4538-913E-6146B3FDEE02}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{B3C985DA-45C2-417D-B11B-6E6484A725F1}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\RSSSearch.dll (SpaceTime3D inc)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{BF9A5794-8AF5-46FA-8865-EAF65CD654A8}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\Compass.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{CB27DAA3-E581-4777-A725-F32B47EDBDCF}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\Compass.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{CBD4FB70-F00B-4963-B249-4B056E6A981A}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Windows\system32\config\systemprofile\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{D6F407CF-E8AE-469D-9FC7-1DECAEDAAD9A}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\websearch.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{D93BF052-FC68-4DB6-A4F8-A4DC9BEEB1C0}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{F4F7B301-7C59-4851-BA97-C51F110B590F}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\earthps.dll ()

==================== Wiederherstellungspunkte =========================

29-09-2015 18:45:25 Windows Update
03-10-2015 22:16:11 Windows Update
06-10-2015 22:08:05 Windows Update
08-10-2015 19:32:53 Windows Update
12-10-2015 17:32:09 Removed Adobe Reader XI (11.0.11) - Deutsch.
12-10-2015 17:33:54 Removed Adobe Reader XI (11.0.11) - Deutsch.
12-10-2015 17:35:46 Removed Adobe Reader XI (11.0.11) - Deutsch.
13-10-2015 14:07:29 Windows Update
13-10-2015 17:15:19 Removed simfy
14-10-2015 13:12:23 Wiederherstellungsvorgang
14-10-2015 13:30:34 Removed simfy
14-10-2015 14:16:04 Windows Update
14-10-2015 18:52:43 Windows Update
15-10-2015 17:56:52 Windows Update
17-10-2015 14:04:53 Wiederherstellungsvorgang
17-10-2015 16:24:23 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2006-11-02 12:23 - 2015-10-13 17:14 - 00000763 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {00D58F06-E0E1-4A74-9DCC-17ED108F0BEB} - System32\Tasks\{47C57D00-1548-4256-9285-CBEED6687977} => pcalua.exe -a H:\setup.exe -d H:\ -c autorun
Task: {0588BB0D-C82E-4CC1-92A1-4224DA648CFB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0E9F0C20-BCE3-499C-A966-F734C28C163E} - System32\Tasks\{8FE32562-C235-4FAB-9A6D-03D63CA7D940} => pcalua.exe -a C:\Windows\System32\config\systemprofile\Downloads\browser7_setup(1).exe -d C:\Windows\System32\config\systemprofile\Downloads
Task: {1104AA23-EFC9-449A-80B1-8D2AC7522A6D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {14E7FE71-8001-4321-89D5-08F1290FB27F} - System32\Tasks\{CE475AAD-AFC9-42A3-9D97-A57126633DF0} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\aomwin200ea24.exe" -d "C:\Program Files\Mozilla Firefox"
Task: {1F743136-E9A5-4E4F-93EA-600712E0DC7B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {220210B8-C66A-44C3-9E69-2CC5ADC162CF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597727890-3998022267-917300989-1000Core => C:\Users\Günter Meier\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {2A893B50-DD57-4382-AA0F-6BF75F24EE12} - System32\Tasks\simplitec Power Suite (Tray) => C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe [2015-09-04] (simplitec GmbH)
Task: {2D80F328-4163-4F70-8A20-E3DA5EE5DC86} - System32\Tasks\{6B8F0279-9C50-4EDB-BFC5-881052B5558C} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {38E40A51-8080-4086-82A7-ADE3C56521D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {3FD8EA5F-ED3E-4A8E-A9E8-17FED68D3BCF} - System32\Tasks\{D6456F15-B695-4531-A08C-703557131E8B} => pcalua.exe -a D:\smoney_m_18_0_01234567_0000011022_j_.exe -d D:\
Task: {4BA14185-3A0A-425D-B5F8-F67D75F2F8F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {4C2F9702-1EE5-473A-A1D7-6E20635A84B8} - System32\Tasks\{515B8E38-020F-42EF-BBA0-FF5772AA7ACE} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {4E109E6D-3616-4CCD-BE29-95646479A919} - System32\Tasks\{151811DA-8574-4F07-B4E3-BC0CC70C5210} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {5DCBDA99-E748-4AB4-BEE6-ACD450989D75} - System32\Tasks\{D5DC5CA7-AF3F-444F-8CAE-BF2020269A3A} => pcalua.exe -a "C:\Program Files\Bible\OlbDel.Exe" -c "Online Bibel" "Online Bibel" "C:\Users\Günter Meier\Documents\Bible\" "C:\Users\Public\Documents\Online Bible\"
Task: {5E2CC2C0-064B-4059-B917-4D504F3AACD0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {63AE1EE3-64C8-48DE-9C54-45711309E921} - System32\Tasks\{9C90A1E7-FADF-400F-B72A-CBE75816D972} => pcalua.exe -a "C:\bibel digital\mfbo2a32.exe" -d C:\Windows\system32\config\systemprofile\Desktop
Task: {71890D32-2507-4406-A13F-F2BDF9323AE4} - System32\Tasks\simplitec Power Suite => C:\Program Files\simplitec\simplitec Power Suite\PowerSuite.exe [2015-09-04] (simplitec GmbH)
Task: {75D3157F-439F-4E84-924A-FA650AB4F69A} - System32\Tasks\{A7B6B988-1FC5-42A4-BD45-CD7EE5F1C1DA} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {848A33C2-A5F0-497A-B08C-EAC01706C1E8} - System32\Tasks\{A2D23527-3082-44BC-8390-0526D67B3D46} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe" -c -runfromtemp -l0x0007 -removeonly
Task: {8B815B25-1B02-4957-A89E-2A3E1321533E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8E3BF495-571E-40DD-B913-C302BD618019} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {911023DE-5FF7-409F-A38A-476275210A5B} - System32\Tasks\{F5595CA3-EF8C-4FF9-9CC8-3F5BFDE3A806} => pcalua.exe -a I:\InstallTomTomHOME.exe -d I:\
Task: {96EDA8E3-5C17-4AF4-9537-3FF2530B08E6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A61C90FA-B985-462E-A804-70558A90C134} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Günter Meier => C:\Program Files\Windows Calendar\WinCal.exe
Task: {A64AE6AE-1A92-403B-8196-EE4C17077740} - System32\Tasks\{88B1E977-17F5-4EAF-BA92-03B89D785644} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {C34D7B5A-DBEE-4220-AA8F-57CD980FDDDD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597727890-3998022267-917300989-1000UA => C:\Users\Günter Meier\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {CB0E91C7-DAEF-4541-8AF5-29BAFA96EBFD} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-09-18] (Microsoft Corporation)
Task: {D2AE73FE-E2C5-431A-918B-F03363307423} - System32\Tasks\{A37709E2-5C8D-4187-ACBD-0664905177B7} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\teledatX120\Konfig\V3_02_02\_ISDel.exe" -d "C:\Users\Günter Meier\Downloads\teledatX120\Konfig\V3_02_02"
Task: {D57B9C09-4511-4F89-93BE-71AF5F9DCACC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {DBCEE112-EA9A-4F16-9C36-EE9EF50D3571} - System32\Tasks\{6EA55286-8D0E-467A-9FB0-F5B315B5ABA8} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\wmp11-windowsxp-x86-DE-DE.exe" -d "C:\Users\Günter Meier\Downloads"
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {ED4CB7E8-51FB-4A5C-B797-622CD46DAF23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {FBB31E70-84F8-4478-8FCA-7B0A64BD4336} - System32\Tasks\{B09EF877-27B6-4235-882D-C184CF3EF917} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\GER_R_FUL_AV.exe" -d "C:\Users\Günter Meier\Downloads"

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597727890-3998022267-917300989-1000Core.job => C:\Users\Günter Meier\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597727890-3998022267-917300989-1000UA.job => C:\Users\Günter Meier\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\simplitec Power Suite (Tray).job => C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
Task: C:\Windows\Tasks\simplitec Power Suite.job => C:\Program Files\simplitec\simplitec Power Suite\PowerSuite.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2009-05-04 13:10 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-07-08 15:56 - 2015-09-04 14:11 - 00101120 _____ () C:\Program Files\simplitec\simplitec Power Suite\modules\common\asp_ipc32.dll
2015-07-08 15:56 - 2015-05-06 16:54 - 02228224 _____ () C:\Program Files\simplitec\simplitec Power Suite\MFL_rel_u_vc12.dll
2015-07-29 22:45 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files\StarMoney 10\ouservice\PATCHW32.dll
2014-08-09 12:36 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files\StarMoney 9.0\ouservice\PATCHW32.dll
2013-03-21 20:24 - 2013-03-21 20:24 - 00222368 _____ () C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
2015-07-24 10:49 - 2015-07-24 10:49 - 00773592 _____ () C:\Program Files\Amazon Browser Bar\search_protect.exe
2015-02-20 05:42 - 2015-02-20 05:42 - 00317560 ____N () C:\Program Files\Common Files\G DATA\AVKProxy\PktIcpt2.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Günter Meier\Documents\Fotovorlagen:com.dropbox.attributes

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\amazon.de -> amazon.de
IE trusted site: HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\amazon.de -> amazon.de


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: StarMoney 7.0 OnlineUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe

==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [UDP Query User{DB1B0F8C-F8B0-4EDB-8050-9903D99C271E}C:\program files\icq6.5\icq.exe] => (Allow) C:\program files\icq6.5\icq.exe
FirewallRules: [TCP Query User{D2ED50E5-ECBA-4948-A737-CD574422ED83}C:\program files\icq6.5\icq.exe] => (Allow) C:\program files\icq6.5\icq.exe
FirewallRules: [UDP Query User{BC1B4E24-7EBD-4EC5-8594-55F8ACBD8274}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{040CD7D5-ECE8-49EE-8A50-977C4F681C43}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D6F4D7DB-4845-47F1-8E55-8DA46042BA13}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{C87F02C0-6E69-4D92-8920-9E65E63E4FAD}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{C7D6D316-A356-4310-AD6B-4981B9F8B777}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{DE344125-C3EF-4BAD-B2DA-A1599E5EB1BB}] => (Allow) svchost.exe
FirewallRules: [{A50D645D-011F-492D-BF38-EB7A6863AAFC}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [UDP Query User{B8EF7B60-2422-4342-975E-B6A2067C6871}C:\program files\icq6\icq.exe] => (Allow) C:\program files\icq6\icq.exe
FirewallRules: [TCP Query User{ADEC9F8E-8625-48A4-8A60-2D04234396AE}C:\program files\icq6\icq.exe] => (Allow) C:\program files\icq6\icq.exe
FirewallRules: [{4FDB4FE1-D932-4439-B87F-6A438835C552}] => (Allow) C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{1405F477-C137-4B8B-BACB-752782BF0BC4}] => (Allow) C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{6E52F4DD-1DB8-41B7-9EF9-C1720B1071EB}] => (Allow) C:\Program Files\StarMoney 7.0\app\StarMoney.exe
FirewallRules: [{F450EACA-F7F1-4C16-A862-CF5650E61586}] => (Allow) C:\Program Files\StarMoney 7.0\app\StarMoney.exe
FirewallRules: [{61D8180E-69E0-44D0-9825-CC55CF9E77C6}] => (Allow) C:\Users\Günter Meier\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4A8ADBAB-8CB2-412F-9430-A58A7062D98A}] => (Allow) C:\Users\Günter Meier\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7ED9393A-D714-4C67-9066-BF5760279FD2}] => (Allow) C:\Windows\Temp\IMInstaller\incredimail_installer.exe
FirewallRules: [{2B44D336-9058-41C8-A627-DC2FDDC1806E}] => (Allow) C:\Windows\Temp\IMInstaller\incredimail_installer.exe
FirewallRules: [{80368D74-E7DB-4F7D-9F02-FE106A76A00C}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{A79CA6CC-A682-419D-89DB-DAFEC93D724D}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{FA0986BF-4915-4DED-8AA2-F7586A6F7D5F}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{B17CA17F-6034-4B49-8DB8-0FEADF7E93F0}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{AF7D77F4-EE2A-42EB-8D13-DE4BAA176B5C}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{8839229D-A821-4495-B79D-C6C553E3B29B}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{AD490351-CD10-40EA-BEDE-0B79B2C331DC}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{1D8D05B8-D46B-4950-A9EA-85D92F3AC71E}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{426AFD31-A30C-4BF1-9A5A-F7DBC1566220}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5CC9264A-17A9-4A6D-9838-E6D64973F460}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{FA888CC4-0283-403E-AE44-9D88A46A0B0F}] => (Allow) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{BCB71965-94DE-47A3-A9D1-C5C6D2D725D6}] => (Allow) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{1861CF61-4EE2-419C-A3AC-45A526472F52}] => (Allow) C:\Program Files\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{9B399FA5-CE50-4C73-9E33-32D5720D2CC2}] => (Allow) C:\Program Files\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{44117AEF-EC60-4924-8622-141C42DBFD8C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1B8582D3-9153-4A84-81D8-2E2FA904916A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6DC934A1-CABE-47C3-BBDB-E667D26D3764}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7C5467E3-0AB4-4B05-BFC8-814A14D88C16}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2E237F61-D6B4-483C-8DC3-5C4AAAC08574}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{113776B5-2BE7-429B-81AD-DFA7850A78F3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{45F2DD33-BBFF-4866-B9F7-8717AF298B0C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7936D596-1165-4FC0-9D83-E8E564CCA25E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FFE1557E-0267-4A9F-A333-F610BFFFF2BF}] => (Allow) C:\Program Files\Deutsche Telekom AG\Browser 7\Browser7.exe
FirewallRules: [{B72C2DE3-F7AA-4039-AEA3-8BB23726543C}] => (Allow) C:\Program Files\Deutsche Telekom AG\Browser 7\Browser7.exe
FirewallRules: [{0499696A-7CFA-4E00-828B-6676988C9DDB}] => (Allow) C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{CA378E91-2269-4F8E-BACA-3192532B1733}] => (Allow) C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{4E1E623C-3507-4E41-9191-EF317A05B33E}] => (Allow) C:\Program Files\StarMoney 10\app\StarMoney.exe
FirewallRules: [{1C0E5D20-0F39-4ED0-9D73-DF44A2AFC3A5}] => (Allow) C:\Program Files\StarMoney 10\app\StarMoney.exe
FirewallRules: [{D998154B-4F5B-4463-BCAC-F41B4C4A1B74}] => (Allow) C:\Program Files\simplitec\simplifast\PowerSuite.exe
FirewallRules: [{5F41C9C5-062A-4596-97B6-DFBBC6F0DC27}] => (Allow) C:\Program Files\simplitec\simplifast\PowerSuite.exe
FirewallRules: [{7D72ECE0-A4AC-4AFD-ADFA-3227298E9BC1}] => (Allow) C:\Program Files\simplitec\simplifast\ServiceProvider.exe
FirewallRules: [{603A4EB2-8FEA-47A0-BEBD-5A84320106B6}] => (Allow) C:\Program Files\simplitec\simplifast\ServiceProvider.exe
FirewallRules: [{BD375068-A645-4810-A32E-ABD60014A60E}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\PowerSuite.exe
FirewallRules: [{9FEE394B-0061-4D96-A2E2-76639C645CA1}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\PowerSuite.exe
FirewallRules: [{5DE97CF7-47B0-481A-97A9-687C8F0A499E}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{1414BB0A-2983-49C1-9CA9-D75704B9C143}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{7370E5AC-5D97-4D83-B08C-5670587B2597}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{88FA3FBE-7657-42DB-82D2-DED836237376}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{782E3989-2D24-41B6-BB25-C48C3B5A2CC2}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{61AEEFA5-E66E-410B-8EB3-C8D9EC32B8B4}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{9FD6D478-AA5F-4ACD-80D1-AEA25B738887}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{72A6D150-1990-4F46-A338-7AA7CC7D3EDC}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{E8ABAB9E-FE3C-41CF-9CEA-4ADBF486523C}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/18/2015 06:49:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Browser7.exe, Version: 39.0.3.5700, Zeitstempel: 0x55c88cd2
Name des fehlerhaften Moduls: xul.dll, Version: 39.0.3.5700, Zeitstempel: 0x55c88e9c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00b1ba22
ID des fehlerhaften Prozesses: 0xecc
Startzeit der fehlerhaften Anwendung: 0xBrowser7.exe0
Pfad der fehlerhaften Anwendung: Browser7.exe1
Pfad des fehlerhaften Moduls: Browser7.exe2
Berichtskennung: Browser7.exe3

Error: (10/17/2015 05:32:25 PM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Can not connect to Process Manager (0)

Error: (10/17/2015 03:47:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: GÜNTER-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6500}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/17/2015 02:00:47 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR missing /Name: option

Error: (10/17/2015 02:00:47 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR CFG File; none found

Error: (10/17/2015 02:00:47 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR Multistring not found: RegDefragNT.exe

Error: (10/17/2015 02:00:22 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR missing /Name: option

Error: (10/17/2015 02:00:22 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR CFG File; none found

Error: (10/17/2015 02:00:22 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR Multistring not found: RegDefragNT.exe

Error: (10/17/2015 02:00:07 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR missing /Name: option


Systemfehler:
=============
Error: (10/20/2015 04:07:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "G Data Personal Firewall" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/20/2015 04:07:59 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053GDFwSvc-Service{1DED95CA-C567-464A-B405-087EDDF0B095}

Error: (10/20/2015 04:07:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst G Data Personal Firewall erreicht.

Error: (10/18/2015 05:54:30 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.SCM Microsystems Inc. SCR33x USB Smart Card Reader 00x31200012 00 0a 20

Error: (10/18/2015 05:54:30 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.SCM Microsystems Inc. SCR33x USB Smart Card Reader 00x31200012 00 0a 20

Error: (10/18/2015 05:51:56 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.SCM Microsystems Inc. SCR33x USB Smart Card Reader 00x31200012 00 0a 20

Error: (10/18/2015 05:51:56 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.SCM Microsystems Inc. SCR33x USB Smart Card Reader 00x31200012 00 0a 20

Error: (10/18/2015 05:44:58 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.SCM Microsystems Inc. SCR33x USB Smart Card Reader 00x31200012 00 0a 20

Error: (10/18/2015 05:44:58 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.SCM Microsystems Inc. SCR33x USB Smart Card Reader 00x31200012 00 0a 20

Error: (10/18/2015 05:15:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎18.‎10.‎2015 um 17:10:00 unerwartet heruntergefahren.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz
Prozentuale Nutzung des RAM: 43%
Installierter physikalischer RAM: 2046.49 MB
Verfügbarer physikalischer RAM: 1158.08 MB
Summe virtueller Speicher: 4092.98 MB
Verfügbarer virtueller Speicher: 2703.4 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:218.35 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive e: (KINGSTON) (Removable) (Total:58.58 GB) (Free:58.44 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E7AFE7AF)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 58.6 GB) (Disk ID: C9D93779)
Partition 1: (Active) - (Size=58.6 GB) - (Type=0C)

==================== Ende vom Addition.txt ============================
         

Alt 20.10.2015, 17:17   #2
tb87
 
Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar - Standard

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar



gmer.txt:

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-10-20 16:55:44
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000062 320820AS_____________________________ rev.AD___ 298,09GB
Running: gmer.exe; Driver: C:\Windows\TEMP\ufdiapow.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwReplaceKey + 1525                                                                                                                                                                             82480B55 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                                       824BABB2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe[2180] kernel32.dll!SetUnhandledExceptionFilter                                                                                          76A7F5FB 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                                     fltmgr.sys

---- Threads - GMER 2.1 ----

Thread          System [4:4884]                                                                                                                                                                                              AC150F2E

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\BTHPORT                                                                                                                                               
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\HidBth                                                                                                                                                
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings                                                                                                                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002                                                                                                                               
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@BackupContext                                                                                                                 0x02 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@COD Type                                                                                                                      1
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@Scans Before Out of Range                                                                                                     8
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SCO Max Channels                                                                                                              2
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@Store Link Key COD Masks                                                                                                      0x00 0x00 0x1F 0x43 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SymbolicLinkName                                                                                                              \??\USB#VID_0A12&PID_0001#5&19888c23&0&1#{0850302a-b344-4fda-9be9-90576b8d46f0}
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SymbolicName                                                                                                                  \??\USB#VID_0A12&PID_0001#5&19888c23&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003                                                                                                                               
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@BackupContext                                                                                                                 0x02 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@COD Type                                                                                                                      1
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@Scans Before Out of Range                                                                                                     8
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@SCO Max Channels                                                                                                              2
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@Store Link Key COD Masks                                                                                                      0x00 0x00 0x1F 0x43 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@SymbolicLinkName                                                                                                              \??\USB#VID_0A12&PID_0001#5&19888c23&0&2#{0850302a-b344-4fda-9be9-90576b8d46f0}
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@SymbolicName                                                                                                                  \??\USB#VID_0A12&PID_0001#5&19888c23&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\BTHPORT (not active ControlSet)                                                                                                                           
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\HidBth (not active ControlSet)                                                                                                                            
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)                                                                                                                
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002 (not active ControlSet)                                                                                                           
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@BackupContext                                                                                                                     0x02 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@COD Type                                                                                                                          1
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@Scans Before Out of Range                                                                                                         8
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SCO Max Channels                                                                                                                  2
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@Store Link Key COD Masks                                                                                                          0x00 0x00 0x1F 0x43 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SymbolicLinkName                                                                                                                  \??\USB#VID_0A12&PID_0001#5&19888c23&0&1#{0850302a-b344-4fda-9be9-90576b8d46f0}
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SymbolicName                                                                                                                      \??\USB#VID_0A12&PID_0001#5&19888c23&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003 (not active ControlSet)                                                                                                           
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@BackupContext                                                                                                                     0x02 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@COD Type                                                                                                                          1
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@Scans Before Out of Range                                                                                                         8
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@SCO Max Channels                                                                                                                  2
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@Store Link Key COD Masks                                                                                                          0x00 0x00 0x1F 0x43 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@SymbolicLinkName                                                                                                                  \??\USB#VID_0A12&PID_0001#5&19888c23&0&2#{0850302a-b344-4fda-9be9-90576b8d46f0}
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@SymbolicName                                                                                                                      \??\USB#VID_0A12&PID_0001#5&19888c23&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll                                                                                  
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe                          0x49 0x7F 0xDD 0x0B ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe       0x91 0x14 0x82 0xF5 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe  0x4C 0xC7 0xB5 0x22 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe                       0x93 0x66 0x5C 0x5C ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Fighters\SLOW-PCfighter\UI.exe             0x42 0xCF 0xD1 0x2D ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\spool\drivers\w32x86\3\CNMXPVAV.EXE     0xAC 0xEE 0x56 0x42 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\ehome\ehshell.exe                                0xAC 0xB4 0x34 0x51 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\ehome\ehrec.exe                                  0x96 0x93 0x20 0x58 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe   0xB9 0xD7 0x34 0x4B ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll                                                                                       
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\CompatTel\wicainventory.exe                  0x37 0xC9 0x01 0x55 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rundll32.exe                                 0x81 0x81 0x22 0xD8 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe                                  0xB6 0xE9 0xFB 0x0F ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe       0xC8 0x6E 0xF0 0x23 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe           0x36 0xA6 0xDA 0xFD ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\GWX\GWXConfigManager.exe                     0x11 0x11 0x5D 0xAF ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\StarMoney 10\app\StarMoney.exe                  0x49 0x55 0x71 0xC4 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\aitstatic.exe                                0xD9 0x45 0xE1 0xAE ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                                                                                                                           
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@EE6EFC6B                                                                                                                  5529
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PowerTracker\Data\2015-10-20@AC_MonitorOn_Duration                                                                                                         0x47 0x04 0x00 0x00 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PowerTracker\Data\2015-10-20@AC_MonitorOff_Duration                                                                                                        0x01 0x00 0x00 0x00 ...

---- EOF - GMER 2.1 ----
         

Während des GMER Laufs gab es mehrmals diese Fehlermeldung:


Nur "Abbrechen" hat funktioniert, musste ich jeweils ein paarmal Klicken, dann hat er weitergemacht.



Vielen Dank im Voraus für die Unterstützung,
Tom
__________________


Geändert von tb87 (20.10.2015 um 17:19 Uhr) Grund: rm recursive code

Alt 20.10.2015, 18:03   #3
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar - Standard

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
__________________

Alt 20.10.2015, 20:18   #4
tb87
 
Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar - Standard

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar



Hallo Schrauber,

Danke fürs Zeit nehmen!

Malwarebytes Anti-Rootkit meint: "Congratulations, no cleanup is required! Scan finished, No malware found!"

mbar.log:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2015.10.20.05
  rootkit: v2015.10.16.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.18059
Günter Meier :: GÜNTER-PC [administrator]

20.10.2015 19:19:54
mbar-log-2015-10-20 (19-19-54).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 370268
Time elapsed: 44 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Und TDSSKiller.log:

Code:
ATTFilter
20:08:51.0162 0x17c0  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
20:08:56.0045 0x17c0  ============================================================
20:08:56.0045 0x17c0  Current date / time: 2015/10/20 20:08:56.0045
20:08:56.0045 0x17c0  SystemInfo:
20:08:56.0045 0x17c0  
20:08:56.0045 0x17c0  OS Version: 6.1.7601 ServicePack: 1.0
20:08:56.0045 0x17c0  Product type: Workstation
20:08:56.0045 0x17c0  ComputerName: GÜNTER-PC
20:08:56.0045 0x17c0  UserName: Günter Riewesel
20:08:56.0045 0x17c0  Windows directory: C:\Windows
20:08:56.0045 0x17c0  System windows directory: C:\Windows
20:08:56.0045 0x17c0  Processor architecture: Intel x86
20:08:56.0045 0x17c0  Number of processors: 2
20:08:56.0045 0x17c0  Page size: 0x1000
20:08:56.0045 0x17c0  Boot type: Normal boot
20:08:56.0045 0x17c0  ============================================================
20:08:56.0248 0x17c0  KLMD registered as C:\Windows\system32\drivers\38436213.sys
20:08:56.0653 0x17c0  System UUID: {D512EFEF-81EA-3B1B-B267-B0F8D94770F2}
20:08:57.0231 0x17c0  !crdlk
20:08:57.0246 0x17c0  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:08:57.0371 0x17c0  Drive \Device\Harddisk5\DR5 - Size: 0xEA7140000 ( 58.61 Gb ), SectorSize: 0x200, Cylinders: 0x1DE3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:08:57.0371 0x17c0  ============================================================
20:08:57.0371 0x17c0  \Device\Harddisk0\DR0:
20:08:57.0387 0x17c0  MBR partitions:
20:08:57.0387 0x17c0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
20:08:57.0387 0x17c0  \Device\Harddisk5\DR5:
20:08:57.0387 0x17c0  MBR partitions:
20:08:57.0387 0x17c0  \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x7536A80
20:08:57.0387 0x17c0  ============================================================
20:08:57.0433 0x17c0  C: <-> \Device\Harddisk0\DR0\Partition1
20:08:57.0433 0x17c0  ============================================================
20:08:57.0433 0x17c0  Initialize success
20:08:57.0433 0x17c0  ============================================================
20:09:45.0606 0x1260  ============================================================
20:09:45.0606 0x1260  Scan started
20:09:45.0606 0x1260  Mode: Manual; SigCheck; TDLFS; 
20:09:45.0606 0x1260  ============================================================
20:09:45.0606 0x1260  KSN ping started
20:09:45.0825 0x1260  KSN ping finished: false
20:09:46.0511 0x1260  ================ Scan system memory ========================
20:09:46.0511 0x1260  System memory - ok
20:09:46.0511 0x1260  ================ Scan services =============================
20:09:46.0714 0x1260  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:09:46.0995 0x1260  1394ohci - ok
20:09:47.0073 0x1260  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:09:47.0119 0x1260  ACPI - ok
20:09:47.0151 0x1260  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:09:47.0213 0x1260  AcpiPmi - ok
20:09:47.0260 0x1260  [ 18214C7B97AE093A6631A2FBA4129F68, 60081E3BB2AEFBE08D1DC3035B7BAD3EF60EAF66256E5ABEAE07EAD9DEF78B8F ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
20:09:47.0322 0x1260  ADIHdAudAddService - ok
20:09:47.0478 0x1260  [ F6CEFEF46986DE02A3AE5D93AE32B5DC, 903EC5A7B40F4F6B2F3378EFFE8DF28667B88061CDF681C44F2E4FE39B62959E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:09:47.0509 0x1260  AdobeARMservice - ok
20:09:47.0619 0x1260  [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:09:47.0650 0x1260  AdobeFlashPlayerUpdateSvc - ok
20:09:47.0712 0x1260  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:09:47.0775 0x1260  adp94xx - ok
20:09:47.0821 0x1260  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:09:47.0853 0x1260  adpahci - ok
20:09:47.0899 0x1260  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:09:47.0931 0x1260  adpu320 - ok
20:09:47.0993 0x1260  [ 12E6A172D72AFC626727B8635DD17E39, 33B3D109C39DF6EA86AFC3C89A93657906E981D3D22FF854401BC7326990CC08 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:09:48.0040 0x1260  AeLookupSvc - ok
20:09:48.0102 0x1260  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
20:09:48.0180 0x1260  AFD - ok
20:09:48.0243 0x1260  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
20:09:48.0274 0x1260  agp440 - ok
20:09:48.0321 0x1260  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
20:09:48.0352 0x1260  aic78xx - ok
20:09:48.0414 0x1260  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
20:09:48.0461 0x1260  ALG - ok
20:09:48.0508 0x1260  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:09:48.0539 0x1260  aliide - ok
20:09:48.0555 0x1260  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:09:48.0586 0x1260  amdagp - ok
20:09:48.0601 0x1260  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:09:48.0633 0x1260  amdide - ok
20:09:48.0695 0x1260  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:09:48.0742 0x1260  AmdK8 - ok
20:09:48.0757 0x1260  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:09:48.0804 0x1260  AmdPPM - ok
20:09:48.0835 0x1260  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:09:48.0867 0x1260  amdsata - ok
20:09:48.0913 0x1260  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:09:48.0960 0x1260  amdsbs - ok
20:09:48.0991 0x1260  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:09:49.0007 0x1260  amdxata - ok
20:09:49.0069 0x1260  [ FE4F2ADE5DBB3B888E9EB0A1FBA1F152, B17053A912C73835A2E80176D79885B530E15240B988125114B6B877C903D61C ] AppID           C:\Windows\system32\drivers\appid.sys
20:09:49.0116 0x1260  AppID - ok
20:09:49.0147 0x1260  [ A4DA304773AC1396792C5DE1D1EB601A, ECD23FF67FB1C4B94DBE23F6724E2DA0917CE0E479DE9C9F790A8635A2234950 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:09:49.0194 0x1260  AppIDSvc - ok
20:09:49.0241 0x1260  [ 133A7896E643D139443B47FDBFA327C7, 371FC602B531DF1EFDCEEC3A2F5497A0D0BE7F558B0583F572862C69A65BD454 ] Appinfo         C:\Windows\System32\appinfo.dll
20:09:49.0303 0x1260  Appinfo - ok
20:09:49.0350 0x1260  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:09:49.0381 0x1260  arc - ok
20:09:49.0397 0x1260  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:09:49.0428 0x1260  arcsas - ok
20:09:49.0553 0x1260  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:09:49.0584 0x1260  aspnet_state - ok
20:09:49.0647 0x1260  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:09:49.0725 0x1260  AsyncMac - ok
20:09:49.0787 0x1260  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:09:49.0834 0x1260  atapi - ok
20:09:49.0896 0x1260  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:09:49.0990 0x1260  AudioEndpointBuilder - ok
20:09:50.0037 0x1260  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:09:50.0083 0x1260  Audiosrv - ok
20:09:50.0333 0x1260  [ 6CC48A2B2A2A52FACC19259E5B304590, 3010BFD6310EDCEA34BDBFE57E92FE67A3358496F6F694B2A34E393531955621 ] AVKProxy        C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
20:09:50.0489 0x1260  AVKProxy - ok
20:09:50.0661 0x1260  [ BCC79D1E0605ABE4B58A9DEE696982A5, 7619EDBB1ABEE4A1B3476D42BCD718876C5BE7F7A4B972414D45F2540F17C665 ] AVKService      C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
20:09:50.0723 0x1260  AVKService - ok
20:09:50.0926 0x1260  [ 356CDC46C154922B2D8B9575E368FE72, C936E6D7A062C979D4F72E2D5BC1BC67EFD137E689A4BD79E6FBB2AE44EB20D4 ] AVKWCtl         C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
20:09:51.0113 0x1260  AVKWCtl - ok
20:09:51.0191 0x1260  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:09:51.0238 0x1260  AxInstSV - ok
20:09:51.0300 0x1260  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
20:09:51.0378 0x1260  b06bdrv - ok
20:09:51.0425 0x1260  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
20:09:51.0472 0x1260  b57nd60x - ok
20:09:51.0534 0x1260  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
20:09:51.0581 0x1260  BDESVC - ok
20:09:51.0612 0x1260  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:09:51.0706 0x1260  Beep - ok
20:09:51.0768 0x1260  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
20:09:51.0846 0x1260  BFE - ok
20:09:51.0909 0x1260  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
20:09:52.0033 0x1260  BITS - ok
20:09:52.0065 0x1260  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:09:52.0096 0x1260  blbdrive - ok
20:09:52.0174 0x1260  [ 73686FE0B2E0469F89FD2075BE724704, 4BC5BBA7ACB5BDA77251B82B9CF16C6A9EBBCC29760860A0F37ABDDF9288143F ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:09:52.0205 0x1260  Bonjour Service - detected UnsignedFile.Multi.Generic ( 1 )
20:09:52.0345 0x1260  Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
20:09:52.0377 0x1260  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:09:52.0408 0x1260  bowser - ok
20:09:52.0423 0x1260  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:09:52.0470 0x1260  BrFiltLo - ok
20:09:52.0517 0x1260  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:09:52.0548 0x1260  BrFiltUp - ok
20:09:52.0595 0x1260  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
20:09:52.0657 0x1260  Browser - ok
20:09:52.0751 0x1260  [ 1074AF83E1EB80D4C6C813DB7FD63653, C264E4E542292E90BD0699D8C91AE5D93C17581100F4C7AFF1DC94CD330E89B8 ] Browser7Maintenance C:\Program Files\Browser 7 Maintenance Service\maintenanceservice.exe
20:09:52.0782 0x1260  Browser7Maintenance - ok
20:09:52.0829 0x1260  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:09:52.0891 0x1260  Brserid - ok
20:09:52.0938 0x1260  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:09:53.0001 0x1260  BrSerWdm - ok
20:09:53.0032 0x1260  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:09:53.0063 0x1260  BrUsbMdm - ok
20:09:53.0079 0x1260  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:09:53.0125 0x1260  BrUsbSer - ok
20:09:53.0157 0x1260  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:09:53.0203 0x1260  BTHMODEM - ok
20:09:53.0235 0x1260  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
20:09:53.0313 0x1260  bthserv - ok
20:09:53.0359 0x1260  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:09:53.0437 0x1260  cdfs - ok
20:09:53.0500 0x1260  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:09:53.0547 0x1260  cdrom - ok
20:09:53.0593 0x1260  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:09:53.0671 0x1260  CertPropSvc - ok
20:09:53.0703 0x1260  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:09:53.0749 0x1260  circlass - ok
20:09:53.0796 0x1260  [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS            C:\Windows\system32\CLFS.sys
20:09:53.0843 0x1260  CLFS - ok
20:09:53.0921 0x1260  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:09:53.0952 0x1260  clr_optimization_v2.0.50727_32 - ok
20:09:53.0999 0x1260  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:09:54.0046 0x1260  clr_optimization_v4.0.30319_32 - ok
20:09:54.0077 0x1260  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:09:54.0124 0x1260  CmBatt - ok
20:09:54.0155 0x1260  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:09:54.0186 0x1260  cmdide - ok
20:09:54.0249 0x1260  [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG             C:\Windows\system32\Drivers\cng.sys
20:09:54.0311 0x1260  CNG - ok
20:09:54.0342 0x1260  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:09:54.0373 0x1260  Compbatt - ok
20:09:54.0436 0x1260  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:09:54.0467 0x1260  CompositeBus - ok
20:09:54.0498 0x1260  COMSysApp - ok
20:09:54.0529 0x1260  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:09:54.0561 0x1260  crcdisk - ok
20:09:54.0607 0x1260  [ 33F67BBCC3C0499D3F3382473114CFA8, FDDCC41CE005B7C1BEBB6F4ACA9A3F10E5972792ADFD7D294E70A0B781460981 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:09:54.0670 0x1260  CryptSvc - ok
20:09:54.0732 0x1260  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:09:54.0810 0x1260  DcomLaunch - ok
20:09:54.0857 0x1260  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
20:09:54.0935 0x1260  defragsvc - ok
20:09:54.0982 0x1260  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:09:55.0060 0x1260  DfsC - ok
20:09:55.0122 0x1260  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:09:55.0200 0x1260  Dhcp - ok
20:09:55.0309 0x1260  [ 0A3386E3CF9C5D089D695AC5A35F4C6F, D610071493EB95FCE39E24C457A0B5BBA131193159E43FDC1E8EDABB9C7AB81A ] DiagTrack       C:\Windows\system32\diagtrack.dll
20:09:55.0419 0x1260  DiagTrack - ok
20:09:55.0450 0x1260  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
20:09:55.0512 0x1260  discache - ok
20:09:55.0559 0x1260  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:09:55.0590 0x1260  Disk - ok
20:09:55.0637 0x1260  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:09:55.0684 0x1260  Dnscache - ok
20:09:55.0731 0x1260  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:09:55.0809 0x1260  dot3svc - ok
20:09:55.0855 0x1260  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
20:09:55.0949 0x1260  DPS - ok
20:09:55.0996 0x1260  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:09:56.0027 0x1260  drmkaud - ok
20:09:56.0105 0x1260  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:09:56.0199 0x1260  DXGKrnl - ok
20:09:56.0230 0x1260  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
20:09:56.0308 0x1260  EapHost - ok
20:09:56.0495 0x1260  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
20:09:56.0745 0x1260  ebdrv - ok
20:09:56.0791 0x1260  [ 7D67B4D677A15B1A363D5BD8201B533D, B40C64C99632B988E3AAFB1FAAF2826EE0466B90F74C541C02E0668C9150F45B ] EFS             C:\Windows\System32\lsass.exe
20:09:56.0823 0x1260  EFS - ok
20:09:56.0901 0x1260  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:09:56.0963 0x1260  ehRecvr - ok
20:09:56.0994 0x1260  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
20:09:57.0057 0x1260  ehSched - ok
20:09:57.0103 0x1260  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:09:57.0166 0x1260  elxstor - ok
20:09:57.0197 0x1260  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:09:57.0244 0x1260  ErrDev - ok
20:09:57.0306 0x1260  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
20:09:57.0400 0x1260  EventSystem - ok
20:09:57.0415 0x1260  ewusbnet - ok
20:09:57.0447 0x1260  ew_hwusbdev - ok
20:09:57.0493 0x1260  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:09:57.0587 0x1260  exfat - ok
20:09:57.0618 0x1260  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:09:57.0681 0x1260  fastfat - ok
20:09:57.0759 0x1260  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
20:09:57.0821 0x1260  Fax - ok
20:09:57.0868 0x1260  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:09:57.0915 0x1260  fdc - ok
20:09:57.0946 0x1260  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
20:09:58.0008 0x1260  fdPHost - ok
20:09:58.0039 0x1260  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:09:58.0117 0x1260  FDResPub - ok
20:09:58.0133 0x1260  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:09:58.0164 0x1260  FileInfo - ok
20:09:58.0180 0x1260  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:09:58.0258 0x1260  Filetrace - ok
20:09:58.0336 0x1260  [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:09:58.0383 0x1260  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
20:09:58.0383 0x1260  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:09:58.0414 0x1260  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:09:58.0461 0x1260  flpydisk - ok
20:09:58.0507 0x1260  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:09:58.0539 0x1260  FltMgr - ok
20:09:58.0632 0x1260  [ 37DE123FE4276D8EC7F3C5B10C236238, 93CA47B9A96D904DD177FC0E04DECDF13756C8FA3C7613913DB4BF29A70ECE96 ] FontCache       C:\Windows\system32\FntCache.dll
20:09:58.0726 0x1260  FontCache - ok
20:09:58.0788 0x1260  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:09:58.0819 0x1260  FontCache3.0.0.0 - ok
20:09:58.0866 0x1260  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:09:58.0897 0x1260  FsDepends - ok
20:09:58.0913 0x1260  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:09:58.0944 0x1260  Fs_Rec - ok
20:09:59.0007 0x1260  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:09:59.0053 0x1260  fvevol - ok
20:09:59.0100 0x1260  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:09:59.0131 0x1260  gagp30kx - ok
20:09:59.0209 0x1260  [ ED45E9A16610562C5A727715B4346404, A25C31EE37398066140D7195DB2E0809989AE209E5E4D765F48B412388332984 ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
20:09:59.0241 0x1260  GDBehave - ok
20:09:59.0443 0x1260  [ 0D625E2F0EB33A98051D07C74DFA0340, B4C6747BC6603E7B3DAB0FB4EFDA2A71F51A3F9AA29F6AE5E3D7372C330B0348 ] GDFwSvc         C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
20:09:59.0599 0x1260  GDFwSvc - ok
20:09:59.0662 0x1260  [ 6322B54A21D32432FEAED1F8477D3399, 2A486063E1E8A248D25857E9614275A6792DC7B64AD4BA52BE9432CB6C364668 ] GDKBB           C:\Windows\system32\drivers\GDKBB32.sys
20:09:59.0693 0x1260  GDKBB - ok
20:09:59.0755 0x1260  [ 0A68BE0CAA1DA360A5FDD4B6AD24A5F6, 0F31F4E2928CC8BEC663E92DAD466A569DE30964F3F04A0E5A2CDDA6DBCFDF4D ] GDKBFlt         C:\Windows\system32\drivers\GDKBFlt32.sys
20:09:59.0787 0x1260  GDKBFlt - ok
20:09:59.0833 0x1260  [ 40BE38547E3F53E04F26DB375DB1227D, 6B91A805C9C39A64C7DC667AFC4F3D53749DADA756F508904A92A123F4029782 ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
20:09:59.0865 0x1260  GDMnIcpt - ok
20:09:59.0943 0x1260  [ A7757940B3380343B378B5A1E7FBEF16, 7185FA497CE3BC546B9888E95168C2CC4FB5FC9A28EA101EBC6336EF7889CF6B ] GdNetMon        C:\Windows\system32\drivers\GdNetMon32.sys
20:09:59.0974 0x1260  GdNetMon - ok
20:10:00.0021 0x1260  [ 446FBDA0218AB95442365DA74BBD5201, D137558A02A4910E913A166974E3FCBCA6F26F242B739771474CC022FCE45999 ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
20:10:00.0067 0x1260  GDPkIcpt - ok
20:10:00.0177 0x1260  [ 2FC204FF990827303D9184B390F5C15E, A194ACE75ADD2E105C1C5555621A2E4292617C37BA17070F88D4CA56B24D9291 ] GDScan          C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
20:10:00.0239 0x1260  GDScan - ok
20:10:00.0301 0x1260  [ A0775BDDD8B45D200C8B9B06DC0E304A, 11DFF8E9EC74C57C74AC81800611EE019E90104BF7F58599C8A1BF91E127B577 ] gdwfpcd         C:\Windows\system32\drivers\gdwfpcd32.sys
20:10:00.0333 0x1260  gdwfpcd - ok
20:10:00.0364 0x1260  [ 5DC17164F66380CBFEFD895C18467773, E1174E0F95E9F343528162EFF5D4BA60C68477353FC6BDA61C19134687F50906 ] GEARAspiWDM     C:\Windows\system32\drivers\GEARAspiWDM.sys
20:10:00.0395 0x1260  GEARAspiWDM - ok
20:10:00.0457 0x1260  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:10:00.0551 0x1260  gpsvc - ok
20:10:00.0613 0x1260  [ DE640BC12C11DE49CE3392161AD4E64D, CD291205D8997DABD7154A5170B1D1A15E2B243270AD018F01864090DFFFBE24 ] GRD             C:\Windows\system32\drivers\GRD.sys
20:10:00.0645 0x1260  GRD - ok
20:10:00.0769 0x1260  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:10:00.0801 0x1260  gupdate - ok
20:10:00.0847 0x1260  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:10:00.0879 0x1260  gupdatem - ok
20:10:00.0910 0x1260  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:10:00.0972 0x1260  hcw85cir - ok
20:10:01.0019 0x1260  [ B40C06B5438716366F2CA6239A741F39, 2608DF7350D756346FA54C5938DD6A2FFC67065F7C6DB1E070F2FD7016D07A25 ] HCW88AUD        C:\Windows\system32\drivers\hcw88aud.sys
20:10:01.0050 0x1260  HCW88AUD - ok
20:10:01.0113 0x1260  [ 6C85512C2B958B2D0E82814915390050, 1FB1723835C5B048FC971D46C4EE8DE3E06D05D34081AE594A3921609BB422FE ] HCW88BDA        C:\Windows\system32\drivers\hcw88bda.sys
20:10:01.0175 0x1260  HCW88BDA - ok
20:10:01.0222 0x1260  [ D1B38599F3678F536EB61406F4F0DA6D, A6E5DF2774E4F2F1B0491B0CBF16189C3652D707BD1B0BE3A6B0B9CF83EA655E ] HCW88TSE        C:\Windows\system32\drivers\hcw88tse.sys
20:10:01.0284 0x1260  HCW88TSE - ok
20:10:01.0331 0x1260  [ 36BAA5ACE16BB31E2B0BFAF551AC9786, 40C3063316D29AC64BE63C066A1AF410958063E649866525CB675393FA4BEC05 ] HCW88TUNE       C:\Windows\system32\drivers\hcw88tun.sys
20:10:01.0362 0x1260  HCW88TUNE - ok
20:10:01.0409 0x1260  [ 2688CD88B87E0F5996ED4330E42D344A, 1B84C11EF3895BF81EC4CADA6038A55760B7D063119541B5B35D4649ABF5ACE9 ] hcw88vid        C:\Windows\system32\drivers\hcw88vid.sys
20:10:01.0487 0x1260  hcw88vid - ok
20:10:01.0518 0x1260  [ 462F10C8B88CDDEB2FDAA47FA34793BB, 4A0DBF7CE5211C5C483AA94F07699E7DC5AC48E2E8CC52EFFDC0003982F475F8 ] HCW88XBAR       C:\Windows\system32\drivers\HCW88BAR.sys
20:10:01.0565 0x1260  HCW88XBAR - ok
20:10:01.0627 0x1260  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:10:01.0674 0x1260  HdAudAddService - ok
20:10:01.0721 0x1260  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:10:01.0783 0x1260  HDAudBus - ok
20:10:01.0815 0x1260  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:10:01.0861 0x1260  HidBatt - ok
20:10:01.0893 0x1260  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:10:01.0955 0x1260  HidBth - ok
20:10:01.0986 0x1260  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:10:02.0049 0x1260  HidIr - ok
20:10:02.0080 0x1260  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
20:10:02.0127 0x1260  hidserv - ok
20:10:02.0189 0x1260  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:10:02.0220 0x1260  HidUsb - ok
20:10:02.0251 0x1260  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:10:02.0329 0x1260  hkmsvc - ok
20:10:02.0376 0x1260  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:10:02.0423 0x1260  HomeGroupListener - ok
20:10:02.0454 0x1260  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:10:02.0501 0x1260  HomeGroupProvider - ok
20:10:02.0548 0x1260  [ 965DF80FA281AEEB3487F75372F07468, 592752CA4C7B892F4448F821CCEE4EBDAC4C180A8A5417C14536138C1F65EBF4 ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
20:10:02.0579 0x1260  HookCentre - ok
20:10:02.0641 0x1260  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:10:02.0673 0x1260  HpSAMD - ok
20:10:02.0719 0x1260  [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:10:02.0766 0x1260  HTTP - ok
20:10:02.0813 0x1260  hwdatacard - ok
20:10:02.0844 0x1260  [ 448BB2FE30F1DDE9EAA4F0E87B52B687, 4CE66D5C6440C402FAD1C8E60F41352AFF01BBA680E66C4822CCCE8244A0E32B ] hwinterface     C:\Windows\system32\Drivers\hwinterface.sys
20:10:02.0875 0x1260  hwinterface - detected UnsignedFile.Multi.Generic ( 1 )
20:10:02.0875 0x1260  hwinterface ( UnsignedFile.Multi.Generic ) - warning
20:10:02.0922 0x1260  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:10:02.0938 0x1260  hwpolicy - ok
20:10:02.0985 0x1260  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:10:03.0031 0x1260  i8042prt - ok
20:10:03.0094 0x1260  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:10:03.0156 0x1260  iaStorV - ok
20:10:03.0203 0x1260  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:10:03.0234 0x1260  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
20:10:03.0234 0x1260  IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:10:03.0328 0x1260  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:10:03.0406 0x1260  idsvc - ok
20:10:03.0453 0x1260  IEEtwCollectorService - ok
20:10:03.0484 0x1260  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:10:03.0515 0x1260  iirsp - ok
20:10:03.0593 0x1260  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:10:03.0687 0x1260  IKEEXT - ok
20:10:03.0749 0x1260  [ D6782400E92C62ED2BF3AF8ED4753738, F393DED20A7F3E53BEBD832CD3158B539879B7E7E9DA3F94D64215072A5B050E ] InputFilter_Hid_FlexDef2b C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys
20:10:03.0765 0x1260  InputFilter_Hid_FlexDef2b - ok
20:10:03.0811 0x1260  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:10:03.0827 0x1260  intelide - ok
20:10:03.0889 0x1260  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:10:03.0936 0x1260  intelppm - ok
20:10:03.0967 0x1260  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:10:04.0045 0x1260  IPBusEnum - ok
20:10:04.0077 0x1260  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:10:04.0123 0x1260  IpFilterDriver - ok
20:10:04.0201 0x1260  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:10:04.0264 0x1260  iphlpsvc - ok
20:10:04.0295 0x1260  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:10:04.0342 0x1260  IPMIDRV - ok
20:10:04.0389 0x1260  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:10:04.0451 0x1260  IPNAT - ok
20:10:04.0498 0x1260  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:10:04.0545 0x1260  IRENUM - ok
20:10:04.0591 0x1260  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:10:04.0623 0x1260  isapnp - ok
20:10:04.0654 0x1260  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:10:04.0701 0x1260  iScsiPrt - ok
20:10:04.0747 0x1260  [ 92F8EFB088E617C17670E8C3F923180D, 50113A4666A648DA3872F7AEEC736AD1F6B7CD86FD07AB765FFC229CFD8B03EE ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
20:10:04.0794 0x1260  JRAID - ok
20:10:04.0841 0x1260  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:10:04.0872 0x1260  kbdclass - ok
20:10:04.0919 0x1260  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:10:04.0966 0x1260  kbdhid - ok
20:10:04.0981 0x1260  [ 7D67B4D677A15B1A363D5BD8201B533D, B40C64C99632B988E3AAFB1FAAF2826EE0466B90F74C541C02E0668C9150F45B ] KeyIso          C:\Windows\system32\lsass.exe
20:10:05.0028 0x1260  KeyIso - ok
20:10:05.0075 0x1260  [ 4476FE98AAF505ACDCD3EE6360AABEC1, 1573C5B9F1B12FEEE6D771AFF8969FB9D06878B1E0BECCD4AF13DA9F194FB256 ] KMWDFILTERx86   C:\Windows\system32\DRIVERS\KMWDFILTER.sys
20:10:05.0091 0x1260  KMWDFILTERx86 - ok
20:10:05.0137 0x1260  [ AFBAF1FD434B1C0AFE6EE6DE3066A0F1, 60CB5D4786A036898E813849D74204A2486F30C8D7B0C843F9544FDFBB2EC532 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:10:05.0169 0x1260  KSecDD - ok
20:10:05.0200 0x1260  [ F6A2B372BED88AF01383739F5280D961, 306061B94027D6544D1DECAB70663C427E091CC8D5EAAF920B3CDBAB7F2C1CFA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:10:05.0247 0x1260  KSecPkg - ok
20:10:05.0278 0x1260  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:10:05.0371 0x1260  KtmRm - ok
20:10:05.0434 0x1260  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:10:05.0512 0x1260  LanmanServer - ok
20:10:05.0559 0x1260  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:10:05.0621 0x1260  LanmanWorkstation - ok
20:10:05.0668 0x1260  [ 559C9B7800FAC92FC515CD0003D7C631, 1A2C2C3C8E1B862224267462EA3A3BE5A02FE3D0626B292A663CB1EBC8A1B2C5 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:10:05.0699 0x1260  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
20:10:05.0699 0x1260  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:10:05.0761 0x1260  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:10:05.0839 0x1260  lltdio - ok
20:10:05.0871 0x1260  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:10:05.0964 0x1260  lltdsvc - ok
20:10:05.0995 0x1260  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:10:06.0058 0x1260  lmhosts - ok
20:10:06.0105 0x1260  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:10:06.0136 0x1260  LSI_FC - ok
20:10:06.0167 0x1260  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:10:06.0198 0x1260  LSI_SAS - ok
20:10:06.0229 0x1260  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:10:06.0261 0x1260  LSI_SAS2 - ok
20:10:06.0292 0x1260  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:10:06.0323 0x1260  LSI_SCSI - ok
20:10:06.0354 0x1260  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:10:06.0432 0x1260  luafv - ok
20:10:06.0463 0x1260  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:10:06.0495 0x1260  Mcx2Svc - ok
20:10:06.0526 0x1260  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:10:06.0557 0x1260  megasas - ok
20:10:06.0604 0x1260  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:10:06.0651 0x1260  MegaSR - ok
20:10:06.0682 0x1260  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
20:10:06.0729 0x1260  MMCSS - ok
20:10:06.0760 0x1260  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
20:10:06.0822 0x1260  Modem - ok
20:10:06.0869 0x1260  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:10:06.0916 0x1260  monitor - ok
20:10:06.0978 0x1260  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:10:07.0009 0x1260  mouclass - ok
20:10:07.0072 0x1260  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:10:07.0103 0x1260  mouhid - ok
20:10:07.0134 0x1260  [ BAD9C0366134BA181514E9263C8CE606, 7976B2D3DC283ACDBC21C7D197C0E2A650E6555F6569283302766B17D736BDB8 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:10:07.0165 0x1260  mountmgr - ok
20:10:07.0181 0x1260  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:10:07.0228 0x1260  mpio - ok
20:10:07.0259 0x1260  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:10:07.0337 0x1260  mpsdrv - ok
20:10:07.0399 0x1260  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:10:07.0493 0x1260  MpsSvc - ok
20:10:07.0540 0x1260  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:10:07.0602 0x1260  MRxDAV - ok
20:10:07.0633 0x1260  [ 249FE98BD066894910A32DD53C8C5D16, 5B22F7DD6ADFB0A49EC101A408407CE3B69D07A71D2A9C21D2BAD7B6DCE83A45 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:10:07.0680 0x1260  mrxsmb - ok
20:10:07.0727 0x1260  [ F9DCC39B1F4797448213725BFE4A26AC, 80BC41BAD98D0773E084BE81F13DB985F74A9FC44967295F930C3F2B3448CD7B ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:10:07.0789 0x1260  mrxsmb10 - ok
20:10:07.0805 0x1260  [ B74DE20F28B634FFD5F5F2CAE9D4ABEE, EDD405EB48C9DF546226777F0166742784203E9560229D7E76F0BAB1FB237CC9 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:10:07.0852 0x1260  mrxsmb20 - ok
20:10:07.0899 0x1260  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:10:07.0914 0x1260  msahci - ok
20:10:07.0961 0x1260  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:10:07.0992 0x1260  msdsm - ok
20:10:08.0023 0x1260  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
20:10:08.0086 0x1260  MSDTC - ok
20:10:08.0148 0x1260  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:10:08.0195 0x1260  Msfs - ok
20:10:08.0226 0x1260  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:10:08.0289 0x1260  mshidkmdf - ok
20:10:08.0320 0x1260  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:10:08.0351 0x1260  msisadrv - ok
20:10:08.0398 0x1260  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:10:08.0476 0x1260  MSiSCSI - ok
20:10:08.0491 0x1260  msiserver - ok
20:10:08.0538 0x1260  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:10:08.0616 0x1260  MSKSSRV - ok
20:10:08.0647 0x1260  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:10:08.0710 0x1260  MSPCLOCK - ok
20:10:08.0741 0x1260  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:10:08.0819 0x1260  MSPQM - ok
20:10:08.0850 0x1260  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:10:08.0881 0x1260  MsRPC - ok
20:10:08.0928 0x1260  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:10:08.0959 0x1260  mssmbios - ok
20:10:09.0006 0x1260  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:10:09.0069 0x1260  MSTEE - ok
20:10:09.0084 0x1260  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:10:09.0131 0x1260  MTConfig - ok
20:10:09.0178 0x1260  [ DCDAAB8697A47894A554050CE18D0B56, 32F08D9B2890DD01B56043CAB74B4D948E09E5A92B15C4F99160416B1CBEC3A0 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
20:10:09.0225 0x1260  MTsensor - ok
20:10:09.0256 0x1260  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:10:09.0287 0x1260  Mup - ok
20:10:09.0334 0x1260  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
20:10:09.0427 0x1260  napagent - ok
20:10:09.0490 0x1260  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:10:09.0568 0x1260  NativeWifiP - ok
20:10:09.0661 0x1260  [ B498A14133BD09AD0817590ACE4470AD, 14CCC922C6596C97A5CF580209C4AFB6138A8FFD3A0E60CD506810DFCBC43A1A ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
20:10:09.0755 0x1260  NBService - ok
20:10:09.0849 0x1260  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:10:09.0911 0x1260  NDIS - ok
20:10:09.0958 0x1260  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:10:10.0020 0x1260  NdisCap - ok
20:10:10.0051 0x1260  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:10:10.0114 0x1260  NdisTapi - ok
20:10:10.0145 0x1260  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:10:10.0192 0x1260  Ndisuio - ok
20:10:10.0239 0x1260  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:10:10.0301 0x1260  NdisWan - ok
20:10:10.0348 0x1260  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:10:10.0410 0x1260  NDProxy - ok
20:10:10.0457 0x1260  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:10:10.0504 0x1260  NetBIOS - ok
20:10:10.0551 0x1260  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:10:10.0629 0x1260  NetBT - ok
20:10:10.0660 0x1260  [ 7D67B4D677A15B1A363D5BD8201B533D, B40C64C99632B988E3AAFB1FAAF2826EE0466B90F74C541C02E0668C9150F45B ] Netlogon        C:\Windows\system32\lsass.exe
20:10:10.0691 0x1260  Netlogon - ok
20:10:10.0753 0x1260  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
20:10:10.0847 0x1260  Netman - ok
20:10:10.0894 0x1260  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:10:10.0941 0x1260  NetMsmqActivator - ok
20:10:10.0987 0x1260  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:10:11.0019 0x1260  NetPipeActivator - ok
20:10:11.0081 0x1260  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
20:10:11.0175 0x1260  netprofm - ok
20:10:11.0206 0x1260  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:10:11.0237 0x1260  NetTcpActivator - ok
20:10:11.0268 0x1260  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:10:11.0299 0x1260  NetTcpPortSharing - ok
20:10:11.0362 0x1260  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:10:11.0377 0x1260  nfrd960 - ok
20:10:11.0440 0x1260  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:10:11.0487 0x1260  NlaSvc - ok
20:10:11.0580 0x1260  [ A328A46D87BB92CE4D8A4528E9D84787, D3245ED700151111592BA82FB675B284DA7FCE52B07A7F68352F64A402CAB37C ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
20:10:11.0627 0x1260  NMIndexingService - ok
20:10:11.0643 0x1260  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:10:11.0689 0x1260  Npfs - ok
20:10:11.0736 0x1260  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
20:10:11.0799 0x1260  nsi - ok
20:10:11.0814 0x1260  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:10:11.0861 0x1260  nsiproxy - ok
20:10:11.0970 0x1260  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:10:12.0079 0x1260  Ntfs - ok
20:10:12.0111 0x1260  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
20:10:12.0189 0x1260  Null - ok
20:10:12.0251 0x1260  [ 0E40EF12BC029FF8B13043F157452C47, 289849BD47F9A0FA65225F947A5448EC9BCFADE9BC94230886729E8950F5DAD1 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
20:10:12.0282 0x1260  NVHDA - ok
20:10:12.0781 0x1260  [ B69E6F70CE1151C8D62ABC9DEF64DFBE, B7BD731D1CCF4E71EF1CF4AFA9189C1831306483B4BF57B12B89113A5230871B ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:10:13.0234 0x1260  nvlddmkm - ok
20:10:13.0296 0x1260  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:10:13.0327 0x1260  nvraid - ok
20:10:13.0343 0x1260  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:10:13.0374 0x1260  nvstor - ok
20:10:13.0437 0x1260  [ E4284FCF99FEA13A7E1836F87AE356F6, 541C40DD3483810632320E8F23427BB52593D156E876C6023BE7F7A8589383E8 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:10:13.0483 0x1260  nvsvc - ok
20:10:13.0624 0x1260  [ 03E60E0BFA53ED15DC984FA34B44BB0F, 50ABF2E303B9A2B6DDD0DB411C24C3CD6CC30AFA664B5682CF9189F96548CC10 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:10:13.0717 0x1260  nvUpdatusService - ok
20:10:13.0764 0x1260  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:10:13.0811 0x1260  nv_agp - ok
20:10:13.0827 0x1260  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:10:13.0858 0x1260  ohci1394 - ok
20:10:13.0920 0x1260  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:10:13.0951 0x1260  ose - ok
20:10:14.0279 0x1260  [ EE5756BDA5BE5891270E0CC6CEC44096, EA18073EEE0F461B14C539D49A7DD91D33AB0C503236F67F70A000835FAAC890 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:10:14.0560 0x1260  osppsvc - ok
20:10:14.0653 0x1260  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:10:14.0731 0x1260  p2pimsvc - ok
20:10:14.0763 0x1260  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:10:14.0856 0x1260  p2psvc - ok
20:10:14.0903 0x1260  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:10:14.0950 0x1260  Parport - ok
20:10:14.0997 0x1260  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:10:15.0028 0x1260  partmgr - ok
20:10:15.0043 0x1260  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
20:10:15.0090 0x1260  Parvdm - ok
20:10:15.0137 0x1260  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:10:15.0168 0x1260  PcaSvc - ok
20:10:15.0215 0x1260  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
20:10:15.0246 0x1260  pci - ok
20:10:15.0277 0x1260  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:10:15.0309 0x1260  pciide - ok
20:10:15.0355 0x1260  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:10:15.0387 0x1260  pcmcia - ok
20:10:15.0418 0x1260  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:10:15.0433 0x1260  pcw - ok
20:10:15.0496 0x1260  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:10:15.0558 0x1260  PEAUTH - ok
20:10:15.0683 0x1260  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
20:10:15.0839 0x1260  pla - ok
20:10:15.0901 0x1260  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:10:15.0979 0x1260  PlugPlay - ok
20:10:16.0011 0x1260  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:10:16.0057 0x1260  PNRPAutoReg - ok
20:10:16.0089 0x1260  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:10:16.0135 0x1260  PNRPsvc - ok
20:10:16.0182 0x1260  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:10:16.0291 0x1260  PolicyAgent - ok
20:10:16.0323 0x1260  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
20:10:16.0416 0x1260  Power - ok
20:10:16.0463 0x1260  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:10:16.0525 0x1260  PptpMiniport - ok
20:10:16.0557 0x1260  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:10:16.0603 0x1260  Processor - ok
20:10:16.0650 0x1260  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:10:16.0713 0x1260  ProfSvc - ok
20:10:16.0744 0x1260  [ 7D67B4D677A15B1A363D5BD8201B533D, B40C64C99632B988E3AAFB1FAAF2826EE0466B90F74C541C02E0668C9150F45B ] ProtectedStorage C:\Windows\system32\lsass.exe
20:10:16.0775 0x1260  ProtectedStorage - ok
20:10:16.0822 0x1260  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:10:16.0915 0x1260  Psched - ok
20:10:16.0962 0x1260  [ A6A7AD767BF5141665F5C675F671B3E1, 11D43F732C3B82679E53516F83E675B60B0EFEDE3F4EE3C42AC752AD8D5155AF ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
20:10:16.0993 0x1260  PSI_SVC_2 - ok
20:10:17.0103 0x1260  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:10:17.0243 0x1260  ql2300 - ok
20:10:17.0259 0x1260  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:10:17.0290 0x1260  ql40xx - ok
20:10:17.0337 0x1260  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
20:10:17.0399 0x1260  QWAVE - ok
20:10:17.0446 0x1260  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:10:17.0477 0x1260  QWAVEdrv - ok
20:10:17.0508 0x1260  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:10:17.0571 0x1260  RasAcd - ok
20:10:17.0617 0x1260  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:10:17.0695 0x1260  RasAgileVpn - ok
20:10:17.0727 0x1260  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
20:10:17.0805 0x1260  RasAuto - ok
20:10:17.0836 0x1260  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:10:17.0914 0x1260  Rasl2tp - ok
20:10:17.0961 0x1260  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
20:10:18.0070 0x1260  RasMan - ok
20:10:18.0085 0x1260  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:10:18.0163 0x1260  RasPppoe - ok
20:10:18.0226 0x1260  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:10:18.0273 0x1260  RasSstp - ok
20:10:18.0319 0x1260  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:10:18.0382 0x1260  rdbss - ok
20:10:18.0413 0x1260  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:10:18.0475 0x1260  rdpbus - ok
20:10:18.0507 0x1260  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:10:18.0553 0x1260  RDPCDD - ok
20:10:18.0585 0x1260  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:10:18.0647 0x1260  RDPENCDD - ok
20:10:18.0694 0x1260  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:10:18.0741 0x1260  RDPREFMP - ok
20:10:18.0787 0x1260  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:10:18.0834 0x1260  RDPWD - ok
20:10:18.0897 0x1260  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:10:18.0928 0x1260  rdyboost - ok
20:10:19.0021 0x1260  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
20:10:19.0037 0x1260  RealNetworks Downloader Resolver Service - ok
20:10:19.0068 0x1260  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:10:19.0146 0x1260  RemoteAccess - ok
20:10:19.0193 0x1260  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:10:19.0271 0x1260  RemoteRegistry - ok
20:10:19.0318 0x1260  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:10:19.0380 0x1260  RpcEptMapper - ok
20:10:19.0396 0x1260  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
20:10:19.0443 0x1260  RpcLocator - ok
20:10:19.0505 0x1260  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
20:10:19.0567 0x1260  RpcSs - ok
20:10:19.0614 0x1260  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:10:19.0677 0x1260  rspndr - ok
20:10:19.0723 0x1260  [ B8B159FA669C6386A458FCD468EBB1E6, E73E28522F37F4528BE8BCAEF5BB564FB9F3ACF4B73C5FAFCAD58FC6125DA5D9 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
20:10:19.0770 0x1260  RTL8169 - ok
20:10:19.0786 0x1260  [ 7D67B4D677A15B1A363D5BD8201B533D, B40C64C99632B988E3AAFB1FAAF2826EE0466B90F74C541C02E0668C9150F45B ] SamSs           C:\Windows\system32\lsass.exe
20:10:19.0833 0x1260  SamSs - ok
20:10:19.0879 0x1260  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:10:19.0911 0x1260  sbp2port - ok
20:10:19.0942 0x1260  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:10:20.0020 0x1260  SCardSvr - ok
20:10:20.0051 0x1260  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:10:20.0113 0x1260  scfilter - ok
20:10:20.0176 0x1260  [ 9060B8D5BCD5F2B019249F85E3D811F3, 7FB32AB7FE118462988321B9230074DAA960B587417EB463187539C3215445AE ] Schedule        C:\Windows\system32\schedsvc.dll
20:10:20.0269 0x1260  Schedule - ok
20:10:20.0301 0x1260  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:10:20.0363 0x1260  SCPolicySvc - ok
20:10:20.0425 0x1260  [ B442A2470197B3FEB38BEDDAE9DE9268, 9F33A724DA53A1498BD789CACE44AB51709382AE0DC3A2FF1E52CE4ADEAF0744 ] SCR3XX2K        C:\Windows\system32\DRIVERS\SCR3XX2K.sys
20:10:20.0457 0x1260  SCR3XX2K - ok
20:10:20.0488 0x1260  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:10:20.0550 0x1260  SDRSVC - ok
20:10:20.0597 0x1260  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:10:20.0644 0x1260  secdrv - ok
20:10:20.0675 0x1260  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
20:10:20.0753 0x1260  seclogon - ok
20:10:20.0800 0x1260  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
20:10:20.0862 0x1260  SENS - ok
20:10:20.0893 0x1260  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:10:20.0940 0x1260  SensrSvc - ok
20:10:20.0971 0x1260  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:10:21.0034 0x1260  Serenum - ok
20:10:21.0081 0x1260  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:10:21.0112 0x1260  Serial - ok
20:10:21.0143 0x1260  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:10:21.0174 0x1260  sermouse - ok
20:10:21.0221 0x1260  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:10:21.0283 0x1260  SessionEnv - ok
20:10:21.0315 0x1260  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:10:21.0346 0x1260  sffdisk - ok
20:10:21.0361 0x1260  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:10:21.0424 0x1260  sffp_mmc - ok
20:10:21.0455 0x1260  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:10:21.0502 0x1260  sffp_sd - ok
20:10:21.0533 0x1260  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:10:21.0595 0x1260  sfloppy - ok
20:10:21.0642 0x1260  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:10:21.0751 0x1260  SharedAccess - ok
20:10:21.0798 0x1260  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:10:21.0892 0x1260  ShellHWDetection - ok
20:10:21.0923 0x1260  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:10:21.0954 0x1260  sisagp - ok
20:10:22.0001 0x1260  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:10:22.0032 0x1260  SiSRaid2 - ok
20:10:22.0063 0x1260  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:10:22.0095 0x1260  SiSRaid4 - ok
20:10:22.0141 0x1260  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:10:22.0219 0x1260  Smb - ok
20:10:22.0282 0x1260  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:10:22.0313 0x1260  SNMPTRAP - ok
20:10:22.0344 0x1260  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:10:22.0375 0x1260  spldr - ok
20:10:22.0422 0x1260  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
20:10:22.0516 0x1260  Spooler - ok
20:10:22.0719 0x1260  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
20:10:22.0953 0x1260  sppsvc - ok
20:10:22.0999 0x1260  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:10:23.0046 0x1260  sppuinotify - ok
20:10:23.0093 0x1260  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:10:23.0140 0x1260  srv - ok
20:10:23.0202 0x1260  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:10:23.0249 0x1260  srv2 - ok
20:10:23.0280 0x1260  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:10:23.0311 0x1260  srvnet - ok
20:10:23.0358 0x1260  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:10:23.0421 0x1260  SSDPSRV - ok
20:10:23.0452 0x1260  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:10:23.0530 0x1260  SstpSvc - ok
20:10:23.0686 0x1260  [ 0A21F4F24F41EE0F8B56C58A2DE1C03C, E10509296D217040C610397884D1552B73CF134EB7BABCADD85A065710D27AC8 ] StarMoney 10 OnlineUpdate C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
20:10:23.0733 0x1260  StarMoney 10 OnlineUpdate - ok
20:10:23.0873 0x1260  [ E8606BF6BE3B7481D95F1DD2E4F3FCBA, 522646B5266C3E18AF909CB49F411ABB10F5DCD02A2B923C1EA209529AFD1A94 ] StarMoney 7.0 OnlineUpdate C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
20:10:23.0935 0x1260  StarMoney 7.0 OnlineUpdate - ok
20:10:24.0076 0x1260  [ 3BF022F8064A83A23DF90971DD78CA83, 85754DF1C6DE745ADF9A0BAB1948AFF2CA16C4569128DA90AF610D199E621BF4 ] StarMoney 9.0 OnlineUpdate C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
20:10:24.0138 0x1260  StarMoney 9.0 OnlineUpdate - ok
20:10:24.0169 0x1260  [ 594898B175B8B7D2897A71227D4BBDA1, CEA06486BC26626A6551FDFD1A8F0B71DE3C482BE4FEE02076AAF4B21228D72E ] STC2DFU         C:\Windows\system32\DRIVERS\Stc2Dfu.SYS
20:10:24.0201 0x1260  STC2DFU - detected UnsignedFile.Multi.Generic ( 1 )
20:10:24.0201 0x1260  STC2DFU ( UnsignedFile.Multi.Generic ) - warning
20:10:24.0279 0x1260  [ 5A19667A580B1CE886EAF968B9743F45, 0A9EBE4057A0A6EF4732623794C2416A6BD8B87356DA46652BD92762505F57C7 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:10:24.0341 0x1260  Stereo Service - ok
20:10:24.0372 0x1260  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:10:24.0403 0x1260  stexstor - ok
20:10:24.0466 0x1260  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
20:10:24.0544 0x1260  StiSvc - ok
20:10:24.0575 0x1260  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:10:24.0606 0x1260  swenum - ok
20:10:24.0653 0x1260  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
20:10:24.0747 0x1260  swprv - ok
20:10:24.0840 0x1260  [ 4EE25AC85AFC3FD67D9F57ECDF566FF2, F1BFF1FB655F31B97FA9C6A49D433EFD33D8A35F6B28B4D83E45C27A05A86228 ] SysMain         C:\Windows\system32\sysmain.dll
20:10:24.0981 0x1260  SysMain - ok
20:10:25.0012 0x1260  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
20:10:25.0059 0x1260  TabletInputService - ok
20:10:25.0105 0x1260  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:10:25.0215 0x1260  TapiSrv - ok
20:10:25.0246 0x1260  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
20:10:25.0324 0x1260  TBS - ok
20:10:25.0433 0x1260  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:10:25.0527 0x1260  Tcpip - ok
20:10:25.0636 0x1260  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:10:25.0729 0x1260  TCPIP6 - ok
20:10:25.0807 0x1260  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:10:25.0839 0x1260  tcpipreg - ok
20:10:25.0870 0x1260  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:10:25.0901 0x1260  TDPIPE - ok
20:10:25.0932 0x1260  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:10:25.0979 0x1260  TDTCP - ok
20:10:26.0026 0x1260  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:10:26.0073 0x1260  tdx - ok
20:10:26.0135 0x1260  [ F02854188872539EFD97648BE4CA0A21, BF93345ADDD4F272B031BE6C566EE68432980D8DFBAB3ADCA2B30CEB0A3BF359 ] TeamViewer      C:\Program Files\TeamViewer3\TeamViewer_Host.exe
20:10:26.0166 0x1260  TeamViewer - detected UnsignedFile.Multi.Generic ( 1 )
20:10:26.0166 0x1260  TeamViewer ( UnsignedFile.Multi.Generic ) - warning
20:10:26.0166 0x1260  Force sending object to P2P due to detect: TeamViewer
20:10:26.0182 0x1260  Object send P2P result: false
20:10:26.0197 0x1260  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:10:26.0229 0x1260  TermDD - ok
20:10:26.0291 0x1260  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
20:10:26.0353 0x1260  TermService - ok
20:10:26.0385 0x1260  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
20:10:26.0447 0x1260  Themes - ok
20:10:26.0463 0x1260  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
20:10:26.0525 0x1260  THREADORDER - ok
20:10:26.0572 0x1260  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
20:10:26.0634 0x1260  TrkWks - ok
20:10:26.0697 0x1260  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:10:26.0775 0x1260  TrustedInstaller - ok
20:10:26.0821 0x1260  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:10:26.0853 0x1260  tssecsrv - ok
20:10:26.0931 0x1260  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:10:26.0977 0x1260  TsUsbFlt - ok
20:10:27.0024 0x1260  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:10:27.0102 0x1260  tunnel - ok
20:10:27.0133 0x1260  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:10:27.0165 0x1260  uagp35 - ok
20:10:27.0196 0x1260  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:10:27.0289 0x1260  udfs - ok
20:10:27.0336 0x1260  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:10:27.0383 0x1260  UI0Detect - ok
20:10:27.0430 0x1260  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:10:27.0461 0x1260  uliagpkx - ok
20:10:27.0492 0x1260  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:10:27.0555 0x1260  umbus - ok
20:10:27.0586 0x1260  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:10:27.0617 0x1260  UmPass - ok
20:10:27.0726 0x1260  [ 6E30C47050124B12D55ECF7F516F28E2, 77BD6446A9E487A1A0F43C38A9736EA33C8F96C8E88197984E6CA8922FF09169 ] Updater Service for AMZN C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
20:10:27.0773 0x1260  Updater Service for AMZN - ok
20:10:27.0820 0x1260  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
20:10:27.0913 0x1260  upnphost - ok
20:10:27.0976 0x1260  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:10:28.0023 0x1260  usbccgp - ok
20:10:28.0054 0x1260  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:10:28.0101 0x1260  usbcir - ok
20:10:28.0147 0x1260  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:10:28.0194 0x1260  usbehci - ok
20:10:28.0257 0x1260  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:10:28.0303 0x1260  usbhub - ok
20:10:28.0350 0x1260  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:10:28.0381 0x1260  usbohci - ok
20:10:28.0428 0x1260  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:10:28.0475 0x1260  usbprint - ok
20:10:28.0522 0x1260  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
20:10:28.0553 0x1260  usbscan - ok
20:10:28.0600 0x1260  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:10:28.0647 0x1260  USBSTOR - ok
20:10:28.0693 0x1260  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:10:28.0740 0x1260  usbuhci - ok
20:10:28.0787 0x1260  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
20:10:28.0849 0x1260  UxSms - ok
20:10:28.0881 0x1260  [ 7D67B4D677A15B1A363D5BD8201B533D, B40C64C99632B988E3AAFB1FAAF2826EE0466B90F74C541C02E0668C9150F45B ] VaultSvc        C:\Windows\system32\lsass.exe
20:10:28.0912 0x1260  VaultSvc - ok
20:10:28.0974 0x1260  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:10:29.0005 0x1260  vdrvroot - ok
20:10:29.0068 0x1260  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
20:10:29.0146 0x1260  vds - ok
20:10:29.0177 0x1260  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:10:29.0224 0x1260  vga - ok
20:10:29.0239 0x1260  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:10:29.0302 0x1260  VgaSave - ok
20:10:29.0333 0x1260  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:10:29.0380 0x1260  vhdmp - ok
20:10:29.0427 0x1260  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:10:29.0458 0x1260  viaagp - ok
20:10:29.0489 0x1260  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
20:10:29.0536 0x1260  ViaC7 - ok
20:10:29.0567 0x1260  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:10:29.0598 0x1260  viaide - ok
20:10:29.0630 0x1260  [ AA3E6722843540B9C8EC5257E3D4B675, A3C24654978A604837F85D88C2A6ACB9C552728673213A3BB79A1B7ECE33C7E5 ] ViBus           C:\Windows\system32\DRIVERS\ViBus.sys
20:10:29.0661 0x1260  ViBus - ok
20:10:29.0708 0x1260  [ A1B7CFFE5F09B825FBA506C4DE9FDAC7, C238802B5BA4E99ED57F84C8417DF3C8269527340D20DA0AFC0050E9A611E7EE ] ViPrt           C:\Windows\system32\DRIVERS\ViPrt.sys
20:10:29.0754 0x1260  ViPrt - ok
20:10:29.0786 0x1260  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:10:29.0817 0x1260  volmgr - ok
20:10:29.0848 0x1260  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:10:29.0895 0x1260  volmgrx - ok
20:10:29.0926 0x1260  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:10:29.0973 0x1260  volsnap - ok
20:10:30.0035 0x1260  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:10:30.0066 0x1260  vsmraid - ok
20:10:30.0144 0x1260  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
20:10:30.0254 0x1260  VSS - ok
20:10:30.0269 0x1260  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:10:30.0316 0x1260  vwifibus - ok
20:10:30.0347 0x1260  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
20:10:30.0441 0x1260  W32Time - ok
20:10:30.0488 0x1260  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:10:30.0534 0x1260  WacomPen - ok
20:10:30.0581 0x1260  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:10:30.0628 0x1260  WANARP - ok
20:10:30.0659 0x1260  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:10:30.0706 0x1260  Wanarpv6 - ok
20:10:30.0800 0x1260  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
20:10:30.0924 0x1260  wbengine - ok
20:10:30.0987 0x1260  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:10:31.0049 0x1260  WbioSrvc - ok
20:10:31.0096 0x1260  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:10:31.0190 0x1260  wcncsvc - ok
20:10:31.0221 0x1260  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:10:31.0268 0x1260  WcsPlugInService - ok
20:10:31.0314 0x1260  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:10:31.0346 0x1260  Wd - ok
20:10:31.0408 0x1260  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:10:31.0455 0x1260  Wdf01000 - ok
20:10:31.0502 0x1260  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:10:31.0533 0x1260  WdiServiceHost - ok
20:10:31.0564 0x1260  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:10:31.0595 0x1260  WdiSystemHost - ok
20:10:31.0658 0x1260  [ 55C70654420DBF429604FD567E6F3CD3, 22191B049BCA76EF13AEDF8078E452E6B35E998A75AD63F14C542B541EA9F67D ] WebClient       C:\Windows\System32\webclnt.dll
20:10:31.0704 0x1260  WebClient - ok
20:10:31.0736 0x1260  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:10:31.0845 0x1260  Wecsvc - ok
20:10:31.0860 0x1260  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:10:31.0923 0x1260  wercplsupport - ok
20:10:31.0970 0x1260  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
20:10:32.0048 0x1260  WerSvc - ok
20:10:32.0094 0x1260  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:10:32.0157 0x1260  WfpLwf - ok
20:10:32.0188 0x1260  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:10:32.0219 0x1260  WIMMount - ok
20:10:32.0313 0x1260  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:10:32.0422 0x1260  WinDefend - ok
20:10:32.0453 0x1260  WinHttpAutoProxySvc - ok
20:10:32.0531 0x1260  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:10:32.0609 0x1260  Winmgmt - ok
20:10:32.0687 0x1260  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:10:32.0828 0x1260  WinRM - ok
20:10:32.0890 0x1260  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:10:32.0952 0x1260  WinUsb - ok
20:10:33.0015 0x1260  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:10:33.0124 0x1260  Wlansvc - ok
20:10:33.0171 0x1260  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:10:33.0202 0x1260  WmiAcpi - ok
20:10:33.0249 0x1260  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:10:33.0296 0x1260  wmiApSrv - ok
20:10:33.0389 0x1260  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:10:33.0514 0x1260  WMPNetworkSvc - ok
20:10:33.0561 0x1260  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:10:33.0592 0x1260  WPCSvc - ok
20:10:33.0639 0x1260  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:10:33.0686 0x1260  WPDBusEnum - ok
20:10:33.0717 0x1260  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:10:33.0795 0x1260  ws2ifsl - ok
20:10:33.0826 0x1260  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
20:10:33.0888 0x1260  wscsvc - ok
20:10:33.0920 0x1260  WSearch - ok
20:10:34.0060 0x1260  [ 4A19D4A01F8F0684E155C131B5B54776, 341ABCDB121DDB49831B3E42DFDB0938AF49C31B44351A3D9970DAD25CD22606 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:10:34.0232 0x1260  wuauserv - ok
20:10:34.0263 0x1260  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:10:34.0310 0x1260  WudfPf - ok
20:10:34.0356 0x1260  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:10:34.0388 0x1260  WUDFRd - ok
20:10:34.0419 0x1260  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:10:34.0481 0x1260  wudfsvc - ok
20:10:34.0512 0x1260  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:10:34.0559 0x1260  WwanSvc - ok
20:10:34.0622 0x1260  [ 7481637A50A0468CF46C719672BC7EAA, 286C7D714B9EA7346E2891A6B9F972C53AD6591F21FFB067B805C3ED5EB946DA ] ZSMC301b        C:\Windows\system32\Drivers\usbVM31b.sys
20:10:34.0653 0x1260  ZSMC301b - ok
20:10:34.0668 0x1260  ================ Scan global ===============================
20:10:34.0715 0x1260  [ 5E7C5DE85AF978495C3A9A0B720B9811, 142CDEBED78E3BAEE8D2DBF6A97CE26313932024010548EC2E570CAE480AF7C3 ] C:\Windows\system32\basesrv.dll
20:10:34.0762 0x1260  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
20:10:34.0778 0x1260  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
20:10:34.0824 0x1260  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
20:10:34.0871 0x1260  [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
20:10:34.0887 0x1260  [ Global ] - ok
20:10:34.0887 0x1260  ================ Scan MBR ==================================
20:10:34.0887 0x1260  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:10:35.0136 0x1260  \Device\Harddisk0\DR0 - ok
20:10:35.0136 0x1260  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5
20:10:36.0275 0x1260  \Device\Harddisk5\DR5 - ok
20:10:36.0275 0x1260  ================ Scan VBR ==================================
20:10:36.0291 0x1260  [ E4E6DBCE6E91C861728EE5BCDA1BB97C ] \Device\Harddisk0\DR0\Partition1
20:10:36.0291 0x1260  \Device\Harddisk0\DR0\Partition1 - ok
20:10:36.0291 0x1260  [ 264E6FB4A75DE776193E25610EBCCB8D ] \Device\Harddisk5\DR5\Partition1
20:10:36.0291 0x1260  \Device\Harddisk5\DR5\Partition1 - ok
20:10:36.0291 0x1260  ================ Scan generic autorun ======================
20:10:36.0369 0x1260  [ FF70A439B01C1373AB396275BF93E1AA, 258470764B37CD4C7B6134237C818424FA4B7B5D0590EDC5DE19271FCFAF6922 ] C:\Program Files\Analog Devices\Core\smax4pnp.exe
20:10:36.0431 0x1260  SoundMAXPnP - ok
20:10:36.0431 0x1260  Performance Center - ok
20:10:36.0618 0x1260  [ 442CC2A5247327548826D284B7CC7287, 8005CB98F7519EDC84FE88009EE354B753929DDA71761571E68BECCBC3D88D02 ] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
20:10:36.0728 0x1260  GDFirewallTray - ok
20:10:36.0946 0x1260  [ D49C6A597814433ED6C3BF7ECF2D27BD, D792327A9D88ADACA3B855038DD87DDB0FF5A6F5B2D4ED3BC53BA98309C08FDD ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
20:10:37.0164 0x1260  CanonMyPrinter - ok
20:10:37.0289 0x1260  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:10:37.0398 0x1260  Sidebar - ok
20:10:37.0445 0x1260  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:10:37.0492 0x1260  mctadmin - ok
20:10:37.0586 0x1260  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:10:37.0664 0x1260  Sidebar - ok
20:10:37.0695 0x1260  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:10:37.0742 0x1260  mctadmin - ok
20:10:37.0804 0x1260  [ A7DC47DBBE3C0384BA719DC4188AFA7E, FCC8F68A8E55AE2AB9B877A6E46DFC28411B68D09AEACA4792625B5150EFDCFD ] C:\Windows\ehome\ehTray.exe
20:10:37.0835 0x1260  ehTray.exe - ok
20:10:37.0835 0x1260  Performance Center - ok
20:10:37.0944 0x1260  [ A3CCBBB0735800B89931B73CCB69F9B1, 97D0684AB1ECB2F89A3C8E53DC383AEDE506A1F9367AA283C0B9992A19854D43 ] C:\Program Files\AppGraffiti\AGupdate.exe
20:10:38.0007 0x1260  AGupdate - ok
20:10:38.0100 0x1260  [ 2605662FB8D523F3031284859E085B38, 230FBC3169BFC27960FE996E00308EC99588BB17155EAAD0A3FA97FAF8894F0D ] C:\Windows\system32\config\systemprofile\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
20:10:38.0163 0x1260  AmazonMP3DownloaderHelper - ok
20:10:38.0256 0x1260  [ 48450691B39F72A4F72E58ABBF7C5B63, 76BB55992F06B8156DE75850777FDBE4EE081609D5A5C916608C9C693275C3AD ] C:\PROGRA~1\APPGRA~1\AppGraffiti.exe
20:10:38.0334 0x1260  AppGraffiti - ok
20:10:38.0428 0x1260  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:10:38.0506 0x1260  Sidebar - ok
20:10:38.0537 0x1260  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:10:38.0584 0x1260  mctadmin - ok
20:10:38.0678 0x1260  AV detected via SS2: G DATA INTERNET SECURITY, C:\Program Files\G DATA\InternetSecurity\AVK\avkwscpe.exe ( 25.1.0.0 ), 0x42000 ( disabled : updated )
20:10:38.0678 0x1260  FW detected via SS2: G*DATA Personal Firewall, C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe ( 22.0.0.1 ), 0x41010 ( enabled )
20:10:38.0678 0x1260  ============================================================
20:10:38.0678 0x1260  Scan finished
20:10:38.0678 0x1260  ============================================================
20:10:38.0693 0x0530  Detected object count: 7
20:10:38.0693 0x0530  Actual detected object count: 7
20:14:18.0841 0x0530  Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:14:18.0841 0x0530  Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:14:18.0856 0x0530  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:14:18.0856 0x0530  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:14:18.0856 0x0530  hwinterface ( UnsignedFile.Multi.Generic ) - skipped by user
20:14:18.0856 0x0530  hwinterface ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:14:18.0856 0x0530  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:14:18.0856 0x0530  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:14:18.0856 0x0530  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:14:18.0856 0x0530  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:14:18.0872 0x0530  STC2DFU ( UnsignedFile.Multi.Generic ) - skipped by user
20:14:18.0872 0x0530  STC2DFU ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:14:18.0872 0x0530  TeamViewer ( UnsignedFile.Multi.Generic ) - skipped by user
20:14:18.0872 0x0530  TeamViewer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:14:27.0218 0x0a58  Deinitialize success
         

Alt 21.10.2015, 20:14   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar - Standard

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.10.2015, 12:34   #6
tb87
 
Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar - Standard

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar



Hallo Schrauber,

sorry für die Verspätung, aber gestern abend war "Back to the future"-Day, da musste ich mir im Kino das Triplefeature angucken.

Ich hatte einige Probleme, den Virenscanner G-Data zu deaktivieren, wirklich ein lästiges Teil. Der hat dann immer irgendwelche Teile von ComboFix gekillt usw. Ich hab dann gebootet und in den G-Data-Einstellungen wirklich alle Haken rausgemacht (Prozesse killen usw ging nicht). Danach lief ComboFox ohne Meckereien durch.



Combofix Logfile:
Code:
ATTFilter
ComboFix 15-10-21.01 - Günter Meier 22.10.2015  12:01:35.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2046.1229 [GMT 2:00]
ausgeführt von:: c:\windows\system32\config\systemprofile\Desktop\ComboFix.exe
AV: G DATA INTERNET SECURITY *Disabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
FW: G*DATA Personal Firewall *Disabled* {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
SP: G DATA INTERNET SECURITY *Disabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\windows\IsUn0407.exe
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.ComfyCakesSave-ms.pif
c:\windows\system32\drivers\hwinterface.sys
c:\windows\TEMP\catchme.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_hwinterface
-------\Service_hwinterface
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-09-22 bis 2015-10-22  ))))))))))))))))))))))))))))))
.
.
2015-10-22 10:15 . 2015-10-22 10:15	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-10-22 10:15 . 2015-10-22 10:15	--------	d-----w-	c:\users\Günter Meier\AppData\Local\temp
2015-10-22 10:15 . 2015-10-22 10:15	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
2015-10-22 10:15 . 2015-10-22 10:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-10-20 17:19 . 2015-10-20 17:19	--------	d-----w-	c:\programdata\Malwarebytes
2015-10-20 17:19 . 2015-10-20 18:06	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-10-20 17:19 . 2015-10-20 17:19	170200	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-20 16:46 . 2015-10-20 16:46	94936	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-10-20 14:16 . 2015-10-20 14:19	--------	d-----w-	C:\FRST
2015-10-17 13:51 . 2015-09-18 17:44	587776	----a-w-	c:\windows\system32\invagent.dll
2015-10-17 13:51 . 2015-09-18 17:44	615936	----a-w-	c:\windows\system32\generaltel.dll
2015-10-17 13:51 . 2015-09-18 17:44	423936	----a-w-	c:\windows\system32\devinv.dll
2015-10-17 13:51 . 2015-09-18 17:44	1120768	----a-w-	c:\windows\system32\appraiser.dll
2015-10-17 13:51 . 2015-09-18 17:35	999936	----a-w-	c:\windows\system32\aeinv.dll
2015-10-17 13:51 . 2015-09-18 17:47	23384	----a-w-	c:\windows\system32\CompatTelRunner.exe
2015-10-17 13:51 . 2015-09-18 17:44	62976	----a-w-	c:\windows\system32\acmigration.dll
2015-10-14 12:00 . 2015-09-16 03:38	37888	----a-w-	c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2015-10-14 11:57 . 2015-09-29 03:05	3936192	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-10-13 14:55 . 2015-10-13 14:54	524288	----a-w-	c:\windows\putty.exe
2015-10-13 12:09 . 2015-10-13 12:09	--------	d-----w-ter Meier	c:\users\GNTERR~2
2015-10-13 11:59 . 2015-10-13 11:59	--------	d-----w-	c:\users\Günter Meier\AppData\Local\CEF
2015-10-13 11:47 . 2015-10-13 11:47	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Roaming\McAfee
2015-10-12 16:13 . 2015-10-12 16:13	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\CEF
2015-10-12 16:09 . 2015-10-12 16:09	--------	d-----w-	c:\programdata\McAfee
2015-09-30 20:47 . 2015-09-30 20:47	225976	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-22 10:02 . 2015-10-22 10:02	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E0ABF65-1CC0-43C1-8E75-11609A5DA100}\offreg.3632.dll
2015-10-20 18:09 . 2015-10-20 18:09	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E0ABF65-1CC0-43C1-8E75-11609A5DA100}\offreg.4116.dll
2015-10-20 14:19 . 2015-10-20 14:19	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E0ABF65-1CC0-43C1-8E75-11609A5DA100}\offreg.2836.dll
2015-10-17 14:59 . 2015-10-17 14:59	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E0ABF65-1CC0-43C1-8E75-11609A5DA100}\offreg.5532.dll
2015-09-17 14:48 . 2015-09-17 14:48	15192	----a-w-	c:\windows\system32\drivers\GdPhyMem.sys
2015-09-17 14:48 . 2010-12-18 12:33	29528	----a-w-	c:\windows\system32\drivers\GRD.sys
2015-09-04 16:05 . 2014-04-08 06:38	778416	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-09-04 16:05 . 2011-08-09 19:14	142512	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-09-04 12:11 . 2015-09-16 13:38	149760	----a-w-	c:\windows\RegDefragTask.exe
2015-09-02 02:48 . 2015-09-10 14:44	26624	----a-w-	c:\windows\system32\lpk.dll
2015-09-02 02:48 . 2015-09-10 14:44	70656	----a-w-	c:\windows\system32\fontsub.dll
2015-09-02 02:48 . 2015-09-10 14:44	10240	----a-w-	c:\windows\system32\dciman32.dll
2015-09-02 02:48 . 2015-09-10 14:44	34304	----a-w-	c:\windows\system32\atmlib.dll
2015-09-02 01:36 . 2015-09-10 14:44	2384896	----a-w-	c:\windows\system32\win32k.sys
2015-09-02 01:33 . 2015-09-10 14:44	299520	----a-w-	c:\windows\system32\atmfd.dll
2015-08-31 23:05 . 2015-10-17 13:51	8884144	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E0ABF65-1CC0-43C1-8E75-11609A5DA100}\mpengine.dll
2015-08-27 17:58 . 2015-09-10 14:44	1391104	----a-w-	c:\windows\system32\msxml6.dll
2015-08-27 17:58 . 2015-09-10 14:44	1241088	----a-w-	c:\windows\system32\msxml3.dll
2015-08-27 17:51 . 2015-09-10 14:44	2048	----a-w-	c:\windows\system32\msxml6r.dll
2015-08-27 17:51 . 2015-09-10 14:44	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-08-05 17:41 . 2015-09-10 14:44	751104	----a-w-	c:\windows\system32\schedsvc.dll
2015-08-05 17:40 . 2015-09-10 14:45	22528	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
2015-08-05 17:40 . 2015-09-10 14:45	216064	----a-w-	c:\windows\system32\InkEd.dll
2015-08-05 17:40 . 2015-09-10 14:45	19968	----a-w-	c:\windows\system32\jnwmon.dll
2015-07-30 17:57 . 2015-08-14 11:17	909824	----a-w-	c:\windows\system32\FntCache.dll
2015-07-30 17:57 . 2015-08-14 11:17	1251328	----a-w-	c:\windows\system32\DWrite.dll
2015-07-30 17:57 . 2015-08-14 11:17	1987584	----a-w-	c:\windows\system32\d3d10warp.dll
2015-07-30 13:13 . 2015-08-14 11:05	103120	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2012-12-06 11:17	343296	----a-w-	c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-09-15 12:58	1733240	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-09-15 12:58	1733240	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-09-15 12:58	1733240	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"AGupdate"="c:\program files\AppGraffiti\AGupdate.exe" [2013-03-19 894048]
"AppGraffiti"="c:\progra~1\APPGRA~1\AppGraffiti.exe" [2015-06-25 1220544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2015-02-20 1855608]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03	152872	----a-w-	c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 12:36	36864	----a-w-	c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57	153136	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-12-18 19:34	868352	----a-w-	c:\program files\Analog Devices\Core\smax4pnp.exe
.
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2007-01-23 11904]
R2 StarMoney 10 OnlineUpdate;StarMoney 10 OnlineUpdate;c:\program files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [2015-07-27 688784]
R2 StarMoney 9.0 OnlineUpdate;StarMoney 9.0 OnlineUpdate;c:\program files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [2014-07-04 697488]
R3 Browser7Maintenance;Browser 7 Maintenance Service;c:\program files\Browser 7 Maintenance Service\maintenanceservice.exe [2015-08-20 148792]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon32.sys [2011-07-31 29400]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2007-01-23 207872]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2007-01-23 299776]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2007-01-23 149504]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2007-01-23 498176]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys [2007-01-23 23552]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-18 14848]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2007-10-17 56448]
R3 STC2DFU;STCII DFU Adapter;c:\windows\system32\DRIVERS\Stc2Dfu.SYS [2004-10-24 7796]
R3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-09-16 102912]
R4 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2015-04-07 108032]
S0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2007-03-26 16896]
S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2007-03-26 52224]
S1 GDKBFlt;G Data GDKBFlt Driver;c:\windows\system32\drivers\GDKBFlt32.sys [2015-04-07 20352]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2015-04-07 161792]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2015-07-12 53248]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2015-09-17 29528]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2015-04-07 87040]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2015-04-16 2528888]
S2 AVKService;G DATA Scheduler;c:\program files\G Data\InternetSecurity\AVK\AVKService.exe [2015-02-20 965240]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2015-04-07 2876888]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]
S2 Updater Service for AMZN;Updater Service for AMZN;c:\program files\Amazon Browser Bar\ToolbarUpdaterService.exe [2013-03-21 222368]
S3 GDFwSvc;G Data Personal Firewall;c:\program files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2015-02-20 2539560]
S3 GDKBB;G Data GDKBB Driver;c:\windows\system32\drivers\GDKBB32.sys [2015-04-07 24192]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2015-04-07 73216]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G DATA\GDScan\GDScan.exe [2015-03-04 789112]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc	REG_MULTI_SZ   	DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-02 07:26	997704	----a-w-	c:\program files\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-08 16:05]
.
2015-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-27 16:00]
.
2015-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-27 16:00]
.
2015-10-22 c:\windows\Tasks\simplitec Power Suite (Tray).job
- c:\program files\simplitec\simplitec Power Suite\ServiceProvider.exe [2015-07-08 12:12]
.
2015-10-15 c:\windows\Tasks\simplitec Power Suite.job
- c:\program files\simplitec\simplitec Power Suite\PowerSuite.exe [2015-07-08 12:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_sp_
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: amazon.de
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKCU-Run-Performance Center - c:\program files\Ascentive\Performance Center\ApcMain.exe
HKLM-Run-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Günter Meier\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\GWX\GWX.exe
c:\windows\system32\conhost.exe
c:\program files\AppGraffiti\AppGraffiti.exe
c:\windows\System32\WUDFHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-10-22  12:28:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-10-22 10:28
.
Vor Suchlauf: 23 Verzeichnis(se), 234.090.831.872 Bytes frei
Nach Suchlauf: 33 Verzeichnis(se), 234.937.659.392 Bytes frei
.
- - End Of File - - 932F7D9364262A2CBC4D26D73D9E731F
         

Ausserdem kam nach dem Reboot, während Combofix angezeigt hat, dass er das Log erstellt, eine Meldung von G-Data, dass ein Programm namens ServiceProvider.exe einen Port aufmachen wollen würde. Das gehört zur "simplitec Power Suite", die ich eigentlich vor ein paar Tagen (d.h. vor dem ersten Posting hier) deinstalliert hatte.

EDIT: nach etwa 10 Minuten kam wieder die NSIS Fehlermeldung.



Gruss,
Tom

Gruss,
Tom

Alt 23.10.2015, 08:54   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar - Standard

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar



Ich habs bei Amazon Prime geschaut


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.10.2015, 15:01   #8
tb87
 
Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar - Standard

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar



mbam.txt:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 23.10.2015
Suchlaufzeit: 12:39
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2015.09.22.05
Rootkit-Datenbank: v2015.09.18.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bsartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Gnter Meier

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 430219
Abgelaufene Zeit: 31 Min., 5 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.AmazonTB, C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe, 2972, Lschen bei Neustart, [e60781b1c9c2290db5386a1c05ff60a0]
PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\AppGraffiti.exe, 2956, Lschen bei Neustart, [49a4de5449427abc2d362b5c7094da26]

Module: 0
(keine bsartigen Elemente erkannt)

Registrierungsschlssel: 26
PUP.Optional.AppGraffiti, HKU\S-1-5-21-3597727890-3998022267-917300989-1001_Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}, In Quarantne, [f9f4b1815e2d26104a318064669c5ea2], 
PUP.Optional.RebateInformer, HKLM\SOFTWARE\CLASSES\RebateI.RebateInformImageGen, In Quarantne, [e6077bb7820966d00ac846a4bb4712ee], 
PUP.Optional.RebateInformer, HKLM\SOFTWARE\CLASSES\RebateI.Rebate Informer BHO, In Quarantne, [8667f1412e5d3ff7e5ee15d5b34fec14], 
PUP.Optional.AmazonTB, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Updater Service for AMZN, In Quarantne, [e60781b1c9c2290db5386a1c05ff60a0], 
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\CLSID\{183643C8-EE67-4574-9A38-927852E34163}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], 
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\TYPELIB\{506F578A-91E1-46CE-830F-E2F4268E9966}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], 
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\INTERFACE\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], 
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\INTERFACE\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], 
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\INTERFACE\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], 
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\INTERFACE\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], 
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\INTERFACE\{E9BBD270-4B87-4EE2-912F-6635674986C0}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], 
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\CShared.TB4Server, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], 
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], 
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\CShared.TB4Client, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], 
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], 
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\CShared.TB4Script, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], 
PUP.Optional.InboxToolBar, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8736C681-37A0-40C6-A0F0-4C083409151C}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], 
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\CLSID\{DB35C569-5624-4CFC-8043-E5139F55A073}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], 
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\CLSID\{EFB46ED3-8FD8-4051-8FD6-DD9CE7E63BEF}, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], 
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\CShared.TB4Server2, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], 
PUP.Optional.AppGraffiti, HKLM\SOFTWARE\AppGraffiti, In Quarantne, [15d8a989cac1c2746dc168da9271f709], 
PUP.Optional.AppGraffiti, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\angobeimajilfhlcpeiccndaifchnppl, In Quarantne, [7a73e151bbd02313aeb7abdcbb498e72], 
PUP.Optional.AppGraffiti, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\AppGraffiti, In Quarantne, [c32a949ed2b938fe83ac5ce653b02fd1], 
PUP.Optional.RebateInformer, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\CTOOLBAR\PLUGINS\REBATEINF, In Quarantne, [9855c072fb906ec869478530ce3632ce], 
PUP.Optional.AlexaTB, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\DISTROMATIC\Toolbars, In Quarantne, [5c9192a0dfacd36326873e4863a1d729], 
PUP.Optional.ICQ, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BE9654C9-9D79-42EC-B55A-3CAEB12DBF58}, In Quarantne, [9657e949dbb05ed8fe98bbe6966eca36], 

Registrierungswerte: 6
PUP.Optional.ICQToolbar, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{855F3B16-6D32-4FE6-8A56-BBB695989046}, In Quarantne, [8e5f86ac93f8082e24eaad3aaf53b24e], 
PUP.Optional.ICQToolbar, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{855F3B16-6D32-4FE6-8A56-BBB695989046},  ;_2mOVF{A9CA339F-7856-4dc4-9C48-71B1D7ACAD12}, In Quarantne, [8e5f86ac93f8082e24eaad3aaf53b24e]
PUP.Optional.AppGraffiti, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AGupdate, C:\Program Files\AppGraffiti\AGupdate.exe, In Quarantne, [49a4de5449427abc2d362b5c7094da26]
PUP.Optional.AppGraffiti, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AppGraffiti, "C:\PROGRA~1\APPGRA~1\AppGraffiti.exe", In Quarantne, [49a4de5449427abc2d362b5c7094da26]
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES\INBOX.COM\SHARED\CSHARED.DLL, 1, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8]
PUP.Optional.ICQ, HKU\S-1-5-21-3597727890-3998022267-917300989-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}|URL, hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd, In Quarantne, [9657e949dbb05ed8fe98bbe6966eca36]

Registrierungsdaten: 0
(keine bsartigen Elemente erkannt)

Ordner: 12
PUP.Optional.AmazonTB, C:\Users\Gnter Meier\AppData\Local\Amazon Browser Bar, In Quarantne, [a8452b07ef9c231379736224a2627888], 
PUP.Optional.AmazonTB, C:\Program Files\Amazon Browser Bar, Lschen bei Neustart, [e60781b1c9c2290db5386a1c05ff60a0], 
PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti, Lschen bei Neustart, [49a4de5449427abc2d362b5c7094da26], 
PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\Chrome, In Quarantne, [49a4de5449427abc2d362b5c7094da26], 
PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\Update, In Quarantne, [49a4de5449427abc2d362b5c7094da26], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com, In Quarantne, [24c9949ee8a3c4729facda27d92a649c], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com\chrome, In Quarantne, [24c9949ee8a3c4729facda27d92a649c], 
PUP.Optional.AppGraffiti, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti, In Quarantne, [12dbe74b543739fd61edf70a788b1fe1], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\img, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\js, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], 

Dateien: 37
PUP.Optional.SearchProtect, C:\Program Files\Amazon Browser Bar\search_protect - Kopie.exe, In Quarantne, [d5188ca6c7c4a98de18651680bf66b95], 
PUP.Optional.SearchProtect, C:\Program Files\Amazon Browser Bar\search_protect.exe, In Quarantne, [7578ff33d4b73afca8bff1c87d8432ce], 
PUP.Optional.RebateInformer, C:\Program Files\RebateInformer\RebateInf.exe, In Quarantne, [47a6ff335a313df956ee13acea17639d], 
PUP.Optional.MyStartSearch.ShrtCln, C:\Users\Gnter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\searchplugins\MyStart Search.xml, In Quarantne, [836ae2503556be78aefdc38842c1dc24], 
PUP.Optional.AmazonTB, C:\Users\Gnter Meier\AppData\Local\Amazon Browser Bar\protect.xml, In Quarantne, [a8452b07ef9c231379736224a2627888], 
PUP.Optional.AmazonTB, C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.ini, In Quarantne, [e60781b1c9c2290db5386a1c05ff60a0], 
PUP.Optional.AmazonTB, C:\Program Files\Amazon Browser Bar\installer.xml, In Quarantne, [e60781b1c9c2290db5386a1c05ff60a0], 
PUP.Optional.AmazonTB, C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe, Lschen bei Neustart, [e60781b1c9c2290db5386a1c05ff60a0], 
PUP.Optional.AmazonTB, C:\Program Files\Amazon Browser Bar\uninstall.ico, In Quarantne, [e60781b1c9c2290db5386a1c05ff60a0], 
PUP.Optional.AmazonTB, C:\Program Files\Amazon Browser Bar\uninstall.json, In Quarantne, [e60781b1c9c2290db5386a1c05ff60a0], 
PUP.Optional.AmazonTB, C:\Program Files\Amazon Browser Bar\update.xml, In Quarantne, [e60781b1c9c2290db5386a1c05ff60a0], 
PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\unins000.dat, In Quarantne, [49a4de5449427abc2d362b5c7094da26], 
PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\AGupdate.exe, In Quarantne, [49a4de5449427abc2d362b5c7094da26], 
PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\AppGraffiti.dll, In Quarantne, [49a4de5449427abc2d362b5c7094da26], 
PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\AppGraffiti.exe, Lschen bei Neustart, [49a4de5449427abc2d362b5c7094da26], 
PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\AppGraffiti64.dll, In Quarantne, [49a4de5449427abc2d362b5c7094da26], 
PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\config.dat, In Quarantne, [49a4de5449427abc2d362b5c7094da26], 
PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\Chrome\graff_chr.crx, In Quarantne, [49a4de5449427abc2d362b5c7094da26], 
PUP.Optional.AppGraffiti, C:\Program Files\AppGraffiti\Chrome\graff_chr.ver, In Quarantne, [49a4de5449427abc2d362b5c7094da26], 
PUP.Optional.InboxToolBar, C:\Program Files\Inbox.com\Shared\CShared.dll, In Quarantne, [38b584ae018a4ee8a6e4c9d95aaa28d8], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com\chrome.manifest, In Quarantne, [24c9949ee8a3c4729facda27d92a649c], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com\ini.xml, In Quarantne, [24c9949ee8a3c4729facda27d92a649c], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com\install.rdf, In Quarantne, [24c9949ee8a3c4729facda27d92a649c], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com\install.xml, In Quarantne, [24c9949ee8a3c4729facda27d92a649c], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com\chrome\AppGraffiti.jar, In Quarantne, [24c9949ee8a3c4729facda27d92a649c], 
PUP.Optional.AppGraffiti, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti\Uninstall AppGraffiti.lnk, In Quarantne, [12dbe74b543739fd61edf70a788b1fe1], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\background.js, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\manifest.json, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\img\128x128.png, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\img\16x16.png, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\img\48x48.png, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\js\AppGraffiti.js, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\js\facebook.js, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\js\iframe.js, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\js\jquery-1.6.1.min.js, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\js\reload.js, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], 
PUP.Optional.AppGraffiti, C:\Users\Gnter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0\js\twitter.js, In Quarantne, [925bd1610a810f276cc7897e0cf7847c], 

Physische Sektoren: 0
(keine bsartigen Elemente erkannt)


(end)
         

AwCleaner.txt:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v5.014 - Bericht erstellt am 23/10/2015 um 14:31:58
# Aktualisiert am 18/10/2015 von Xplode
# Datenbank : 2015-10-18.5 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86)
# Benutzername : Günter Meier - GÜNTER-PC
# Gestartet von : E:\winguenter\bin\AdwCleaner_5.014.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Program Files\Amazon\ABB
[-] Ordner Gelöscht : C:\Program Files\icqtoolbar
[-] Ordner Gelöscht : C:\Program Files\Inbox.com
[-] Ordner Gelöscht : C:\Program Files\RebateInformer
[-] Ordner Gelöscht : C:\Program Files\simplitec
[-] Ordner Gelöscht : C:\Program Files\SiteRanker
[-] Ordner Gelöscht : C:\ProgramData\simplitec
[-] Ordner Gelöscht : C:\ProgramData\Yahoo! Companion
[-] Ordner Gelöscht : C:\ProgramData\Fighters
[-] Ordner Gelöscht : C:\ProgramData\SparkTrust
[-] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
[-] Ordner Gelöscht : C:\Users\Günter Meier\AppData\Local\PackageAware
[-] Ordner Gelöscht : C:\Users\Günter Meier\AppData\LocalLow\AppGraffiti
[-] Ordner Gelöscht : C:\Users\Günter Meier\AppData\LocalLow\SiteRanker
[-] Ordner Gelöscht : C:\Users\Günter Meier\AppData\Roaming\Fighters
[-] Ordner Gelöscht : C:\Users\Günter Meier\AppData\Roaming\SparkTrust
[-] Ordner Gelöscht : C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[-] Ordner Gelöscht : C:\Windows\system32\config\systemprofile\AppData\Roaming\Fighters

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage
[-] Datei Gelöscht : C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\user.js

***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Geplante Tasks ] *****

[-] Task Gelöscht : simplitec Power Suite (Tray)
[-] Task Gelöscht : simplitec Power Suite

***** [ Registrierungsdatenbank ] *****

[-] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\rebinfo
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECCA77AD-EF06-4650-B6FC-7A0E90687EB4}
[-] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Schlüssel Gelöscht : HKCU\Software\CToolbar
[-] Schlüssel Gelöscht : HKCU\Software\distromatic
[-] Schlüssel Gelöscht : HKCU\Software\IM
[-] Schlüssel Gelöscht : HKCU\Software\ImInstaller
[-] Schlüssel Gelöscht : HKCU\Software\SiteRanker
[-] Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
[-] Schlüssel Gelöscht : HKCU\Software\Fighters
[-] Schlüssel Gelöscht : HKCU\Software\Yahoo\Companion
[-] Schlüssel Gelöscht : HKCU\Software\Yahoo\YFriendsBar
[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\CToolbar
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\ImInstaller
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\simplitec
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Yahoo\Companion
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\simplitec POWER SUITE_is1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}
[!] Schlüssel Nicht Gelöscht : HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Software\AppDataLow\Software\Yahoo\Companion
[!] Daten Nicht Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
[!] Daten Nicht Wiederhergestellt : HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Software\Microsoft\Internet Explorer\Main [ICQ Search]

***** [ Internetbrowser ] *****

[-] [C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\prefs.js] [Preference] Gelöscht : user_pref("AppGraffiti.installdate", "NaN");
[-] [C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\prefs.js] [Preference] Gelöscht : user_pref("AppGraffiti.installed", "true");
[-] [C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\prefs.js] [Preference] Gelöscht : user_pref("AppGraffiti.tbid", "61009");
[-] [C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\prefs.js] [Preference] Gelöscht : user_pref("AppGraffiti.tuid", "-7815994133870912824");
[-] [C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\prefs.js] [Preference] Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.inbox.com/homepage.aspx?tbid=80772&iwk=293&lng=de");
[-] [C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.enabledItems", "AppGraffiti@AppGraffiti.com:1.0.0.22,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{CAFEEFAC-0016-0000-0022-ABCDEFFE[...]
[-] [C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : de.ask.com

*************************

:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6950 Bytes] ##########
         
--- --- ---


jrt.txt:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 7 Home Premium x86
Ran by G]ter Meier on 23.10.2015 at 14:36:43,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\BROWSER7.EXE



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\G]ter Meier\AppData\Roaming\getrighttogo



~~~ FireFox

Successfully deleted the following from C:\Users\G]ter Meier\AppData\Roaming\mozilla\firefox\profiles\ywlhf9be.default\prefs.js

user_pref(browser.search.defaultenginename, MyStart Suche);
user_pref(keyword.URL, hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=);



~~~ Chrome


[C:\Users\G]ter Meier\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\G]ter Meier\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\G]ter Meier\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\G]ter Meier\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.10.2015 at 14:41:47,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 23.10.2015, 15:02   #9
tb87
 
Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar - Standard

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar



FRST.txt:

FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:18-10-2015
durchgeführt von Günter Meier (Administrator) auf GÜNTER-PC (23-10-2015 14:50:05)
Gestartet von E:\winguenter\bin
Geladene Profile: Günter Meier (Verfügbare Profile: Günter Meier & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files\Deutsche Telekom AG\Browser 7\Browser7.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(G Data Software AG) C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(G DATA Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Günter Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-08-05]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_sp_
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tag=bds-p08-serp-de-ie-21&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_ds_&query={searchTerms}
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {05C72334-11F3-4e9f-8740-98128F52EFB9} URL = hxxp://google.ie7pro.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tag=bds-p08-serp-de-ie-21&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_ds_&query={searchTerms}
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {CB779390-9FC4-4A00-B031-3CD9A1C8A67A} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-03] (Sun Microsystems, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default
FF DefaultSearchUrl: hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF SelectedSearchEngine: Inbox Suchen
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-26] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-12-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-12-23] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-3597727890-3998022267-917300989-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3597727890-3998022267-917300989-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3597727890-3998022267-917300989-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Windows\system32\config\systemprofile\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-04-16] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2008-06-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2009-08-03] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-12-23] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-12-23] (RealPlayer)
FF SearchPlugin: C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\searchplugins\inbox-search.xml [2014-02-03]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-27] [ist nicht signiert]
FF Extension: Blue Ice 2 - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\Extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa} [2008-08-04] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-11] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-23] [ist nicht signiert]
FF Extension: Kein Name - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [nicht gefunden]
FF Extension: Kein Name - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [nicht gefunden]

Chrome: 
=======
CHR Profile: C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-04-01]
CHR Extension: (RebateInformer) - C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\odbbfaealmlpnodchplhdomkgpdkeeal [2013-03-06]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AVKProxy; C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2528888 2015-04-16] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2876888 2015-04-07] (G Data Software AG)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [Datei ist nicht signiert]
S3 Browser7Maintenance; C:\Program Files\Browser 7 Maintenance Service\maintenanceservice.exe [148792 2015-08-20] (Deutsche Telekom AG)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-08] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R3 GDFwSvc; C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2539560 2015-02-20] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert]
S3 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 StarMoney 10 OnlineUpdate; C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688784 2015-07-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S4 StarMoney 7.0 OnlineUpdate; C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S4 TeamViewer; C:\Program Files\TeamViewer3\TeamViewer_Host.exe [90112 2007-11-29] () [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [108032 2015-04-07] (G Data Software AG)
R3 GDKBB; C:\Windows\system32\drivers\GDKBB32.sys [24192 2015-04-07] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt32.sys [20352 2015-04-07] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [161792 2015-04-07] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon32.sys [29400 2011-07-31] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [73216 2015-04-07] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2015-07-12] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2015-09-17] (G Data Software)
S1 HCW88AUD; C:\Windows\System32\drivers\hcw88aud.sys [11904 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88BDA; C:\Windows\System32\drivers\hcw88bda.sys [207872 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88TSE; C:\Windows\System32\drivers\hcw88tse.sys [299776 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88TUNE; C:\Windows\System32\drivers\hcw88tun.sys [149504 2007-01-23] (Hauppauge Computer Works, Inc.)
S3 hcw88vid; C:\Windows\System32\drivers\hcw88vid.sys [498176 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88XBAR; C:\Windows\System32\drivers\HCW88BAR.sys [23552 2007-01-23] (Hauppauge Computer Works, Inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [87040 2015-04-07] (G Data Software AG)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [48768 2007-07-05] (JMicron Technology Corp.)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-10-17] (SCM Microsystems Inc.)
S3 STC2DFU; C:\Windows\System32\DRIVERS\Stc2Dfu.SYS [7796 2004-10-25] (SCM Microsystems Inc.) [Datei ist nicht signiert]
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (VIA Technologies, Inc.)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [91527 2005-02-26] (VM)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Windows\TEMP\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-23 14:41 - 2015-10-23 14:41 - 00002171 _____ C:\Users\Günter Meier\Desktop\JRT.txt
2015-10-23 13:27 - 2015-10-23 14:31 - 00000000 ____D C:\AdwCleaner
2015-10-23 12:38 - 2015-10-23 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-10-23 12:37 - 2015-10-23 12:37 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-10-23 12:37 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-23 12:37 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-22 12:28 - 2015-10-22 12:28 - 00018287 _____ C:\ComboFix.txt
2015-10-22 11:56 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-22 11:56 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-22 11:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-22 11:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-22 11:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-22 11:56 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-22 11:56 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-22 11:56 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-22 11:45 - 2015-10-22 12:28 - 00000000 ____D C:\Qoobox
2015-10-22 11:41 - 2015-10-22 12:25 - 00000000 ____D C:\Windows\erdnt
2015-10-20 19:19 - 2015-10-23 13:18 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-20 19:19 - 2015-10-23 12:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-20 19:19 - 2015-10-20 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-20 18:46 - 2015-10-20 20:06 - 00000000 ____D C:\Users\Günter Meier\Desktop\mbar
2015-10-20 18:46 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-20 16:16 - 2015-10-23 14:50 - 00000000 ____D C:\FRST
2015-10-20 16:15 - 2015-10-20 16:15 - 00000000 _____ C:\Users\Günter Meier\defogger_reenable
2015-10-17 15:51 - 2015-09-18 19:47 - 00023384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-17 15:51 - 2015-09-18 19:44 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-17 15:51 - 2015-09-18 19:44 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-17 15:51 - 2015-09-18 19:44 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-17 15:51 - 2015-09-18 19:44 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-17 15:51 - 2015-09-18 19:44 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-17 15:51 - 2015-09-18 19:35 - 00999936 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 14:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-14 14:00 - 2015-09-18 20:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 14:00 - 2015-09-16 05:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 14:00 - 2015-09-16 05:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 14:00 - 2015-09-16 05:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 14:00 - 2015-09-16 05:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 14:00 - 2015-09-16 05:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 14:00 - 2015-09-16 05:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 14:00 - 2015-09-16 05:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 14:00 - 2015-09-16 05:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 14:00 - 2015-09-16 05:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 14:00 - 2015-09-16 05:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 14:00 - 2015-09-16 05:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 14:00 - 2015-09-16 05:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 14:00 - 2015-09-16 05:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 14:00 - 2015-09-16 05:23 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 14:00 - 2015-09-16 05:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 14:00 - 2015-09-16 05:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 14:00 - 2015-09-16 05:18 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 14:00 - 2015-09-16 05:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 14:00 - 2015-09-16 05:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 14:00 - 2015-09-16 05:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 14:00 - 2015-09-16 05:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 14:00 - 2015-09-16 05:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 14:00 - 2015-09-16 05:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 14:00 - 2015-09-16 05:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 14:00 - 2015-09-16 04:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 14:00 - 2015-09-16 04:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 14:00 - 2015-09-16 04:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 14:00 - 2015-09-16 04:56 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 14:00 - 2015-09-16 04:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 14:00 - 2015-09-16 04:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 14:00 - 2015-09-16 04:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 14:00 - 2015-09-16 04:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 14:00 - 2015-09-16 04:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 13:57 - 2015-10-01 19:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 13:57 - 2015-10-01 19:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 13:57 - 2015-10-01 19:50 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 13:57 - 2015-10-01 19:50 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 13:57 - 2015-10-01 19:50 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 13:57 - 2015-10-01 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 13:57 - 2015-09-29 05:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-10-14 13:57 - 2015-09-29 05:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 13:57 - 2015-09-29 05:02 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 13:57 - 2015-09-29 04:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 13:57 - 2015-09-29 04:58 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 13:57 - 2015-09-29 04:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 13:57 - 2015-09-29 04:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 13:57 - 2015-09-29 04:58 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 13:57 - 2015-09-29 04:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 13:57 - 2015-09-29 04:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 13:57 - 2015-09-29 04:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 13:57 - 2015-09-29 04:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 13:57 - 2015-09-29 04:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 13:57 - 2015-09-29 04:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 13:57 - 2015-09-29 03:43 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 13:57 - 2015-09-29 03:43 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 13:57 - 2015-09-29 03:43 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 13:57 - 2015-09-15 19:42 - 00139096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 13:57 - 2015-09-15 19:42 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 13:57 - 2015-09-15 19:36 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 13:57 - 2015-09-15 19:36 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 13:57 - 2015-09-15 19:35 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 13:56 - 2015-09-25 19:59 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 13:56 - 2015-09-25 19:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 13:56 - 2015-09-25 19:58 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 13:56 - 2015-09-25 19:58 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 13:56 - 2015-09-25 19:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 13:56 - 2015-09-25 19:58 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 13:56 - 2015-08-06 19:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 13:56 - 2015-08-06 19:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 16:55 - 2015-10-13 16:54 - 00524288 _____ (Simon Tatham) C:\Windows\putty.exe
2015-10-13 14:09 - 2015-10-13 14:09 - 00000000 ____D C:\Users\G�nter Meier
2015-10-12 18:09 - 2015-10-12 18:09 - 00000000 ____D C:\ProgramData\McAfee
2015-10-12 18:08 - 2015-10-23 13:13 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-12 18:08 - 2015-10-23 13:13 - 00002011 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-12 16:11 - 2015-10-12 16:11 - 28565300 _____ C:\Users\Günter Meier\Downloads\AdbeRdr920_de_DE.rar
2015-10-06 22:38 - 2015-10-23 14:33 - 00018582 _____ C:\Windows\PFRO.log
2015-09-25 21:58 - 2015-10-23 14:47 - 00833217 _____ C:\Windows\setupact.log
2015-09-25 21:58 - 2015-09-25 21:58 - 00000000 _____ C:\Windows\setuperr.log

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-23 14:47 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-23 14:43 - 2009-10-24 00:12 - 01699176 _____ C:\Windows\WindowsUpdate.log
2015-10-23 14:43 - 2009-10-23 23:34 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-23 14:43 - 2009-10-23 23:34 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-23 14:31 - 2015-08-10 13:31 - 00000000 ____D C:\Program Files\Amazon
2015-10-23 14:30 - 2014-04-08 08:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-23 13:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-10-23 13:13 - 2015-07-08 15:57 - 00002139 _____ C:\Users\Public\Desktop\simplitec Power Suite.lnk
2015-10-23 13:13 - 2015-06-12 18:57 - 00002102 _____ C:\Users\Public\Desktop\StarMoney 10.lnk
2015-10-23 13:13 - 2015-05-24 11:19 - 00001428 _____ C:\Users\Public\Desktop\ElsterFormular.lnk
2015-10-23 13:13 - 2015-04-23 15:15 - 00001489 _____ C:\Users\Public\Desktop\bibel digital.lnk
2015-10-23 13:13 - 2015-01-06 15:53 - 00002060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herrnhuter Losungen.lnk
2015-10-23 13:13 - 2015-01-06 15:53 - 00002054 _____ C:\Users\Public\Desktop\Herrnhuter Losungen.lnk
2015-10-23 13:13 - 2014-10-10 21:40 - 00001930 _____ C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2015-10-23 13:13 - 2013-12-23 14:08 - 00001064 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2015-10-23 13:13 - 2013-12-22 20:06 - 00001278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser 7 der Telekom.lnk
2015-10-23 13:13 - 2013-12-19 14:09 - 00002164 _____ C:\Users\Public\Desktop\Google Earth.lnk
2015-10-23 13:13 - 2013-03-15 17:02 - 00002136 _____ C:\Users\Public\Desktop\Canon MG8200 series Online-Handbuch.lnk
2015-10-23 13:13 - 2011-03-27 17:46 - 00002115 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-23 13:13 - 2009-10-23 23:35 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-10-23 13:13 - 2009-10-23 23:34 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-10-23 13:13 - 2009-07-14 06:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-23 13:13 - 2009-07-14 06:42 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-10-23 13:13 - 2009-07-14 06:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-10-23 13:13 - 2009-07-14 06:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-10-23 13:13 - 2008-04-11 22:13 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2015-10-23 13:13 - 2008-04-11 22:13 - 00000984 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2015-10-23 13:13 - 2008-03-06 12:56 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
2015-10-23 13:13 - 2008-03-06 12:52 - 00001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
2015-10-23 13:13 - 2008-01-17 14:01 - 00001252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
2015-10-23 13:13 - 2007-12-08 15:48 - 00000952 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
2015-10-23 13:12 - 2009-07-14 06:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-10-23 13:12 - 2009-07-14 06:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-10-23 13:11 - 2015-09-04 18:10 - 00002278 _____ C:\Users\Günter Meier\Desktop\Kindle.lnk
2015-10-23 13:11 - 2015-07-08 18:56 - 00001970 _____ C:\Users\Günter Meier\Desktop\IrfanView Thumbnails.lnk
2015-10-23 13:11 - 2011-04-12 17:01 - 00001124 _____ C:\Users\Günter Meier\Desktop\Smartcard Commander.lnk
2015-10-23 13:11 - 2009-10-24 10:11 - 00001409 _____ C:\Users\Günter Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-23 13:11 - 2009-08-11 10:57 - 00002174 _____ C:\Users\Günter Meier\Desktop\Google Earth.lnk
2015-10-23 13:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\IME
2015-10-23 13:11 - 2009-04-12 16:50 - 00000731 _____ C:\Users\Günter Meier\Desktop\Download -.lnk
2015-10-23 13:11 - 2009-01-01 14:15 - 00001086 _____ C:\Users\Günter Meier\Desktop\IrfanView.lnk
2015-10-23 13:11 - 2008-07-17 09:36 - 00000240 _____ C:\Users\Günter Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Window Switcher.lnk
2015-10-23 13:11 - 2007-11-23 13:33 - 00002346 _____ C:\Users\Günter Meier\Desktop\Nero Burning ROM.lnk
2015-10-22 12:28 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2015-10-22 12:28 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2015-10-22 12:28 - 2006-11-02 15:03 - 00000000 ____D C:\Users\Administrator
2015-10-22 12:19 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-10-22 12:17 - 2009-07-14 04:03 - 76546048 _____ C:\Windows\system32\config\software.bak
2015-10-22 12:17 - 2009-07-14 04:03 - 23330816 _____ C:\Windows\system32\config\system.bak
2015-10-22 12:17 - 2009-07-14 04:03 - 00524288 _____ C:\Windows\system32\config\default.bak
2015-10-22 12:17 - 2009-07-14 04:03 - 00057344 _____ C:\Windows\system32\config\sam.bak
2015-10-22 12:17 - 2009-07-14 04:03 - 00024576 _____ C:\Windows\system32\config\security.bak
2015-10-22 11:38 - 2015-06-12 18:54 - 00000000 ____D C:\Program Files\StarMoney 10
2015-10-20 16:15 - 2009-10-23 23:35 - 00000000 ____D C:\Users\Günter Meier
2015-10-20 16:12 - 2009-10-24 00:23 - 01648344 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-20 16:10 - 2011-02-28 19:30 - 00000000 ____D C:\Temp
2015-10-18 09:49 - 2014-08-09 12:34 - 00000000 ____D C:\Program Files\StarMoney 9.0
2015-10-17 16:25 - 2014-12-12 10:32 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-17 16:25 - 2014-05-06 17:55 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-17 14:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2015-10-17 14:10 - 2015-04-05 22:09 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-17 14:10 - 2014-11-12 17:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-17 14:10 - 2011-07-05 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
2015-10-17 14:10 - 2011-03-27 17:48 - 00000000 ____D C:\ProgramData\Real
2015-10-17 14:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2015-10-17 14:09 - 2009-11-07 21:52 - 00000000 ___RD C:\MSOCache
2015-10-15 09:21 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-10-14 19:10 - 2007-09-17 13:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 19:09 - 2013-08-02 21:57 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 19:01 - 2009-11-11 20:46 - 141105520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-14 19:00 - 2006-11-02 12:23 - 00000219 _____ C:\Windows\win.ini
2015-10-13 16:50 - 2008-08-04 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
2015-10-12 18:07 - 2007-09-17 13:17 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-12 18:07 - 2007-09-17 13:17 - 00000000 ____D C:\Program Files\Adobe
2015-10-12 17:36 - 2007-09-17 13:17 - 00000000 ____D C:\ProgramData\Adobe
2015-10-07 21:17 - 2015-07-13 22:31 - 00000000 ____D C:\Users\Günter Meier\Documents\Bible
2015-09-23 14:21 - 2014-09-24 11:24 - 00000071 _____ C:\Users\Günter Meier\Desktop\i_view32.ini

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-07-08 12:06 - 2015-07-09 09:31 - 0000053 _____ () C:\Users\Günter Meier\AppData\Roaming\LogFile.txt
2007-11-23 10:39 - 2009-01-08 19:29 - 0024206 _____ () C:\Users\Günter Meier\AppData\Roaming\UserTile.png
2015-02-12 10:59 - 2015-02-12 10:59 - 0000000 ____H () C:\Users\Günter Meier\AppData\Local\BITD367.tmp
2009-10-24 11:19 - 2009-10-24 11:19 - 0007609 _____ () C:\Users\Günter Meier\AppData\Local\Resmon.ResmonCfg
2011-12-23 21:57 - 2011-12-23 21:57 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{05CAAA34-0796-4266-BD12-2057BBECAF0B}
2011-07-30 09:28 - 2011-07-30 09:28 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{0766507E-53D7-44AF-A88E-C7EAEF153760}
2011-07-02 10:03 - 2011-07-02 10:08 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{0AE71263-88B3-4D37-9C7D-C0FC1B1FC4B9}
2011-10-18 13:16 - 2011-10-18 13:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{0B5A5CEB-9F36-4CEE-B0B7-2278D1CD416B}
2011-12-16 08:43 - 2011-12-16 08:43 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{17694828-0365-4695-AE08-08D098F41174}
2011-06-09 08:56 - 2011-06-09 08:56 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{189E3064-3E60-407D-B479-4EA6071C647E}
2012-01-11 12:36 - 2012-01-11 12:36 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{1CC4BC34-506A-4F28-849E-9BB689FDD145}
2011-05-12 22:19 - 2011-05-12 22:19 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{1D3488B1-AC49-4CE9-B01A-347A723C9E47}
2014-05-30 09:09 - 2014-05-30 09:09 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{23E58F2C-8DC4-4DE3-8FEF-766B1EEA544E}
2011-12-16 19:24 - 2011-12-16 19:24 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{28F4E85B-9194-4962-B72F-BDF01365858E}
2011-10-19 17:19 - 2011-10-19 17:19 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{29037809-5BF9-45EB-A551-B4F9944569EC}
2011-06-16 22:36 - 2011-06-16 22:36 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{29891808-A8FD-4F02-99A0-45E554B54B83}
2011-05-12 22:15 - 2011-05-12 22:15 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{2A589BD2-D8B8-4CE0-9AEC-9FD96C7E3A7C}
2011-11-10 16:20 - 2011-11-10 16:23 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{33620E34-0CC5-45B2-972D-B205D971AEFF}
2012-01-26 22:26 - 2012-01-26 22:26 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{338C8C87-226E-42F5-97CC-CDDC0BD39DC5}
2011-10-22 17:29 - 2011-10-22 17:29 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{35741B3A-B90E-4C17-980D-693DDC6D92B2}
2015-04-17 09:45 - 2015-04-17 09:49 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{37601423-536C-48D0-BBDF-BB556A35E507}
2011-11-10 16:23 - 2011-11-10 16:23 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{38CD506F-C922-4793-9DB1-A1F71DAE1C80}
2011-06-15 16:11 - 2011-06-15 16:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{3F1A741B-0E83-40B7-9293-F608619820F4}
2011-11-06 20:59 - 2011-11-06 20:59 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{41EB32F3-12BB-4F05-9EEA-C094A182864A}
2011-05-27 09:13 - 2011-05-27 09:13 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{451DD174-B044-4C44-BF45-A905F6CA4F5A}
2011-06-23 17:01 - 2011-06-23 17:01 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{4A257FA5-1DDC-43F7-BC1C-0101E86330DF}
2012-01-20 22:04 - 2012-01-20 22:04 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{4F835A43-90C0-45A9-A01D-30D12E39DA18}
2011-07-15 20:00 - 2011-07-15 20:00 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{5266879B-59A6-4F0B-99B1-F32396F78B0B}
2011-07-07 15:25 - 2011-07-07 15:25 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{565FA85B-71E4-48E4-BC1B-B4D473C9583E}
2011-06-26 16:03 - 2011-06-26 16:03 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{5DD604CF-949E-4EF9-AAE2-E98BF823D8DC}
2011-08-05 21:36 - 2011-08-05 21:36 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{618E2725-2A74-492B-AB68-9C9A7FBC60FA}
2014-09-17 11:32 - 2014-09-17 11:32 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{64A4A4AE-C52B-4208-9DC1-F3A515D33732}
2015-02-12 10:55 - 2015-02-12 10:59 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{6DA6D618-2D09-4E54-B6EA-D48FD2EE3E59}
2011-05-20 21:37 - 2011-05-20 21:37 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{71902AA3-3597-4958-BDBA-6C46016CED28}
2011-09-06 17:20 - 2011-09-06 17:21 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{724E8FC5-F413-4D0C-B0B8-8E9B13C5BE25}
2011-06-17 18:09 - 2011-06-17 18:09 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{77EFB568-7ED5-4EB2-8D60-8BC1540A9FF4}
2011-09-19 18:00 - 2011-09-19 18:04 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{79059305-E922-4911-B8D2-9135AFC051E0}
2012-01-06 19:58 - 2012-01-06 19:58 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{7BD81CF8-BA1F-405F-A974-8E15A12D1560}
2011-12-16 19:26 - 2011-12-16 19:26 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{7E6C24A7-A380-4862-909B-3C42CE67B411}
2011-07-17 08:29 - 2011-07-17 08:33 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{7ECE3187-654D-4E3E-B1E1-FB987C5DC824}
2011-11-10 16:25 - 2011-11-10 16:25 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{80059459-AD63-4EF3-B458-80436D4A91C3}
2011-09-19 18:02 - 2011-09-19 18:02 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{801DF4EC-2545-48AD-9E6B-B9E5F525FB45}
2011-09-14 19:39 - 2011-09-14 19:43 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{8433C909-3DE4-4FF7-BDB5-C71244205008}
2011-07-17 08:30 - 2011-07-17 08:35 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{875F79BE-EE0D-4267-8DE4-28ADBEDD6A58}
2011-07-30 09:29 - 2011-07-30 09:29 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{877CAC26-F3F4-4A4E-9FC9-D8B8DC3DC326}
2011-11-06 20:56 - 2011-11-06 20:56 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{89E76C26-CEDF-4184-82AE-3B1E5394A189}
2011-06-14 14:42 - 2011-06-14 14:42 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{8ED483F8-95C4-449A-B875-08FBA12129FF}
2011-10-07 18:16 - 2011-10-07 18:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{91EFF962-614A-45F8-9B30-57FBF9D336C6}
2011-06-15 16:09 - 2011-06-15 16:14 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{94858006-C678-4BCF-B655-CC82F18CB6C1}
2011-10-30 15:06 - 2011-10-30 15:06 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{96A82280-66E2-438B-BA18-9357DF72FEDD}
2011-11-03 18:14 - 2011-11-03 18:14 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{97F44D2C-D6DE-4D4B-8FF6-9DA56B1FB7E5}
2011-06-08 12:25 - 2011-06-08 12:25 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A01F53D9-7AFF-4AA4-8C51-541D0653CD1E}
2011-06-09 08:58 - 2011-06-09 08:58 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A1C1B8D0-278C-4B74-92BE-77ABC7A2B36B}
2011-12-06 10:44 - 2011-12-06 10:44 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A31325A4-1936-4BBF-A614-C4901C6F3313}
2011-12-17 11:13 - 2011-12-17 11:13 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A34EC897-35C0-45AE-9061-6D13B9F064C5}
2011-11-15 15:53 - 2011-11-15 15:53 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A50C05E7-36C0-41CD-A151-312C267A8F93}
2011-10-02 22:06 - 2011-10-02 22:06 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A6546426-9765-47B3-A4B5-8833E3728509}
2011-11-03 18:16 - 2011-11-03 18:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A65891F9-D1DC-4710-A18B-59195499AD25}
2012-01-06 19:56 - 2012-01-06 19:56 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A7E6BDF8-283D-4421-AFB2-449C1D5038C4}
2012-02-01 09:28 - 2012-02-01 09:28 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{AA7D708B-14B4-48CA-BB7B-EBC8D4578E6C}
2012-01-11 22:22 - 2012-01-11 22:22 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{AAB15AF0-99F7-416A-A202-9B120F5AFC76}
2014-07-11 09:15 - 2014-07-11 09:15 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{ABEA0400-D334-4F95-BDB4-85D0FFE3916D}
2011-07-17 18:35 - 2011-07-17 18:35 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{AC3DF61D-2DE3-41B9-B4A9-239938F825C7}
2011-07-06 09:24 - 2011-07-06 09:24 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{B2A65E21-ED83-41A4-BDF9-6898D2BD17C7}
2011-08-01 11:03 - 2011-08-01 11:04 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{BC517638-F267-4F06-926C-C1BBB488A79F}
2011-06-19 13:12 - 2011-06-19 13:12 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{BDA60C25-42C9-4EC4-9957-33B1206E85A2}
2011-11-09 22:01 - 2011-11-09 22:03 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{C102085D-C45E-4EA1-B94A-70AD439FE9EA}
2011-10-12 12:33 - 2011-10-12 12:33 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{CDD78E85-8B3D-43A0-B667-60152FD93FA4}
2011-12-16 08:45 - 2011-12-16 08:45 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{CEC7DA45-826C-4850-8A58-567EC29FC7D4}
2011-09-14 19:41 - 2011-09-14 19:41 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{D161D418-F4E5-4391-A183-9A90BA48F3AD}
2011-06-24 12:21 - 2011-06-24 12:21 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{D5119CE5-BDA0-4DDC-AAAF-21CCABC1C9DD}
2011-11-03 18:17 - 2011-11-03 18:17 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{D82FFAB7-3D57-49A8-8D08-5AFE6035D856}
2012-01-09 11:33 - 2012-01-09 11:34 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DAB70909-1C31-4C50-BA6D-8A1DBC16C007}
2011-06-11 17:02 - 2011-06-11 17:02 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DB4E76D0-D1A0-4DED-9618-FBC8D03F53C2}
2011-06-10 18:00 - 2011-06-10 18:01 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DC29E31A-B235-4BC6-A04B-0D1810A2B392}
2011-09-19 18:06 - 2011-09-19 18:06 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DF19300C-A2C8-4C8B-AA5F-2FDEA33BA72A}
2011-10-10 22:01 - 2011-10-10 22:01 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E1D28314-940E-4F2E-950F-7B627D0F8245}
2011-06-23 16:59 - 2011-06-23 16:59 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E3048784-D47B-4F95-BCB2-17CAC094F43A}
2011-07-31 11:49 - 2011-07-31 11:49 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E467D0D2-A4F5-469E-A910-783FD1A073CE}
2011-12-04 16:38 - 2011-12-04 16:38 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E58633B9-ACF2-4DF5-B796-C6E479EF246D}
2011-10-14 16:21 - 2011-10-14 16:21 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{EAD67AE9-0963-41F1-B934-5FB345612BE3}
2011-09-16 10:57 - 2011-09-16 10:57 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{F3CC78FF-402B-4FF3-A996-24ED5C370D3F}
2011-06-24 12:17 - 2011-06-24 12:17 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{F5C3197E-C3C0-42C9-BE75-9A8896599CD3}
2011-12-17 11:16 - 2011-12-17 11:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{FB2FD8B0-9BAB-4F35-9EE2-00E8FC1372C6}

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Günter Meier\ger21008.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-23 13:45

==================== Ende vom FRST.txt ============================
         
--- --- ---


Addition.txt:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:18-10-2015
durchgeführt von Günter Meier (2015-10-23 14:51:45)
Gestartet von E:\winguenter\bin
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2009-10-24 08:10:48)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3597727890-3998022267-917300989-500 - Administrator - Disabled)
Gast (S-1-5-21-3597727890-3998022267-917300989-501 - Limited - Enabled)
Günter Meier (S-1-5-21-3597727890-3998022267-917300989-1000 - Administrator - Enabled) => C:\Users\Günter Meier
UpdatusUser (S-1-5-21-3597727890-3998022267-917300989-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: G DATA INTERNET SECURITY (Enabled - Out of date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA INTERNET SECURITY (Enabled - Out of date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90000000001}_Adobe Reader 9 - Deutsch) (Version:  - )
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Browser 7 der Telekom 39.0.15 (x86 de) (HKLM\...\Browser 7 der Telekom 39.0.15 (x86 de)) (Version: 39.0.15 - Deutsche Telekom AG)
Browser 7 Maintenance Service (HKLM\...\Browser7MaintenanceService) (Version: 33.1.17 - Deutsche Telekom AG)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version:  - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon MG8200 series Benutzerregistrierung (HKLM\...\Canon MG8200 series Benutzerregistrierung) (Version:  - )
Canon MG8200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8200_series) (Version:  - )
Canon MG8200 series On-screen Manual (HKLM\...\Canon MG8200 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM\...\MP Navigator EX 5.1) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
CHIPDRIVE Smartcard Commander (HKLM\...\CHIPDRIVE Smartcard Commander_CDInst21) (Version:  - SCM Microsystems)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.0 - Corel Corporation) Hidden
Duden Korrektor (HKLM\...\InstallShield_{91BF142C-E8C0-4279-A98D-A61A4404CF56}) (Version: 5.00.1507.00 - Duden)
Duden Korrektor (Version: 5.00.1507.00 - Duden) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen)
G DATA INTERNET SECURITY (HKLM\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.4 - G DATA Software AG)
GEAR 32bit Driver Installer (HKLM\...\{E89B484C-B913-49A0-959B-89E836001658}) (Version: 2.005.1 - GEAR Software, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth (HKLM\...\{9509674F-3972-11DE-806D-005056806466}) (Version: 5.0.11733.9347 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Herrnhuter Losungen (HKLM\...\{2DEEC41F-02B0-4BC4-819A-2355E8B1C398}) (Version: 3.4.0 - Evang. Brüderunität Herrnhut)
ICQ6.5 (HKLM\...\{60DE4033-9503-48D1-A483-7846BD217CA9}) (Version: 6.5 - ICQ)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
JMB36X Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
LightScribe  1.4.136.1 (Version: 1.4.136.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XML Parser und SDK (HKLM\...\{35343FF7-939B-401A-87B3-FF90A5123D88}) (Version: 4.10.9404.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Premium (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301031}) (Version: 7.02.9753 - Nero AG)
Office-Bibliothek (HKLM\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.00.3 - Bibliographisches Institut & F.A. Brockhaus AG)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Online Bibel 12.07.02 (HKLM\...\OnlineBible) (Version:  - )
Online Bibel 12.07.02 (HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\OnlineBible) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paint.NET v3.30 (HKLM\...\{FF09A6A1-4DE5-467D-AA26-EF18C0EA4DAB}) (Version: 3.30.0 - dotPDN LLC)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Platform (Version: 1.24 - VIA Technologies, Inc.) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SCR3xx USB Smart Card Reader (HKLM\...\{7EABFCD9-9F26-4E2C-A762-73ABE2C54E95}) (Version: 8.18.0001 - SCM Microsystems)
simfy (HKLM\...\Simfy) (Version: 1.4.8 - simfy GmbH)
simfy (Version: 1.4.8 - simfy GmbH) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.6140 - Analog Devices)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
StarMoney (Version: 2.0 - StarFinanz) Hidden
StarMoney (Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney (Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10  (HKLM\...\{BEA4756B-BD9D-49AA-9260-C496B3D8F8E1}) (Version: 10 - Star Finanz GmbH)
StarMoney 6.0 S-Edition (HKLM\...\{60459C52-DCD5-408F-925E-4AD20D9DAFD8}) (Version: 6.0 - StarFinanz GmbH)
StarMoney 9.0  (HKLM\...\{172EC92E-003F-47B8-8E38-00A3FD455467}) (Version:  - )
StarMoney 9.0  (HKLM\...\{2262CF96-D326-4926-885E-AA3B7E4E7368}) (Version: 9.0 - Star Finanz GmbH)
TeamViewer 3 (HKLM\...\TeamViewer 3) (Version:  - TeamViewer GmbH)
TSP_CODEC (HKLM\...\{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}) (Version: 1.00.0000 - Bytescribe)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{0C5B0539-7EDE-4297-947E-48890971B557}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PRO_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PRO_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PRO_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PRO_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{1796A329-04C1-4C07-B28E-E4A807935C06}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{1A239250-B650-4B63-B4CF-7FCC4DC07DC6}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{2C9357FA-97F8-4213-B712-A4CCF03AE379}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\AlexaWebSearch.dll (Bitmanagement)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Windows\system32\config\systemprofile\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{42DF0D46-7D49-4AE5-8EF6-9CA6E41EFEC1}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{44EA0FF7-08B7-4B7F-A594-F7F94A2B60F7}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\GoogleSearch.dll (SpaceTime)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.1\psuser.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{5D052CD7-6CAE-463C-99FF-0159EABFE66E}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\SpaceTime3D.ocx (SpaceTime 3D, Inc)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{63E6BE14-A742-4EEA-8AF3-0EC39F10F850}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{645EEE5A-BD51-4C05-A6AF-6F2CF8950AAB}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{77C4C807-E257-43AD-BB3F-7CA88760BD29}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{8097D7E9-DB9E-4AEF-9B28-61D82A1DF784}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{9059C329-4661-49B2-9984-8753C45DB7B9}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{9919BE4D-9E6F-4732-9E4E-5F83ABB62FEB}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\websearch.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{998FA181-D5BB-4548-9CB6-7FC105A0A327}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\wavdest.ax ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{A2D4475B-C9AA-48E2-A029-1DB829DACF7B}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{A4F65992-5738-475B-9C16-CF102BCDE153}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{B153D707-447A-4538-913E-6146B3FDEE02}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{B3C985DA-45C2-417D-B11B-6E6484A725F1}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\RSSSearch.dll (SpaceTime3D inc)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{BF9A5794-8AF5-46FA-8865-EAF65CD654A8}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\Compass.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{CB27DAA3-E581-4777-A725-F32B47EDBDCF}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\Compass.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{CBD4FB70-F00B-4963-B249-4B056E6A981A}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Windows\system32\config\systemprofile\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{D6F407CF-E8AE-469D-9FC7-1DECAEDAAD9A}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\websearch.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{D93BF052-FC68-4DB6-A4F8-A4DC9BEEB1C0}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{F4F7B301-7C59-4851-BA97-C51F110B590F}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\earthps.dll ()

==================== Wiederherstellungspunkte =========================

08-10-2015 19:32:53 Windows Update
12-10-2015 17:32:09 Removed Adobe Reader XI (11.0.11) - Deutsch.
12-10-2015 17:33:54 Removed Adobe Reader XI (11.0.11) - Deutsch.
12-10-2015 17:35:46 Removed Adobe Reader XI (11.0.11) - Deutsch.
13-10-2015 14:07:29 Windows Update
13-10-2015 17:15:19 Removed simfy
14-10-2015 13:12:23 Wiederherstellungsvorgang
14-10-2015 13:30:34 Removed simfy
14-10-2015 14:16:04 Windows Update
14-10-2015 18:52:43 Windows Update
15-10-2015 17:56:52 Windows Update
17-10-2015 14:04:53 Wiederherstellungsvorgang
17-10-2015 16:24:23 Windows Update
23-10-2015 14:36:49 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2006-11-02 12:23 - 2015-10-22 12:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {00D58F06-E0E1-4A74-9DCC-17ED108F0BEB} - System32\Tasks\{47C57D00-1548-4256-9285-CBEED6687977} => pcalua.exe -a H:\setup.exe -d H:\ -c autorun
Task: {0588BB0D-C82E-4CC1-92A1-4224DA648CFB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0E9F0C20-BCE3-499C-A966-F734C28C163E} - System32\Tasks\{8FE32562-C235-4FAB-9A6D-03D63CA7D940} => pcalua.exe -a C:\Windows\System32\config\systemprofile\Downloads\browser7_setup(1).exe -d C:\Windows\System32\config\systemprofile\Downloads
Task: {1104AA23-EFC9-449A-80B1-8D2AC7522A6D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {14E7FE71-8001-4321-89D5-08F1290FB27F} - System32\Tasks\{CE475AAD-AFC9-42A3-9D97-A57126633DF0} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\aomwin200ea24.exe" -d "C:\Program Files\Mozilla Firefox"
Task: {1F743136-E9A5-4E4F-93EA-600712E0DC7B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {220210B8-C66A-44C3-9E69-2CC5ADC162CF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597727890-3998022267-917300989-1000Core => C:\Users\Günter Meier\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {2D80F328-4163-4F70-8A20-E3DA5EE5DC86} - System32\Tasks\{6B8F0279-9C50-4EDB-BFC5-881052B5558C} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {38E40A51-8080-4086-82A7-ADE3C56521D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {3FD8EA5F-ED3E-4A8E-A9E8-17FED68D3BCF} - System32\Tasks\{D6456F15-B695-4531-A08C-703557131E8B} => pcalua.exe -a D:\smoney_m_18_0_01234567_0000011022_j_.exe -d D:\
Task: {4BA14185-3A0A-425D-B5F8-F67D75F2F8F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {4C2F9702-1EE5-473A-A1D7-6E20635A84B8} - System32\Tasks\{515B8E38-020F-42EF-BBA0-FF5772AA7ACE} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {4E109E6D-3616-4CCD-BE29-95646479A919} - System32\Tasks\{151811DA-8574-4F07-B4E3-BC0CC70C5210} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {5DCBDA99-E748-4AB4-BEE6-ACD450989D75} - System32\Tasks\{D5DC5CA7-AF3F-444F-8CAE-BF2020269A3A} => pcalua.exe -a "C:\Program Files\Bible\OlbDel.Exe" -c "Online Bibel" "Online Bibel" "C:\Users\Günter Meier\Documents\Bible\" "C:\Users\Public\Documents\Online Bible\"
Task: {5E2CC2C0-064B-4059-B917-4D504F3AACD0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {63AE1EE3-64C8-48DE-9C54-45711309E921} - System32\Tasks\{9C90A1E7-FADF-400F-B72A-CBE75816D972} => pcalua.exe -a "C:\bibel digital\mfbo2a32.exe" -d C:\Windows\system32\config\systemprofile\Desktop
Task: {75D3157F-439F-4E84-924A-FA650AB4F69A} - System32\Tasks\{A7B6B988-1FC5-42A4-BD45-CD7EE5F1C1DA} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {848A33C2-A5F0-497A-B08C-EAC01706C1E8} - System32\Tasks\{A2D23527-3082-44BC-8390-0526D67B3D46} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe" -c -runfromtemp -l0x0007 -removeonly
Task: {8B815B25-1B02-4957-A89E-2A3E1321533E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8E3BF495-571E-40DD-B913-C302BD618019} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {911023DE-5FF7-409F-A38A-476275210A5B} - System32\Tasks\{F5595CA3-EF8C-4FF9-9CC8-3F5BFDE3A806} => pcalua.exe -a I:\InstallTomTomHOME.exe -d I:\
Task: {96EDA8E3-5C17-4AF4-9537-3FF2530B08E6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A61C90FA-B985-462E-A804-70558A90C134} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Günter Meier => C:\Program Files\Windows Calendar\WinCal.exe
Task: {A64AE6AE-1A92-403B-8196-EE4C17077740} - System32\Tasks\{88B1E977-17F5-4EAF-BA92-03B89D785644} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {CB0E91C7-DAEF-4541-8AF5-29BAFA96EBFD} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-09-18] (Microsoft Corporation)
Task: {D2AE73FE-E2C5-431A-918B-F03363307423} - System32\Tasks\{A37709E2-5C8D-4187-ACBD-0664905177B7} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\teledatX120\Konfig\V3_02_02\_ISDel.exe" -d "C:\Users\Günter Meier\Downloads\teledatX120\Konfig\V3_02_02"
Task: {D57B9C09-4511-4F89-93BE-71AF5F9DCACC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {DBCEE112-EA9A-4F16-9C36-EE9EF50D3571} - System32\Tasks\{6EA55286-8D0E-467A-9FB0-F5B315B5ABA8} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\wmp11-windowsxp-x86-DE-DE.exe" -d "C:\Users\Günter Meier\Downloads"
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {ED4CB7E8-51FB-4A5C-B797-622CD46DAF23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {FBB31E70-84F8-4478-8FCA-7B0A64BD4336} - System32\Tasks\{B09EF877-27B6-4235-882D-C184CF3EF917} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\GER_R_FUL_AV.exe" -d "C:\Users\Günter Meier\Downloads"

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2009-05-04 13:10 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2015-02-20 05:42 - 2015-02-20 05:42 - 00317560 ____N () C:\Program Files\Common Files\G DATA\AVKProxy\PktIcpt2.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Günter Meier\Documents\Fotovorlagen:com.dropbox.attributes

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\amazon.de -> amazon.de
IE trusted site: HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\amazon.de -> amazon.de


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: StarMoney 7.0 OnlineUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe

==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [UDP Query User{DB1B0F8C-F8B0-4EDB-8050-9903D99C271E}C:\program files\icq6.5\icq.exe] => (Allow) C:\program files\icq6.5\icq.exe
FirewallRules: [TCP Query User{D2ED50E5-ECBA-4948-A737-CD574422ED83}C:\program files\icq6.5\icq.exe] => (Allow) C:\program files\icq6.5\icq.exe
FirewallRules: [UDP Query User{BC1B4E24-7EBD-4EC5-8594-55F8ACBD8274}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{040CD7D5-ECE8-49EE-8A50-977C4F681C43}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D6F4D7DB-4845-47F1-8E55-8DA46042BA13}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{C87F02C0-6E69-4D92-8920-9E65E63E4FAD}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{C7D6D316-A356-4310-AD6B-4981B9F8B777}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{DE344125-C3EF-4BAD-B2DA-A1599E5EB1BB}] => (Allow) svchost.exe
FirewallRules: [{A50D645D-011F-492D-BF38-EB7A6863AAFC}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [UDP Query User{B8EF7B60-2422-4342-975E-B6A2067C6871}C:\program files\icq6\icq.exe] => (Allow) C:\program files\icq6\icq.exe
FirewallRules: [TCP Query User{ADEC9F8E-8625-48A4-8A60-2D04234396AE}C:\program files\icq6\icq.exe] => (Allow) C:\program files\icq6\icq.exe
FirewallRules: [{4FDB4FE1-D932-4439-B87F-6A438835C552}] => (Allow) C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{1405F477-C137-4B8B-BACB-752782BF0BC4}] => (Allow) C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{6E52F4DD-1DB8-41B7-9EF9-C1720B1071EB}] => (Allow) C:\Program Files\StarMoney 7.0\app\StarMoney.exe
FirewallRules: [{F450EACA-F7F1-4C16-A862-CF5650E61586}] => (Allow) C:\Program Files\StarMoney 7.0\app\StarMoney.exe
FirewallRules: [{61D8180E-69E0-44D0-9825-CC55CF9E77C6}] => (Allow) C:\Users\Günter Meier\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4A8ADBAB-8CB2-412F-9430-A58A7062D98A}] => (Allow) C:\Users\Günter Meier\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7ED9393A-D714-4C67-9066-BF5760279FD2}] => (Allow) C:\Windows\Temp\IMInstaller\incredimail_installer.exe
FirewallRules: [{2B44D336-9058-41C8-A627-DC2FDDC1806E}] => (Allow) C:\Windows\Temp\IMInstaller\incredimail_installer.exe
FirewallRules: [{80368D74-E7DB-4F7D-9F02-FE106A76A00C}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{A79CA6CC-A682-419D-89DB-DAFEC93D724D}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{FA0986BF-4915-4DED-8AA2-F7586A6F7D5F}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{B17CA17F-6034-4B49-8DB8-0FEADF7E93F0}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{AF7D77F4-EE2A-42EB-8D13-DE4BAA176B5C}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{8839229D-A821-4495-B79D-C6C553E3B29B}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{AD490351-CD10-40EA-BEDE-0B79B2C331DC}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{1D8D05B8-D46B-4950-A9EA-85D92F3AC71E}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{426AFD31-A30C-4BF1-9A5A-F7DBC1566220}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5CC9264A-17A9-4A6D-9838-E6D64973F460}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{FA888CC4-0283-403E-AE44-9D88A46A0B0F}] => (Allow) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{BCB71965-94DE-47A3-A9D1-C5C6D2D725D6}] => (Allow) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{1861CF61-4EE2-419C-A3AC-45A526472F52}] => (Allow) C:\Program Files\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{9B399FA5-CE50-4C73-9E33-32D5720D2CC2}] => (Allow) C:\Program Files\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{44117AEF-EC60-4924-8622-141C42DBFD8C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1B8582D3-9153-4A84-81D8-2E2FA904916A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6DC934A1-CABE-47C3-BBDB-E667D26D3764}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7C5467E3-0AB4-4B05-BFC8-814A14D88C16}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2E237F61-D6B4-483C-8DC3-5C4AAAC08574}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{113776B5-2BE7-429B-81AD-DFA7850A78F3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{45F2DD33-BBFF-4866-B9F7-8717AF298B0C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7936D596-1165-4FC0-9D83-E8E564CCA25E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FFE1557E-0267-4A9F-A333-F610BFFFF2BF}] => (Allow) C:\Program Files\Deutsche Telekom AG\Browser 7\Browser7.exe
FirewallRules: [{B72C2DE3-F7AA-4039-AEA3-8BB23726543C}] => (Allow) C:\Program Files\Deutsche Telekom AG\Browser 7\Browser7.exe
FirewallRules: [{0499696A-7CFA-4E00-828B-6676988C9DDB}] => (Allow) C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{CA378E91-2269-4F8E-BACA-3192532B1733}] => (Allow) C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{4E1E623C-3507-4E41-9191-EF317A05B33E}] => (Allow) C:\Program Files\StarMoney 10\app\StarMoney.exe
FirewallRules: [{1C0E5D20-0F39-4ED0-9D73-DF44A2AFC3A5}] => (Allow) C:\Program Files\StarMoney 10\app\StarMoney.exe
FirewallRules: [{D998154B-4F5B-4463-BCAC-F41B4C4A1B74}] => (Allow) C:\Program Files\simplitec\simplifast\PowerSuite.exe
FirewallRules: [{5F41C9C5-062A-4596-97B6-DFBBC6F0DC27}] => (Allow) C:\Program Files\simplitec\simplifast\PowerSuite.exe
FirewallRules: [{7D72ECE0-A4AC-4AFD-ADFA-3227298E9BC1}] => (Allow) C:\Program Files\simplitec\simplifast\ServiceProvider.exe
FirewallRules: [{603A4EB2-8FEA-47A0-BEBD-5A84320106B6}] => (Allow) C:\Program Files\simplitec\simplifast\ServiceProvider.exe
FirewallRules: [{BD375068-A645-4810-A32E-ABD60014A60E}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\PowerSuite.exe
FirewallRules: [{9FEE394B-0061-4D96-A2E2-76639C645CA1}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\PowerSuite.exe
FirewallRules: [{5DE97CF7-47B0-481A-97A9-687C8F0A499E}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{1414BB0A-2983-49C1-9CA9-D75704B9C143}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{7370E5AC-5D97-4D83-B08C-5670587B2597}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{88FA3FBE-7657-42DB-82D2-DED836237376}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{782E3989-2D24-41B6-BB25-C48C3B5A2CC2}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{61AEEFA5-E66E-410B-8EB3-C8D9EC32B8B4}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{9FD6D478-AA5F-4ACD-80D1-AEA25B738887}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{72A6D150-1990-4F46-A338-7AA7CC7D3EDC}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{E8ABAB9E-FE3C-41CF-9CEA-4ADBF486523C}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/22/2015 11:57:13 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x800706be).

Error: (10/18/2015 06:49:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Browser7.exe, Version: 39.0.3.5700, Zeitstempel: 0x55c88cd2
Name des fehlerhaften Moduls: xul.dll, Version: 39.0.3.5700, Zeitstempel: 0x55c88e9c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00b1ba22
ID des fehlerhaften Prozesses: 0xecc
Startzeit der fehlerhaften Anwendung: 0xBrowser7.exe0
Pfad der fehlerhaften Anwendung: Browser7.exe1
Pfad des fehlerhaften Moduls: Browser7.exe2
Berichtskennung: Browser7.exe3

Error: (10/17/2015 05:32:25 PM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Can not connect to Process Manager (0)

Error: (10/17/2015 03:47:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: GÜNTER-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6500}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/17/2015 02:00:47 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR missing /Name: option

Error: (10/17/2015 02:00:47 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR CFG File; none found

Error: (10/17/2015 02:00:47 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR Multistring not found: RegDefragNT.exe

Error: (10/17/2015 02:00:22 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR missing /Name: option

Error: (10/17/2015 02:00:22 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR CFG File; none found

Error: (10/17/2015 02:00:22 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR Multistring not found: RegDefragNT.exe


Systemfehler:
=============
Error: (10/23/2015 02:48:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst StarMoney 9.0 OnlineUpdate erreicht.

Error: (10/23/2015 02:48:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst StarMoney 10 OnlineUpdate erreicht.

Error: (10/23/2015 02:40:11 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Modules Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (10/23/2015 02:38:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/23/2015 02:38:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/23/2015 02:38:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "RealNetworks Downloader Resolver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/23/2015 02:38:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Protexis Licensing V2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/23/2015 02:38:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/23/2015 02:38:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/23/2015 02:34:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst StarMoney 9.0 OnlineUpdate erreicht.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz
Prozentuale Nutzung des RAM: 57%
Installierter physikalischer RAM: 2046.49 MB
Verfügbarer physikalischer RAM: 878.01 MB
Summe virtueller Speicher: 4092.98 MB
Verfügbarer virtueller Speicher: 2671.92 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:218.79 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive e: (KINGSTON) (Removable) (Total:58.58 GB) (Free:58.19 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E7AFE7AF)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 58.6 GB) (Disk ID: C9D93779)
Partition 1: (Active) - (Size=58.6 GB) - (Type=0C)

==================== Ende vom Addition.txt ============================
         

Gruss,
Tom

Alt 24.10.2015, 18:34   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar - Standard

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.10.2015, 16:26   #11
tb87
 
Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar - Standard

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar



ESET Log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3adff8bf93085c4db9914926dfae73c4
# end=init
# utc_time=2015-10-25 08:53:34
# local_time=2015-10-25 09:53:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26399
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3adff8bf93085c4db9914926dfae73c4
# end=updated
# utc_time=2015-10-25 08:56:45
# local_time=2015-10-25 09:56:45 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3adff8bf93085c4db9914926dfae73c4
# engine=26399
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-10-25 12:02:18
# local_time=2015-10-25 01:02:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='G DATA INTERNET SECURITY'
# compatibility_mode=4112 16777213 100 100 15790 21376810 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 174938 197405729 0 0
# scanned=263305
# found=14
# cleaned=0
# scan_time=11132
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\config\systemprofile\AppData\Roaming\Fighters\Tray\AutoInstall\DM.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\config\systemprofile\AppData\Roaming\Fighters\Tray\Updates\TKTRAY-DM\DM.exe.vir"
sh=90F3018479A7D53FBD252C5910FB7C1C55F6844A ft=1 fh=b6a7e643392b01bc vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\faq_8A71AEBB623B46A0B934103F1A762800.exe"
sh=99FEB67B41F04041C2DD5897142C7E07C0A7D630 ft=1 fh=c125cbaeea0673e9 vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\LicenseShortcut_303A72A482D54D67B5D168C047EE3E11.exe"
sh=92B466674B4B39B478774A7F8EC2C19BA57B8DA2 ft=1 fh=9581fee5c122095a vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\LogFilesCollectorS_95204E1E4B3B4767821B1FAD987C2D2D.exe"
sh=2F5CC49C2D4FFA2C589CE9008CFDA9176346B041 ft=1 fh=c4cf5f621356b736 vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\MainExe32Shortcut1_8A7FE1F5DFFF4F28A38F8DECA8F9F72A.exe"
sh=83D1E9F467FA784A84602885E8F490F1F2550EB8 ft=1 fh=e1e128c783531a5d vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\MainExe32Shortcut_B53671B5D9A445549437680533116875.exe"
sh=94069234AD87CF1A10B2E64FB3768AD63D9E6589 ft=1 fh=1ebfba59104772d6 vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\NewShortcut10_87735DA8B8974C24BDFBDDE8F2D2DF1A.exe"
sh=80088700F9C897E1A39460D96550E514A7AB65B8 ft=1 fh=d83c62338b5c5957 vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\UninstallIcon.exe"
sh=DF5AFCFA723A9EFCB09246976FCB221F7602C997 ft=1 fh=c71c0011d7b6ffae vn="Win32/Toolbar.MyWebSearch.AO evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Roaming\Deutsche Telekom AG\Browser7\Profiles\h0o2lqy4.default\extensions\8hffxtbr@download.allin1convert.com\plugins\NativeMessagingDispatcher.dll"
sh=DF5AFCFA723A9EFCB09246976FCB221F7602C997 ft=1 fh=c71c0011d7b6ffae vn="Win32/Toolbar.MyWebSearch.AO evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Roaming\Deutsche Telekom AG\Browser7\Profiles\h0o2lqy4.default\extensions\9tffxtbr@free.internetspeedtracker.com\plugins\NativeMessagingDispatcher.dll"
sh=A53D469C3534BCA8CC5CFF8A1D555D500E4043F5 ft=1 fh=3f3049abd7258b60 vn="NSIS/StartPage.CB Trojaner" ac=I fn="C:\Windows\System32\config\systemprofile\Downloads\routenplanung(1).exe"
sh=A53D469C3534BCA8CC5CFF8A1D555D500E4043F5 ft=1 fh=3f3049abd7258b60 vn="NSIS/StartPage.CB Trojaner" ac=I fn="C:\Windows\System32\config\systemprofile\Downloads\routenplanung.exe"
sh=1A5A883A8A6169B8FBF4EA56A53F545F9B6250D8 ft=1 fh=b961cb9440afcf45 vn="Variante von Win32/SlowPCfighter.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\Downloads\slow-pcfighter_Web.exe"
         
checkup.txt:
Code:
ATTFilter
 Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
G DATA INTERNET SECURITY   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 26  
 Java version 32-bit out of Date! 
  Adobe Flash Player 	17.0.0.190 Flash Player out of Date!  
 Adobe Reader 8 Adobe Reader out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
 Adobe Reader XI (KB403742..) 
 Google Chrome (45.0.2454.85) 
 Google Chrome (46.0.2490.80) 
````````Process Check: objlist.exe by Laurent````````  
 G DATA InternetSecurity Firewall GDFirewallTray.exe 
 G DATA InternetSecurity Firewall GDFwSvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST.txt:

FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:18-10-2015
durchgeführt von Günter Meier (Administrator) auf GÜNTER-PC (25-10-2015 13:38:04)
Gestartet von E:\winguenter\bin
Geladene Profile: Günter Meier (Verfügbare Profile: Günter Meier & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files\Deutsche Telekom AG\Browser 7\Browser7.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(G Data Software AG) C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(G DATA Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Günter Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-08-05]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Tcpip\..\Interfaces\{92B1362F-D2B4-4AA3-8BF2-48D0F0646CDB}: [NameServer] 141.1.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_sp_
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tag=bds-p08-serp-de-ie-21&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_ds_&query={searchTerms}
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {05C72334-11F3-4e9f-8740-98128F52EFB9} URL = hxxp://google.ie7pro.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p08_serp_ie_de_display?ie=UTF8&tagbase=bds-p08&tag=bds-p08-serp-de-ie-21&tbrId=v1_abb-channel-8_ad305e1609dc46fab7cd8417379de292_1036_1068_20150810_DE_ie_ds_&query={searchTerms}
SearchScopes: HKU\S-1-5-21-3597727890-3998022267-917300989-1000 -> {CB779390-9FC4-4A00-B031-3CD9A1C8A67A} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-03] (Sun Microsystems, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default
FF DefaultSearchUrl: hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF SelectedSearchEngine: Inbox Suchen
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-26] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-12-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-12-23] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-25] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-3597727890-3998022267-917300989-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3597727890-3998022267-917300989-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3597727890-3998022267-917300989-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Windows\system32\config\systemprofile\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-04-16] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2008-06-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2009-08-03] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-12-23] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-12-23] (RealPlayer)
FF SearchPlugin: C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\searchplugins\inbox-search.xml [2014-02-03]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-27] [ist nicht signiert]
FF Extension: Blue Ice 2 - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\Extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa} [2008-08-04] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-11] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-23] [ist nicht signiert]
FF Extension: Kein Name - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\AppGraffiti@AppGraffiti.com [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [nicht gefunden]
FF Extension: Kein Name - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [nicht gefunden]
FF Extension: Kein Name - C:\Users\Günter Meier\AppData\Roaming\Mozilla\Firefox\Profiles\ywlhf9be.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [nicht gefunden]

Chrome: 
=======
CHR Profile: C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-04-01]
CHR Extension: (RebateInformer) - C:\Users\Günter Meier\AppData\Local\Google\Chrome\User Data\Default\Extensions\odbbfaealmlpnodchplhdomkgpdkeeal [2013-03-06]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AVKProxy; C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2528888 2015-04-16] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2876888 2015-04-07] (G Data Software AG)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [Datei ist nicht signiert]
S3 Browser7Maintenance; C:\Program Files\Browser 7 Maintenance Service\maintenanceservice.exe [148792 2015-08-20] (Deutsche Telekom AG)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-08] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R3 GDFwSvc; C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2539560 2015-02-20] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert]
S3 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 StarMoney 10 OnlineUpdate; C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688784 2015-07-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S4 StarMoney 7.0 OnlineUpdate; C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S4 TeamViewer; C:\Program Files\TeamViewer3\TeamViewer_Host.exe [90112 2007-11-29] () [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 eapihdrv; C:\Windows\TEMP\ehdrv.sys [135760 2015-10-25] (ESET)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [108032 2015-04-07] (G Data Software AG)
R3 GDKBB; C:\Windows\system32\drivers\GDKBB32.sys [24192 2015-04-07] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt32.sys [20352 2015-04-07] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [161792 2015-04-07] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon32.sys [29400 2011-07-31] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [73216 2015-04-07] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2015-07-12] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2015-09-17] (G Data Software)
S1 HCW88AUD; C:\Windows\System32\drivers\hcw88aud.sys [11904 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88BDA; C:\Windows\System32\drivers\hcw88bda.sys [207872 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88TSE; C:\Windows\System32\drivers\hcw88tse.sys [299776 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88TUNE; C:\Windows\System32\drivers\hcw88tun.sys [149504 2007-01-23] (Hauppauge Computer Works, Inc.)
S3 hcw88vid; C:\Windows\System32\drivers\hcw88vid.sys [498176 2007-01-23] (Hauppauge Computer Works, Inc)
S3 HCW88XBAR; C:\Windows\System32\drivers\HCW88BAR.sys [23552 2007-01-23] (Hauppauge Computer Works, Inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [87040 2015-04-07] (G Data Software AG)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-18] (Siliten)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [48768 2007-07-05] (JMicron Technology Corp.)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-10-17] (SCM Microsystems Inc.)
S3 STC2DFU; C:\Windows\System32\DRIVERS\Stc2Dfu.SYS [7796 2004-10-25] (SCM Microsystems Inc.) [Datei ist nicht signiert]
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (VIA Technologies, Inc.)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [91527 2005-02-26] (VM)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Windows\TEMP\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-23 13:41 - 2015-10-23 13:41 - 00002171 _____ C:\Users\Günter Meier\Desktop\JRT.txt
2015-10-23 12:27 - 2015-10-23 13:31 - 00000000 ____D C:\AdwCleaner
2015-10-23 11:38 - 2015-10-23 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-10-23 11:37 - 2015-10-23 11:37 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-10-23 11:37 - 2015-10-05 08:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-23 11:37 - 2015-10-05 08:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-22 11:28 - 2015-10-22 11:28 - 00018287 _____ C:\ComboFix.txt
2015-10-22 10:56 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-22 10:56 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-22 10:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-22 10:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-22 10:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-22 10:56 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-22 10:56 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-22 10:56 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-22 10:45 - 2015-10-22 11:28 - 00000000 ____D C:\Qoobox
2015-10-22 10:41 - 2015-10-22 11:25 - 00000000 ____D C:\Windows\erdnt
2015-10-20 18:19 - 2015-10-23 12:18 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-20 18:19 - 2015-10-23 11:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-20 18:19 - 2015-10-20 19:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-20 17:46 - 2015-10-20 19:06 - 00000000 ____D C:\Users\Günter Meier\Desktop\mbar
2015-10-20 17:46 - 2015-10-05 08:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-20 15:16 - 2015-10-25 13:38 - 00000000 ____D C:\FRST
2015-10-20 15:15 - 2015-10-20 15:15 - 00000000 _____ C:\Users\Günter Meier\defogger_reenable
2015-10-17 14:51 - 2015-09-18 18:47 - 00023384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-17 14:51 - 2015-09-18 18:44 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-17 14:51 - 2015-09-18 18:44 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-17 14:51 - 2015-09-18 18:44 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-17 14:51 - 2015-09-18 18:44 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-17 14:51 - 2015-09-18 18:44 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-17 14:51 - 2015-09-18 18:35 - 00999936 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 13:01 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-14 13:00 - 2015-09-18 19:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 13:00 - 2015-09-16 04:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 13:00 - 2015-09-16 04:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 13:00 - 2015-09-16 04:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 13:00 - 2015-09-16 04:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 13:00 - 2015-09-16 04:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 13:00 - 2015-09-16 04:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 13:00 - 2015-09-16 04:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 13:00 - 2015-09-16 04:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 13:00 - 2015-09-16 04:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 13:00 - 2015-09-16 04:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 13:00 - 2015-09-16 04:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 13:00 - 2015-09-16 04:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 13:00 - 2015-09-16 04:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 13:00 - 2015-09-16 04:23 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 13:00 - 2015-09-16 04:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 13:00 - 2015-09-16 04:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 13:00 - 2015-09-16 04:18 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 13:00 - 2015-09-16 04:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 13:00 - 2015-09-16 04:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 13:00 - 2015-09-16 04:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 13:00 - 2015-09-16 04:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 13:00 - 2015-09-16 04:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 13:00 - 2015-09-16 04:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 13:00 - 2015-09-16 04:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 13:00 - 2015-09-16 03:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 13:00 - 2015-09-16 03:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 13:00 - 2015-09-16 03:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 13:00 - 2015-09-16 03:56 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 13:00 - 2015-09-16 03:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 13:00 - 2015-09-16 03:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 13:00 - 2015-09-16 03:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 13:00 - 2015-09-16 03:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 13:00 - 2015-09-16 03:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 12:57 - 2015-10-01 18:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 12:57 - 2015-10-01 18:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 12:57 - 2015-10-01 18:50 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 12:57 - 2015-10-01 18:50 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 12:57 - 2015-10-01 18:50 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 12:57 - 2015-10-01 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 12:57 - 2015-09-29 04:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-10-14 12:57 - 2015-09-29 04:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 12:57 - 2015-09-29 04:02 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 12:57 - 2015-09-29 03:59 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 12:57 - 2015-09-29 03:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 12:57 - 2015-09-29 03:59 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 12:57 - 2015-09-29 03:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 12:57 - 2015-09-29 03:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 12:57 - 2015-09-29 03:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 12:57 - 2015-09-29 03:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 12:57 - 2015-09-29 03:58 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 12:57 - 2015-09-29 03:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 12:57 - 2015-09-29 03:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 12:57 - 2015-09-29 03:58 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 12:57 - 2015-09-29 03:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 12:57 - 2015-09-29 03:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 12:57 - 2015-09-29 03:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 12:57 - 2015-09-29 03:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 12:57 - 2015-09-29 03:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 12:57 - 2015-09-29 03:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 12:57 - 2015-09-29 02:43 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 12:57 - 2015-09-29 02:43 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 12:57 - 2015-09-29 02:43 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 12:57 - 2015-09-15 18:42 - 00139096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 12:57 - 2015-09-15 18:42 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 12:57 - 2015-09-15 18:36 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 12:57 - 2015-09-15 18:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 12:57 - 2015-09-15 18:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 12:57 - 2015-09-15 18:36 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 12:57 - 2015-09-15 18:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 12:57 - 2015-09-15 18:36 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 12:57 - 2015-09-15 18:35 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 12:56 - 2015-09-25 18:59 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 12:56 - 2015-09-25 18:59 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 12:56 - 2015-09-25 18:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 12:56 - 2015-09-25 18:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 12:56 - 2015-09-25 18:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 12:56 - 2015-09-25 18:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 12:56 - 2015-09-25 18:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 12:56 - 2015-09-25 18:58 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 12:56 - 2015-09-25 18:58 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 12:56 - 2015-09-25 18:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 12:56 - 2015-09-25 18:58 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 12:56 - 2015-08-06 18:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 12:56 - 2015-08-06 18:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 15:55 - 2015-10-13 15:54 - 00524288 _____ (Simon Tatham) C:\Windows\putty.exe
2015-10-13 13:09 - 2015-10-13 13:09 - 00000000 ____D C:\Users\G�nter Meier
2015-10-12 17:09 - 2015-10-12 17:09 - 00000000 ____D C:\ProgramData\McAfee
2015-10-12 17:08 - 2015-10-25 09:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-12 17:08 - 2015-10-23 12:13 - 00002011 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-12 15:11 - 2015-10-12 15:11 - 28565300 _____ C:\Users\Günter Meier\Downloads\AdbeRdr920_de_DE.rar
2015-10-06 21:38 - 2015-10-23 13:33 - 00018582 _____ C:\Windows\PFRO.log
2015-09-25 20:58 - 2015-10-25 09:38 - 00848387 _____ C:\Windows\setupact.log
2015-09-25 20:58 - 2015-09-25 20:58 - 00000000 _____ C:\Windows\setuperr.log

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-25 13:26 - 2014-04-08 07:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-25 13:17 - 2009-10-23 23:12 - 01753271 _____ C:\Windows\WindowsUpdate.log
2015-10-25 13:00 - 2011-03-27 16:46 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-25 10:13 - 2011-03-27 16:46 - 00002121 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-25 10:00 - 2011-03-27 16:46 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-25 09:56 - 2009-10-23 22:34 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-25 09:56 - 2009-10-23 22:34 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-25 09:49 - 2009-10-23 23:23 - 01648344 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-25 09:38 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-23 13:31 - 2015-08-10 12:31 - 00000000 ____D C:\Program Files\Amazon
2015-10-23 12:53 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2015-10-23 12:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\IME
2015-10-23 12:13 - 2015-07-08 14:57 - 00002139 _____ C:\Users\Public\Desktop\simplitec Power Suite.lnk
2015-10-23 12:13 - 2015-06-12 17:57 - 00002102 _____ C:\Users\Public\Desktop\StarMoney 10.lnk
2015-10-23 12:13 - 2015-05-24 10:19 - 00001428 _____ C:\Users\Public\Desktop\ElsterFormular.lnk
2015-10-23 12:13 - 2015-04-23 14:15 - 00001489 _____ C:\Users\Public\Desktop\bibel digital.lnk
2015-10-23 12:13 - 2015-01-06 14:53 - 00002060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herrnhuter Losungen.lnk
2015-10-23 12:13 - 2015-01-06 14:53 - 00002054 _____ C:\Users\Public\Desktop\Herrnhuter Losungen.lnk
2015-10-23 12:13 - 2014-10-10 20:40 - 00001930 _____ C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2015-10-23 12:13 - 2013-12-23 13:08 - 00001064 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2015-10-23 12:13 - 2013-12-22 19:06 - 00001278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser 7 der Telekom.lnk
2015-10-23 12:13 - 2013-12-19 13:09 - 00002164 _____ C:\Users\Public\Desktop\Google Earth.lnk
2015-10-23 12:13 - 2013-03-15 16:02 - 00002136 _____ C:\Users\Public\Desktop\Canon MG8200 series Online-Handbuch.lnk
2015-10-23 12:13 - 2009-10-23 22:35 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-10-23 12:13 - 2009-10-23 22:34 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-10-23 12:13 - 2009-07-14 05:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-23 12:13 - 2009-07-14 05:42 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-10-23 12:13 - 2009-07-14 05:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-10-23 12:13 - 2009-07-14 05:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-10-23 12:13 - 2008-04-11 21:13 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2015-10-23 12:13 - 2008-04-11 21:13 - 00000984 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2015-10-23 12:13 - 2008-03-06 11:56 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
2015-10-23 12:13 - 2008-03-06 11:52 - 00001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
2015-10-23 12:13 - 2008-01-17 13:01 - 00001252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
2015-10-23 12:13 - 2007-12-08 14:48 - 00000952 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
2015-10-23 12:12 - 2009-07-14 05:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-10-23 12:12 - 2009-07-14 05:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-10-23 12:11 - 2015-09-04 17:10 - 00002278 _____ C:\Users\Günter Meier\Desktop\Kindle.lnk
2015-10-23 12:11 - 2015-07-08 17:56 - 00001970 _____ C:\Users\Günter Meier\Desktop\IrfanView Thumbnails.lnk
2015-10-23 12:11 - 2011-04-12 16:01 - 00001124 _____ C:\Users\Günter Meier\Desktop\Smartcard Commander.lnk
2015-10-23 12:11 - 2009-10-24 09:11 - 00001409 _____ C:\Users\Günter Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-23 12:11 - 2009-08-11 09:57 - 00002174 _____ C:\Users\Günter Meier\Desktop\Google Earth.lnk
2015-10-23 12:11 - 2009-04-12 15:50 - 00000731 _____ C:\Users\Günter Meier\Desktop\Download -.lnk
2015-10-23 12:11 - 2009-01-01 13:15 - 00001086 _____ C:\Users\Günter Meier\Desktop\IrfanView.lnk
2015-10-23 12:11 - 2008-07-17 08:36 - 00000240 _____ C:\Users\Günter Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Window Switcher.lnk
2015-10-23 12:11 - 2007-11-23 12:33 - 00002346 _____ C:\Users\Günter Meier\Desktop\Nero Burning ROM.lnk
2015-10-22 11:28 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default
2015-10-22 11:28 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2015-10-22 11:28 - 2006-11-02 14:03 - 00000000 ____D C:\Users\Administrator
2015-10-22 11:19 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2015-10-22 11:17 - 2009-07-14 03:03 - 76546048 _____ C:\Windows\system32\config\software.bak
2015-10-22 11:17 - 2009-07-14 03:03 - 23330816 _____ C:\Windows\system32\config\system.bak
2015-10-22 11:17 - 2009-07-14 03:03 - 00524288 _____ C:\Windows\system32\config\default.bak
2015-10-22 11:17 - 2009-07-14 03:03 - 00057344 _____ C:\Windows\system32\config\sam.bak
2015-10-22 11:17 - 2009-07-14 03:03 - 00024576 _____ C:\Windows\system32\config\security.bak
2015-10-22 10:38 - 2015-06-12 17:54 - 00000000 ____D C:\Program Files\StarMoney 10
2015-10-20 15:15 - 2009-10-23 22:35 - 00000000 ____D C:\Users\Günter Meier
2015-10-20 15:10 - 2011-02-28 18:30 - 00000000 ____D C:\Temp
2015-10-18 08:49 - 2014-08-09 11:34 - 00000000 ____D C:\Program Files\StarMoney 9.0
2015-10-17 15:25 - 2014-12-12 09:32 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-17 15:25 - 2014-05-06 16:55 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-17 13:11 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\wfp
2015-10-17 13:10 - 2015-04-05 21:09 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-17 13:10 - 2014-11-12 16:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-17 13:10 - 2011-07-05 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
2015-10-17 13:10 - 2011-03-27 16:48 - 00000000 ____D C:\ProgramData\Real
2015-10-17 13:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2015-10-17 13:09 - 2009-11-07 20:52 - 00000000 ___RD C:\MSOCache
2015-10-15 08:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-10-14 18:10 - 2007-09-17 12:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 18:09 - 2013-08-02 20:57 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 18:01 - 2009-11-11 19:46 - 141105520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-14 18:00 - 2006-11-02 11:23 - 00000219 _____ C:\Windows\win.ini
2015-10-13 15:50 - 2008-08-04 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
2015-10-12 17:07 - 2007-09-17 12:17 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-12 17:07 - 2007-09-17 12:17 - 00000000 ____D C:\Program Files\Adobe
2015-10-12 16:36 - 2007-09-17 12:17 - 00000000 ____D C:\ProgramData\Adobe
2015-10-07 20:17 - 2015-07-13 21:31 - 00000000 ____D C:\Users\Günter Meier\Documents\Bible

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-07-08 11:06 - 2015-07-09 08:31 - 0000053 _____ () C:\Users\Günter Meier\AppData\Roaming\LogFile.txt
2007-11-23 09:39 - 2009-01-08 18:29 - 0024206 _____ () C:\Users\Günter Meier\AppData\Roaming\UserTile.png
2015-02-12 09:59 - 2015-02-12 09:59 - 0000000 ____H () C:\Users\Günter Meier\AppData\Local\BITD367.tmp
2009-10-24 10:19 - 2015-10-25 09:47 - 0007598 _____ () C:\Users\Günter Meier\AppData\Local\Resmon.ResmonCfg
2011-12-23 20:57 - 2011-12-23 20:57 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{05CAAA34-0796-4266-BD12-2057BBECAF0B}
2011-07-30 08:28 - 2011-07-30 08:28 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{0766507E-53D7-44AF-A88E-C7EAEF153760}
2011-07-02 09:03 - 2011-07-02 09:08 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{0AE71263-88B3-4D37-9C7D-C0FC1B1FC4B9}
2011-10-18 12:16 - 2011-10-18 12:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{0B5A5CEB-9F36-4CEE-B0B7-2278D1CD416B}
2011-12-16 07:43 - 2011-12-16 07:43 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{17694828-0365-4695-AE08-08D098F41174}
2011-06-09 07:56 - 2011-06-09 07:56 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{189E3064-3E60-407D-B479-4EA6071C647E}
2012-01-11 11:36 - 2012-01-11 11:36 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{1CC4BC34-506A-4F28-849E-9BB689FDD145}
2011-05-12 21:19 - 2011-05-12 21:19 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{1D3488B1-AC49-4CE9-B01A-347A723C9E47}
2014-05-30 08:09 - 2014-05-30 08:09 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{23E58F2C-8DC4-4DE3-8FEF-766B1EEA544E}
2011-12-16 18:24 - 2011-12-16 18:24 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{28F4E85B-9194-4962-B72F-BDF01365858E}
2011-10-19 16:19 - 2011-10-19 16:19 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{29037809-5BF9-45EB-A551-B4F9944569EC}
2011-06-16 21:36 - 2011-06-16 21:36 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{29891808-A8FD-4F02-99A0-45E554B54B83}
2011-05-12 21:15 - 2011-05-12 21:15 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{2A589BD2-D8B8-4CE0-9AEC-9FD96C7E3A7C}
2011-11-10 15:20 - 2011-11-10 15:23 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{33620E34-0CC5-45B2-972D-B205D971AEFF}
2012-01-26 21:26 - 2012-01-26 21:26 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{338C8C87-226E-42F5-97CC-CDDC0BD39DC5}
2011-10-22 16:29 - 2011-10-22 16:29 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{35741B3A-B90E-4C17-980D-693DDC6D92B2}
2015-04-17 08:45 - 2015-04-17 08:49 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{37601423-536C-48D0-BBDF-BB556A35E507}
2011-11-10 15:23 - 2011-11-10 15:23 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{38CD506F-C922-4793-9DB1-A1F71DAE1C80}
2011-06-15 15:11 - 2011-06-15 15:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{3F1A741B-0E83-40B7-9293-F608619820F4}
2011-11-06 19:59 - 2011-11-06 19:59 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{41EB32F3-12BB-4F05-9EEA-C094A182864A}
2011-05-27 08:13 - 2011-05-27 08:13 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{451DD174-B044-4C44-BF45-A905F6CA4F5A}
2011-06-23 16:01 - 2011-06-23 16:01 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{4A257FA5-1DDC-43F7-BC1C-0101E86330DF}
2012-01-20 21:04 - 2012-01-20 21:04 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{4F835A43-90C0-45A9-A01D-30D12E39DA18}
2011-07-15 19:00 - 2011-07-15 19:00 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{5266879B-59A6-4F0B-99B1-F32396F78B0B}
2011-07-07 14:25 - 2011-07-07 14:25 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{565FA85B-71E4-48E4-BC1B-B4D473C9583E}
2011-06-26 15:03 - 2011-06-26 15:03 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{5DD604CF-949E-4EF9-AAE2-E98BF823D8DC}
2011-08-05 20:36 - 2011-08-05 20:36 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{618E2725-2A74-492B-AB68-9C9A7FBC60FA}
2014-09-17 10:32 - 2014-09-17 10:32 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{64A4A4AE-C52B-4208-9DC1-F3A515D33732}
2015-02-12 09:55 - 2015-02-12 09:59 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{6DA6D618-2D09-4E54-B6EA-D48FD2EE3E59}
2011-05-20 20:37 - 2011-05-20 20:37 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{71902AA3-3597-4958-BDBA-6C46016CED28}
2011-09-06 16:20 - 2011-09-06 16:21 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{724E8FC5-F413-4D0C-B0B8-8E9B13C5BE25}
2011-06-17 17:09 - 2011-06-17 17:09 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{77EFB568-7ED5-4EB2-8D60-8BC1540A9FF4}
2011-09-19 17:00 - 2011-09-19 17:04 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{79059305-E922-4911-B8D2-9135AFC051E0}
2012-01-06 18:58 - 2012-01-06 18:58 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{7BD81CF8-BA1F-405F-A974-8E15A12D1560}
2011-12-16 18:26 - 2011-12-16 18:26 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{7E6C24A7-A380-4862-909B-3C42CE67B411}
2011-07-17 07:29 - 2011-07-17 07:33 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{7ECE3187-654D-4E3E-B1E1-FB987C5DC824}
2011-11-10 15:25 - 2011-11-10 15:25 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{80059459-AD63-4EF3-B458-80436D4A91C3}
2011-09-19 17:02 - 2011-09-19 17:02 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{801DF4EC-2545-48AD-9E6B-B9E5F525FB45}
2011-09-14 18:39 - 2011-09-14 18:43 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{8433C909-3DE4-4FF7-BDB5-C71244205008}
2011-07-17 07:30 - 2011-07-17 07:35 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{875F79BE-EE0D-4267-8DE4-28ADBEDD6A58}
2011-07-30 08:29 - 2011-07-30 08:29 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{877CAC26-F3F4-4A4E-9FC9-D8B8DC3DC326}
2011-11-06 19:56 - 2011-11-06 19:56 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{89E76C26-CEDF-4184-82AE-3B1E5394A189}
2011-06-14 13:42 - 2011-06-14 13:42 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{8ED483F8-95C4-449A-B875-08FBA12129FF}
2011-10-07 17:16 - 2011-10-07 17:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{91EFF962-614A-45F8-9B30-57FBF9D336C6}
2011-06-15 15:09 - 2011-06-15 15:14 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{94858006-C678-4BCF-B655-CC82F18CB6C1}
2011-10-30 14:06 - 2011-10-30 14:06 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{96A82280-66E2-438B-BA18-9357DF72FEDD}
2011-11-03 17:14 - 2011-11-03 17:14 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{97F44D2C-D6DE-4D4B-8FF6-9DA56B1FB7E5}
2011-06-08 11:25 - 2011-06-08 11:25 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A01F53D9-7AFF-4AA4-8C51-541D0653CD1E}
2011-06-09 07:58 - 2011-06-09 07:58 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A1C1B8D0-278C-4B74-92BE-77ABC7A2B36B}
2011-12-06 09:44 - 2011-12-06 09:44 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A31325A4-1936-4BBF-A614-C4901C6F3313}
2011-12-17 10:13 - 2011-12-17 10:13 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A34EC897-35C0-45AE-9061-6D13B9F064C5}
2011-11-15 14:53 - 2011-11-15 14:53 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A50C05E7-36C0-41CD-A151-312C267A8F93}
2011-10-02 21:06 - 2011-10-02 21:06 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A6546426-9765-47B3-A4B5-8833E3728509}
2011-11-03 17:16 - 2011-11-03 17:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A65891F9-D1DC-4710-A18B-59195499AD25}
2012-01-06 18:56 - 2012-01-06 18:56 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{A7E6BDF8-283D-4421-AFB2-449C1D5038C4}
2012-02-01 08:28 - 2012-02-01 08:28 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{AA7D708B-14B4-48CA-BB7B-EBC8D4578E6C}
2012-01-11 21:22 - 2012-01-11 21:22 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{AAB15AF0-99F7-416A-A202-9B120F5AFC76}
2014-07-11 08:15 - 2014-07-11 08:15 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{ABEA0400-D334-4F95-BDB4-85D0FFE3916D}
2011-07-17 17:35 - 2011-07-17 17:35 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{AC3DF61D-2DE3-41B9-B4A9-239938F825C7}
2011-07-06 08:24 - 2011-07-06 08:24 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{B2A65E21-ED83-41A4-BDF9-6898D2BD17C7}
2011-08-01 10:03 - 2011-08-01 10:04 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{BC517638-F267-4F06-926C-C1BBB488A79F}
2011-06-19 12:12 - 2011-06-19 12:12 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{BDA60C25-42C9-4EC4-9957-33B1206E85A2}
2011-11-09 21:01 - 2011-11-09 21:03 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{C102085D-C45E-4EA1-B94A-70AD439FE9EA}
2011-10-12 11:33 - 2011-10-12 11:33 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{CDD78E85-8B3D-43A0-B667-60152FD93FA4}
2011-12-16 07:45 - 2011-12-16 07:45 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{CEC7DA45-826C-4850-8A58-567EC29FC7D4}
2011-09-14 18:41 - 2011-09-14 18:41 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{D161D418-F4E5-4391-A183-9A90BA48F3AD}
2011-06-24 11:21 - 2011-06-24 11:21 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{D5119CE5-BDA0-4DDC-AAAF-21CCABC1C9DD}
2011-11-03 17:17 - 2011-11-03 17:17 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{D82FFAB7-3D57-49A8-8D08-5AFE6035D856}
2012-01-09 10:33 - 2012-01-09 10:34 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DAB70909-1C31-4C50-BA6D-8A1DBC16C007}
2011-06-11 16:02 - 2011-06-11 16:02 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DB4E76D0-D1A0-4DED-9618-FBC8D03F53C2}
2011-06-10 17:00 - 2011-06-10 17:01 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DC29E31A-B235-4BC6-A04B-0D1810A2B392}
2011-09-19 17:06 - 2011-09-19 17:06 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{DF19300C-A2C8-4C8B-AA5F-2FDEA33BA72A}
2011-10-10 21:01 - 2011-10-10 21:01 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E1D28314-940E-4F2E-950F-7B627D0F8245}
2011-06-23 15:59 - 2011-06-23 15:59 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E3048784-D47B-4F95-BCB2-17CAC094F43A}
2011-07-31 10:49 - 2011-07-31 10:49 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E467D0D2-A4F5-469E-A910-783FD1A073CE}
2011-12-04 15:38 - 2011-12-04 15:38 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{E58633B9-ACF2-4DF5-B796-C6E479EF246D}
2011-10-14 15:21 - 2011-10-14 15:21 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{EAD67AE9-0963-41F1-B934-5FB345612BE3}
2011-09-16 09:57 - 2011-09-16 09:57 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{F3CC78FF-402B-4FF3-A996-24ED5C370D3F}
2011-06-24 11:17 - 2011-06-24 11:17 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{F5C3197E-C3C0-42C9-BE75-9A8896599CD3}
2011-12-17 10:16 - 2011-12-17 10:16 - 0000000 _____ () C:\Users\Günter Meier\AppData\Local\{FB2FD8B0-9BAB-4F35-9EE2-00E8FC1372C6}

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Günter Meier\ger21008.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-23 12:45

==================== Ende vom FRST.txt ============================
         
--- --- ---


Addition.txt:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:18-10-2015
durchgeführt von Günter Meier (2015-10-25 13:39:20)
Gestartet von E:\winguenter\bin
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2009-10-24 08:10:48)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3597727890-3998022267-917300989-500 - Administrator - Disabled)
Gast (S-1-5-21-3597727890-3998022267-917300989-501 - Limited - Enabled)
Günter Meier (S-1-5-21-3597727890-3998022267-917300989-1000 - Administrator - Enabled) => C:\Users\Günter Meier
UpdatusUser (S-1-5-21-3597727890-3998022267-917300989-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: G DATA INTERNET SECURITY (Enabled - Out of date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA INTERNET SECURITY (Enabled - Out of date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20071 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90000000001}_Adobe Reader 9 - Deutsch) (Version:  - )
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Browser 7 der Telekom 39.0.15 (x86 de) (HKLM\...\Browser 7 der Telekom 39.0.15 (x86 de)) (Version: 39.0.15 - Deutsche Telekom AG)
Browser 7 Maintenance Service (HKLM\...\Browser7MaintenanceService) (Version: 33.1.17 - Deutsche Telekom AG)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version:  - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon MG8200 series Benutzerregistrierung (HKLM\...\Canon MG8200 series Benutzerregistrierung) (Version:  - )
Canon MG8200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8200_series) (Version:  - )
Canon MG8200 series On-screen Manual (HKLM\...\Canon MG8200 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM\...\MP Navigator EX 5.1) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
CHIPDRIVE Smartcard Commander (HKLM\...\CHIPDRIVE Smartcard Commander_CDInst21) (Version:  - SCM Microsystems)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.0 - Corel Corporation) Hidden
Duden Korrektor (HKLM\...\InstallShield_{91BF142C-E8C0-4279-A98D-A61A4404CF56}) (Version: 5.00.1507.00 - Duden)
Duden Korrektor (Version: 5.00.1507.00 - Duden) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen)
G DATA INTERNET SECURITY (HKLM\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.4 - G DATA Software AG)
GEAR 32bit Driver Installer (HKLM\...\{E89B484C-B913-49A0-959B-89E836001658}) (Version: 2.005.1 - GEAR Software, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth (HKLM\...\{9509674F-3972-11DE-806D-005056806466}) (Version: 5.0.11733.9347 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Herrnhuter Losungen (HKLM\...\{2DEEC41F-02B0-4BC4-819A-2355E8B1C398}) (Version: 3.4.0 - Evang. Brüderunität Herrnhut)
ICQ6.5 (HKLM\...\{60DE4033-9503-48D1-A483-7846BD217CA9}) (Version: 6.5 - ICQ)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
JMB36X Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
LightScribe  1.4.136.1 (Version: 1.4.136.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XML Parser und SDK (HKLM\...\{35343FF7-939B-401A-87B3-FF90A5123D88}) (Version: 4.10.9404.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Premium (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301031}) (Version: 7.02.9753 - Nero AG)
Office-Bibliothek (HKLM\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.00.3 - Bibliographisches Institut & F.A. Brockhaus AG)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Online Bibel 12.07.02 (HKLM\...\OnlineBible) (Version:  - )
Online Bibel 12.07.02 (HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\OnlineBible) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paint.NET v3.30 (HKLM\...\{FF09A6A1-4DE5-467D-AA26-EF18C0EA4DAB}) (Version: 3.30.0 - dotPDN LLC)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Platform (Version: 1.24 - VIA Technologies, Inc.) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SCR3xx USB Smart Card Reader (HKLM\...\{7EABFCD9-9F26-4E2C-A762-73ABE2C54E95}) (Version: 8.18.0001 - SCM Microsystems)
simfy (HKLM\...\Simfy) (Version: 1.4.8 - simfy GmbH)
simfy (Version: 1.4.8 - simfy GmbH) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.6140 - Analog Devices)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
StarMoney (Version: 2.0 - StarFinanz) Hidden
StarMoney (Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney (Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10  (HKLM\...\{BEA4756B-BD9D-49AA-9260-C496B3D8F8E1}) (Version: 10 - Star Finanz GmbH)
StarMoney 6.0 S-Edition (HKLM\...\{60459C52-DCD5-408F-925E-4AD20D9DAFD8}) (Version: 6.0 - StarFinanz GmbH)
StarMoney 9.0  (HKLM\...\{172EC92E-003F-47B8-8E38-00A3FD455467}) (Version:  - )
StarMoney 9.0  (HKLM\...\{2262CF96-D326-4926-885E-AA3B7E4E7368}) (Version: 9.0 - Star Finanz GmbH)
TeamViewer 3 (HKLM\...\TeamViewer 3) (Version:  - TeamViewer GmbH)
TSP_CODEC (HKLM\...\{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}) (Version: 1.00.0000 - Bytescribe)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{0C5B0539-7EDE-4297-947E-48890971B557}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PRO_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PRO_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PRO_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PRO_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{1796A329-04C1-4C07-B28E-E4A807935C06}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{1A239250-B650-4B63-B4CF-7FCC4DC07DC6}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{2C9357FA-97F8-4213-B712-A4CCF03AE379}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\AlexaWebSearch.dll (Bitmanagement)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Windows\system32\config\systemprofile\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{42DF0D46-7D49-4AE5-8EF6-9CA6E41EFEC1}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{44EA0FF7-08B7-4B7F-A594-F7F94A2B60F7}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\GoogleSearch.dll (SpaceTime)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.1\psuser.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{5D052CD7-6CAE-463C-99FF-0159EABFE66E}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\SpaceTime3D.ocx (SpaceTime 3D, Inc)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{63E6BE14-A742-4EEA-8AF3-0EC39F10F850}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{645EEE5A-BD51-4C05-A6AF-6F2CF8950AAB}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{77C4C807-E257-43AD-BB3F-7CA88760BD29}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{8097D7E9-DB9E-4AEF-9B28-61D82A1DF784}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{9059C329-4661-49B2-9984-8753C45DB7B9}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{9919BE4D-9E6F-4732-9E4E-5F83ABB62FEB}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\websearch.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{998FA181-D5BB-4548-9CB6-7FC105A0A327}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\wavdest.ax ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{A2D4475B-C9AA-48E2-A029-1DB829DACF7B}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{A4F65992-5738-475B-9C16-CF102BCDE153}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{B153D707-447A-4538-913E-6146B3FDEE02}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{B3C985DA-45C2-417D-B11B-6E6484A725F1}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\RSSSearch.dll (SpaceTime3D inc)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{BF9A5794-8AF5-46FA-8865-EAF65CD654A8}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\Compass.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{CB27DAA3-E581-4777-A725-F32B47EDBDCF}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\Compass.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{CBD4FB70-F00B-4963-B249-4B056E6A981A}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Windows\system32\config\systemprofile\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{D6F407CF-E8AE-469D-9FC7-1DECAEDAAD9A}\InprocServer32 -> C:\Users\Günter Meier\AppData\Roaming\SpaceTime 3D for T-Online\SpaceTime\websearch.dll ()
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{D93BF052-FC68-4DB6-A4F8-A4DC9BEEB1C0}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\googleearth.exe (Google)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597727890-3998022267-917300989-1000_Classes\CLSID\{F4F7B301-7C59-4851-BA97-C51F110B590F}\InprocServer32 -> C:\Users\Günter Meier\AppData\Local\Google\Google Earth\earthps.dll ()

==================== Wiederherstellungspunkte =========================

08-10-2015 18:32:53 Windows Update
12-10-2015 16:32:09 Removed Adobe Reader XI (11.0.11) - Deutsch.
12-10-2015 16:33:54 Removed Adobe Reader XI (11.0.11) - Deutsch.
12-10-2015 16:35:46 Removed Adobe Reader XI (11.0.11) - Deutsch.
13-10-2015 13:07:29 Windows Update
13-10-2015 16:15:19 Removed simfy
14-10-2015 12:12:23 Wiederherstellungsvorgang
14-10-2015 12:30:34 Removed simfy
14-10-2015 13:16:04 Windows Update
14-10-2015 17:52:43 Windows Update
15-10-2015 16:56:52 Windows Update
17-10-2015 13:04:53 Wiederherstellungsvorgang
17-10-2015 15:24:23 Windows Update
23-10-2015 13:36:49 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2006-11-02 11:23 - 2015-10-22 11:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {00D58F06-E0E1-4A74-9DCC-17ED108F0BEB} - System32\Tasks\{47C57D00-1548-4256-9285-CBEED6687977} => pcalua.exe -a H:\setup.exe -d H:\ -c autorun
Task: {0588BB0D-C82E-4CC1-92A1-4224DA648CFB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0E9F0C20-BCE3-499C-A966-F734C28C163E} - System32\Tasks\{8FE32562-C235-4FAB-9A6D-03D63CA7D940} => pcalua.exe -a C:\Windows\System32\config\systemprofile\Downloads\browser7_setup(1).exe -d C:\Windows\System32\config\systemprofile\Downloads
Task: {1104AA23-EFC9-449A-80B1-8D2AC7522A6D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {14E7FE71-8001-4321-89D5-08F1290FB27F} - System32\Tasks\{CE475AAD-AFC9-42A3-9D97-A57126633DF0} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\aomwin200ea24.exe" -d "C:\Program Files\Mozilla Firefox"
Task: {1F743136-E9A5-4E4F-93EA-600712E0DC7B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {220210B8-C66A-44C3-9E69-2CC5ADC162CF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597727890-3998022267-917300989-1000Core => C:\Users\Günter Meier\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {2D80F328-4163-4F70-8A20-E3DA5EE5DC86} - System32\Tasks\{6B8F0279-9C50-4EDB-BFC5-881052B5558C} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {38E40A51-8080-4086-82A7-ADE3C56521D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {3FD8EA5F-ED3E-4A8E-A9E8-17FED68D3BCF} - System32\Tasks\{D6456F15-B695-4531-A08C-703557131E8B} => pcalua.exe -a D:\smoney_m_18_0_01234567_0000011022_j_.exe -d D:\
Task: {4BA14185-3A0A-425D-B5F8-F67D75F2F8F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {4C2F9702-1EE5-473A-A1D7-6E20635A84B8} - System32\Tasks\{515B8E38-020F-42EF-BBA0-FF5772AA7ACE} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {4E109E6D-3616-4CCD-BE29-95646479A919} - System32\Tasks\{151811DA-8574-4F07-B4E3-BC0CC70C5210} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {5DCBDA99-E748-4AB4-BEE6-ACD450989D75} - System32\Tasks\{D5DC5CA7-AF3F-444F-8CAE-BF2020269A3A} => pcalua.exe -a "C:\Program Files\Bible\OlbDel.Exe" -c "Online Bibel" "Online Bibel" "C:\Users\Günter Meier\Documents\Bible\" "C:\Users\Public\Documents\Online Bible\"
Task: {5E2CC2C0-064B-4059-B917-4D504F3AACD0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {63AE1EE3-64C8-48DE-9C54-45711309E921} - System32\Tasks\{9C90A1E7-FADF-400F-B72A-CBE75816D972} => pcalua.exe -a "C:\bibel digital\mfbo2a32.exe" -d C:\Windows\system32\config\systemprofile\Desktop
Task: {75D3157F-439F-4E84-924A-FA650AB4F69A} - System32\Tasks\{A7B6B988-1FC5-42A4-BD45-CD7EE5F1C1DA} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {848A33C2-A5F0-497A-B08C-EAC01706C1E8} - System32\Tasks\{A2D23527-3082-44BC-8390-0526D67B3D46} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe" -c -runfromtemp -l0x0007 -removeonly
Task: {8B815B25-1B02-4957-A89E-2A3E1321533E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8E3BF495-571E-40DD-B913-C302BD618019} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {911023DE-5FF7-409F-A38A-476275210A5B} - System32\Tasks\{F5595CA3-EF8C-4FF9-9CC8-3F5BFDE3A806} => pcalua.exe -a I:\InstallTomTomHOME.exe -d I:\
Task: {96EDA8E3-5C17-4AF4-9537-3FF2530B08E6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3597727890-3998022267-917300989-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A61C90FA-B985-462E-A804-70558A90C134} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Günter Meier => C:\Program Files\Windows Calendar\WinCal.exe
Task: {A64AE6AE-1A92-403B-8196-EE4C17077740} - System32\Tasks\{88B1E977-17F5-4EAF-BA92-03B89D785644} => C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {CB0E91C7-DAEF-4541-8AF5-29BAFA96EBFD} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-09-18] (Microsoft Corporation)
Task: {D2AE73FE-E2C5-431A-918B-F03363307423} - System32\Tasks\{A37709E2-5C8D-4187-ACBD-0664905177B7} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\teledatX120\Konfig\V3_02_02\_ISDel.exe" -d "C:\Users\Günter Meier\Downloads\teledatX120\Konfig\V3_02_02"
Task: {D57B9C09-4511-4F89-93BE-71AF5F9DCACC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {DBCEE112-EA9A-4F16-9C36-EE9EF50D3571} - System32\Tasks\{6EA55286-8D0E-467A-9FB0-F5B315B5ABA8} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\wmp11-windowsxp-x86-DE-DE.exe" -d "C:\Users\Günter Meier\Downloads"
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {ED4CB7E8-51FB-4A5C-B797-622CD46DAF23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {FBB31E70-84F8-4478-8FCA-7B0A64BD4336} - System32\Tasks\{B09EF877-27B6-4235-882D-C184CF3EF917} => pcalua.exe -a "C:\Users\Günter Meier\Downloads\GER_R_FUL_AV.exe" -d "C:\Users\Günter Meier\Downloads"

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2009-05-04 12:10 - 2008-09-16 19:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-02-20 04:42 - 2015-02-20 04:42 - 00317560 ____N () C:\Program Files\Common Files\G DATA\AVKProxy\PktIcpt2.dll
2013-04-15 08:20 - 2013-01-18 15:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Günter Meier\Documents\Fotovorlagen:com.dropbox.attributes

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\amazon.de -> amazon.de
IE trusted site: HKU\S-1-5-21-3597727890-3998022267-917300989-1000\...\amazon.de -> amazon.de


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3597727890-3998022267-917300989-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: StarMoney 7.0 OnlineUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe

==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [UDP Query User{DB1B0F8C-F8B0-4EDB-8050-9903D99C271E}C:\program files\icq6.5\icq.exe] => (Allow) C:\program files\icq6.5\icq.exe
FirewallRules: [TCP Query User{D2ED50E5-ECBA-4948-A737-CD574422ED83}C:\program files\icq6.5\icq.exe] => (Allow) C:\program files\icq6.5\icq.exe
FirewallRules: [UDP Query User{BC1B4E24-7EBD-4EC5-8594-55F8ACBD8274}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{040CD7D5-ECE8-49EE-8A50-977C4F681C43}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D6F4D7DB-4845-47F1-8E55-8DA46042BA13}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{C87F02C0-6E69-4D92-8920-9E65E63E4FAD}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{C7D6D316-A356-4310-AD6B-4981B9F8B777}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{DE344125-C3EF-4BAD-B2DA-A1599E5EB1BB}] => (Allow) svchost.exe
FirewallRules: [{A50D645D-011F-492D-BF38-EB7A6863AAFC}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [UDP Query User{B8EF7B60-2422-4342-975E-B6A2067C6871}C:\program files\icq6\icq.exe] => (Allow) C:\program files\icq6\icq.exe
FirewallRules: [TCP Query User{ADEC9F8E-8625-48A4-8A60-2D04234396AE}C:\program files\icq6\icq.exe] => (Allow) C:\program files\icq6\icq.exe
FirewallRules: [{4FDB4FE1-D932-4439-B87F-6A438835C552}] => (Allow) C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{1405F477-C137-4B8B-BACB-752782BF0BC4}] => (Allow) C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{6E52F4DD-1DB8-41B7-9EF9-C1720B1071EB}] => (Allow) C:\Program Files\StarMoney 7.0\app\StarMoney.exe
FirewallRules: [{F450EACA-F7F1-4C16-A862-CF5650E61586}] => (Allow) C:\Program Files\StarMoney 7.0\app\StarMoney.exe
FirewallRules: [{61D8180E-69E0-44D0-9825-CC55CF9E77C6}] => (Allow) C:\Users\Günter Meier\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4A8ADBAB-8CB2-412F-9430-A58A7062D98A}] => (Allow) C:\Users\Günter Meier\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7ED9393A-D714-4C67-9066-BF5760279FD2}] => (Allow) C:\Windows\Temp\IMInstaller\incredimail_installer.exe
FirewallRules: [{2B44D336-9058-41C8-A627-DC2FDDC1806E}] => (Allow) C:\Windows\Temp\IMInstaller\incredimail_installer.exe
FirewallRules: [{80368D74-E7DB-4F7D-9F02-FE106A76A00C}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{A79CA6CC-A682-419D-89DB-DAFEC93D724D}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{FA0986BF-4915-4DED-8AA2-F7586A6F7D5F}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{B17CA17F-6034-4B49-8DB8-0FEADF7E93F0}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{AF7D77F4-EE2A-42EB-8D13-DE4BAA176B5C}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{8839229D-A821-4495-B79D-C6C553E3B29B}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{AD490351-CD10-40EA-BEDE-0B79B2C331DC}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{1D8D05B8-D46B-4950-A9EA-85D92F3AC71E}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{426AFD31-A30C-4BF1-9A5A-F7DBC1566220}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5CC9264A-17A9-4A6D-9838-E6D64973F460}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{FA888CC4-0283-403E-AE44-9D88A46A0B0F}] => (Allow) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{BCB71965-94DE-47A3-A9D1-C5C6D2D725D6}] => (Allow) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{1861CF61-4EE2-419C-A3AC-45A526472F52}] => (Allow) C:\Program Files\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{9B399FA5-CE50-4C73-9E33-32D5720D2CC2}] => (Allow) C:\Program Files\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{44117AEF-EC60-4924-8622-141C42DBFD8C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1B8582D3-9153-4A84-81D8-2E2FA904916A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6DC934A1-CABE-47C3-BBDB-E667D26D3764}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7C5467E3-0AB4-4B05-BFC8-814A14D88C16}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2E237F61-D6B4-483C-8DC3-5C4AAAC08574}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{113776B5-2BE7-429B-81AD-DFA7850A78F3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{45F2DD33-BBFF-4866-B9F7-8717AF298B0C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7936D596-1165-4FC0-9D83-E8E564CCA25E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FFE1557E-0267-4A9F-A333-F610BFFFF2BF}] => (Allow) C:\Program Files\Deutsche Telekom AG\Browser 7\Browser7.exe
FirewallRules: [{B72C2DE3-F7AA-4039-AEA3-8BB23726543C}] => (Allow) C:\Program Files\Deutsche Telekom AG\Browser 7\Browser7.exe
FirewallRules: [{0499696A-7CFA-4E00-828B-6676988C9DDB}] => (Allow) C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{CA378E91-2269-4F8E-BACA-3192532B1733}] => (Allow) C:\Program Files\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{4E1E623C-3507-4E41-9191-EF317A05B33E}] => (Allow) C:\Program Files\StarMoney 10\app\StarMoney.exe
FirewallRules: [{1C0E5D20-0F39-4ED0-9D73-DF44A2AFC3A5}] => (Allow) C:\Program Files\StarMoney 10\app\StarMoney.exe
FirewallRules: [{D998154B-4F5B-4463-BCAC-F41B4C4A1B74}] => (Allow) C:\Program Files\simplitec\simplifast\PowerSuite.exe
FirewallRules: [{5F41C9C5-062A-4596-97B6-DFBBC6F0DC27}] => (Allow) C:\Program Files\simplitec\simplifast\PowerSuite.exe
FirewallRules: [{7D72ECE0-A4AC-4AFD-ADFA-3227298E9BC1}] => (Allow) C:\Program Files\simplitec\simplifast\ServiceProvider.exe
FirewallRules: [{603A4EB2-8FEA-47A0-BEBD-5A84320106B6}] => (Allow) C:\Program Files\simplitec\simplifast\ServiceProvider.exe
FirewallRules: [{BD375068-A645-4810-A32E-ABD60014A60E}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\PowerSuite.exe
FirewallRules: [{9FEE394B-0061-4D96-A2E2-76639C645CA1}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\PowerSuite.exe
FirewallRules: [{5DE97CF7-47B0-481A-97A9-687C8F0A499E}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{1414BB0A-2983-49C1-9CA9-D75704B9C143}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{88FA3FBE-7657-42DB-82D2-DED836237376}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{782E3989-2D24-41B6-BB25-C48C3B5A2CC2}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{61AEEFA5-E66E-410B-8EB3-C8D9EC32B8B4}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{9FD6D478-AA5F-4ACD-80D1-AEA25B738887}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{72A6D150-1990-4F46-A338-7AA7CC7D3EDC}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{E8ABAB9E-FE3C-41CF-9CEA-4ADBF486523C}] => (Allow) C:\Program Files\simplitec\simplitec Power Suite\ServiceProvider.exe
FirewallRules: [{45A8E5A0-73FA-4F10-9125-E9E8E5972ED0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/25/2015 09:54:04 AM) (Source: MsiInstaller) (EventID: 1024) (User: GÜNTER-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6700}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/22/2015 10:57:13 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x800706be).

Error: (10/18/2015 05:49:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Browser7.exe, Version: 39.0.3.5700, Zeitstempel: 0x55c88cd2
Name des fehlerhaften Moduls: xul.dll, Version: 39.0.3.5700, Zeitstempel: 0x55c88e9c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00b1ba22
ID des fehlerhaften Prozesses: 0xecc
Startzeit der fehlerhaften Anwendung: 0xBrowser7.exe0
Pfad der fehlerhaften Anwendung: Browser7.exe1
Pfad des fehlerhaften Moduls: Browser7.exe2
Berichtskennung: Browser7.exe3

Error: (10/17/2015 04:32:25 PM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Can not connect to Process Manager (0)

Error: (10/17/2015 02:47:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: GÜNTER-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6500}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/17/2015 01:00:47 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR missing /Name: option

Error: (10/17/2015 01:00:47 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR CFG File; none found

Error: (10/17/2015 01:00:47 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR Multistring not found: RegDefragNT.exe

Error: (10/17/2015 01:00:22 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR missing /Name: option

Error: (10/17/2015 01:00:22 PM) (Source: RegDefragTask) (EventID: 1001) (User: GÜNTER-PC)
Description: ERROR CFG File; none found


Systemfehler:
=============
Error: (10/25/2015 09:39:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst StarMoney 9.0 OnlineUpdate erreicht.

Error: (10/25/2015 09:39:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst StarMoney 10 OnlineUpdate erreicht.

Error: (10/23/2015 01:48:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst StarMoney 9.0 OnlineUpdate erreicht.

Error: (10/23/2015 01:48:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst StarMoney 10 OnlineUpdate erreicht.

Error: (10/23/2015 01:40:11 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Modules Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (10/23/2015 01:38:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/23/2015 01:38:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/23/2015 01:38:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "RealNetworks Downloader Resolver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/23/2015 01:38:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Protexis Licensing V2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/23/2015 01:38:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz
Prozentuale Nutzung des RAM: 49%
Installierter physikalischer RAM: 2046.49 MB
Verfügbarer physikalischer RAM: 1039.98 MB
Summe virtueller Speicher: 4092.98 MB
Verfügbarer virtueller Speicher: 2547.81 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:218.67 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive e: (KINGSTON) (Removable) (Total:58.58 GB) (Free:58.19 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E7AFE7AF)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 58.6 GB) (Disk ID: C9D93779)
Partition 1: (Active) - (Size=58.6 GB) - (Type=0C)

==================== Ende vom Addition.txt ============================
         
Aktueller Zustand:

- das PDF Problem besteht immer noch (im Outlook abgeschnitten, Download mit Browser geht gar nicht)
- die NSIS Meldung ist weg
- ich hab gesehen, wenn man im FF ein neues Tab aufmacht, erscheint die ASK-Suche, da gibt es ein Plugin "Allin1Convert", das man zwar nicht deinstallieren, aber deaktivieren kann, dann ist es weg.



Gruss,
Tom

Moin,

so, das PDF-Problem hab ich selber hinbekommen: "Browser7" und alles Adobe-Zeug deinstalliert, FF neu und Acrobat Reader neu installiert, nun geht das wieder.

Die Load hab ich aber immer noch: hxxp://i.imgur.com/MCb9dBi.png

Und, noch grundsätzlich: was kannst Du denn empfehlen, was ich noch machen kann um die Maschine abzusichern?

Und noch eine Frage: ich hab einen eigenen Adminaccount angelegt und dem User vom Schwiegervaddern die Adminrechte genommen. Der Adminaccount funktioniert, in den Useraccount von Vaddern kommt man aber (solange der keine Adminrechte hat) nicht mehr rein, ohne Fehlermeldung. Hast Du eine Idee was das sein könnte?






Danke,
Tom

Geändert von tb87 (25.10.2015 um 17:18 Uhr)

Alt 26.10.2015, 18:17   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar - Standard

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\faq_8A71AEBB623B46A0B934103F1A762800.exe

C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\LicenseShortcut_303A72A482D54D67B5D168C047EE3E11.exe

C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\LogFilesCollectorS_95204E1E4B3B4767821B1FAD987C2D2D.exe

C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\MainExe32Shortcut1_8A7FE1F5DFFF4F28A38F8DECA8F9F72A.exe

C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\MainExe32Shortcut_B53671B5D9A445549437680533116875.exe

C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\NewShortcut10_87735DA8B8974C24BDFBDDE8F2D2DF1A.exe

C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\UninstallIcon.exe

C:\Windows\System32\config\systemprofile\AppData\Roaming\Deutsche Telekom AG\Browser7\Profiles\h0o2lqy4.default\extensions\8hffxtbr@download.allin1convert.com\plugins\NativeMessagingDispatcher.dll

C:\Windows\System32\config\systemprofile\AppData\Roaming\Deutsche Telekom AG\Browser7\Profiles\h0o2lqy4.default\extensions\9tffxtbr@free.internetspeedtracker.com\plugins\NativeMessagingDispatcher.dll

C:\Windows\System32\config\systemprofile\Downloads\routenplanung(1).exe

C:\Windows\System32\config\systemprofile\Downloads\routenplanung.exe

C:\Windows\System32\config\systemprofile\Downloads\slow-pcfighter_Web.exe
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST log bitte. Was für eine Fehlermeldung kommt im Standardbenutzer?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.10.2015, 19:38   #13
tb87
 
Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar - Standard

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar



Moin,

Fixlog.txt:

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x86) Version:18-10-2015
durchgeführt von Admin (2015-10-26 19:28:45) Run:1
Gestartet von C:\Temp
Geladene Profile: Admin (Verfügbare Profile: Günter Meier & UpdatusUser & Admin & Guenter)
Start-Modus: Normal

==============================================

fixlist Inhalt:
*****************
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\faq_8A71AEBB623B46A0B934103F1A762800.exe

C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\LicenseShortcut_303A72A482D54D67B5D168C047EE3E11.exe

C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\LogFilesCollectorS_95204E1E4B3B4767821B1FAD987C2D2D.exe

C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\MainExe32Shortcut1_8A7FE1F5DFFF4F28A38F8DECA8F9F72A.exe

C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\MainExe32Shortcut_B53671B5D9A445549437680533116875.exe

C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\NewShortcut10_87735DA8B8974C24BDFBDDE8F2D2DF1A.exe

C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\UninstallIcon.exe

C:\Windows\System32\config\systemprofile\AppData\Roaming\Deutsche Telekom AG\Browser7\Profiles\h0o2lqy4.default\extensions\8hffxtbr@download.allin1convert.com\plugins\NativeMessagingDispatcher.dll

C:\Windows\System32\config\systemprofile\AppData\Roaming\Deutsche Telekom AG\Browser7\Profiles\h0o2lqy4.default\extensions\9tffxtbr@free.internetspeedtracker.com\plugins\NativeMessagingDispatcher.dll

C:\Windows\System32\config\systemprofile\Downloads\routenplanung(1).exe

C:\Windows\System32\config\systemprofile\Downloads\routenplanung.exe

C:\Windows\System32\config\systemprofile\Downloads\slow-pcfighter_Web.exe
Emptytemp:
         

*****************

C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\faq_8A71AEBB623B46A0B934103F1A762800.exe => erfolgreich verschoben
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\LicenseShortcut_303A72A482D54D67B5D168C047EE3E11.exe => erfolgreich verschoben
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\LogFilesCollectorS_95204E1E4B3B4767821B1FAD987C2D2D.exe => erfolgreich verschoben
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\MainExe32Shortcut1_8A7FE1F5DFFF4F28A38F8DECA8F9F72A.exe => erfolgreich verschoben
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\MainExe32Shortcut_B53671B5D9A445549437680533116875.exe => erfolgreich verschoben
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\NewShortcut10_87735DA8B8974C24BDFBDDE8F2D2DF1A.exe => erfolgreich verschoben
C:\Windows\Installer\{E0AF9F33-9868-447B-814D-AB76688FDC6F}\UninstallIcon.exe => erfolgreich verschoben
C:\Windows\System32\config\systemprofile\AppData\Roaming\Deutsche Telekom AG\Browser7\Profiles\h0o2lqy4.default\extensions\8hffxtbr@download.allin1convert.com\plugins\NativeMessagingDispatcher.dll => erfolgreich verschoben
"C:\Windows\System32\config\systemprofile\AppData\Roaming\Deutsche Telekom AG\Browser7\Profiles\h0o2lqy4.default\extensions\9tffxtbr@free.internetspeedtracker.com\plugins\NativeMessagingDispatcher.dll" => nicht gefunden.
"C:\Windows\System32\config\systemprofile\Downloads\routenplanung(1).exe" => nicht gefunden.
"C:\Windows\System32\config\systemprofile\Downloads\routenplanung.exe" => nicht gefunden.
"C:\Windows\System32\config\systemprofile\Downloads\slow-pcfighter_Web.exe" => nicht gefunden.
EmptyTemp: => 115.8 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende vom Fixlog 19:29:44 ====
         
Zitat:
Was für eine Fehlermeldung kommt im Standardbenutzer?
Gar keine. Login, kurzes Flackern, dann erscheint wieder die Loginmaske. Ich hab jetzt einen neuen User erstellt und die Dateien vom alten User rüberkopiert. Das funktioniert soweit. Muss man halt alles neu einstellen, aber was solls.



Gruss,
Tom

Alt 27.10.2015, 19:32   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar - Standard

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar



Ja, dann war das Konto defekt. Sonst noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.10.2015, 09:57   #15
tb87
 
Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar - Standard

Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar



Ja, war er wohl. Mit den neuen User geht es. Und wer weiss was bei dem Account noch alles verhunzt war, insofern passt das schon.

Sonst keine Probleme mehr, bis auf die bereits gestellte Frage, ob Du mir was empfehlen kannst, wie ich die Kiste besser schützen kann usw.


Gruss,
Tom

Antwort

Themen zu Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar
deinstallieren, dnsapi.dll, downloader, downloads, fehlermeldung, installer, nsis/startpage.cb, posteingang, praktisch, pup.optional.alexatb, pup.optional.amazontb, pup.optional.appgraffiti, pup.optional.icq, pup.optional.icqtoolbar, pup.optional.inboxtoolbar, pup.optional.mystartsearch.shrtcln, pup.optional.rebateinformer, pup.optional.searchprotect, speicher, speichern, starmoney, win32/slowpcfighter.a, win32/toolbar.mywebsearch.ao



Ähnliche Themen: Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar


  1. Win7, lästiges Problem mit DiisCountExtiensi, nicht deinstallierbar, ständig Werbung Hijack/Virus/Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 03.10.2015 (3)
  2. Datei nicht deinstallierbar
    Log-Analyse und Auswertung - 23.04.2015 (15)
  3. Tencent nicht deinstallierbar + AMWB Server nicht erreichbar
    Plagegeister aller Art und deren Bekämpfung - 17.03.2015 (15)
  4. LowPricesApp nicht deinstallierbar u. evtl. andere unerwünschte Gäste auf Laptop
    Log-Analyse und Auswertung - 23.02.2015 (19)
  5. windows 7, search protect nicht deinstallierbar, browser installiert automatisch add ons und öffnet andere websites
    Log-Analyse und Auswertung - 06.11.2014 (11)
  6. Search Protect Client Connect Ltd auf Windows 8.1, nicht deinstallierbar
    Log-Analyse und Auswertung - 25.09.2014 (4)
  7. Search Protect in Taskleiste und nicht deinstallierbar
    Plagegeister aller Art und deren Bekämpfung - 25.08.2014 (17)
  8. Windows 8.1: Snap.do nicht deinstallierbar
    Plagegeister aller Art und deren Bekämpfung - 07.04.2014 (13)
  9. snap.do nicht deinstallierbar windows vista
    Plagegeister aller Art und deren Bekämpfung - 04.03.2014 (23)
  10. AVG meldet Trojaner:Downloader.Generic13.BQVJ im Windows7
    Log-Analyse und Auswertung - 13.12.2013 (11)
  11. Windows7; SpyBot findet Win32.downloader.gen
    Log-Analyse und Auswertung - 05.10.2013 (19)
  12. Win 7 Home Premium 64 Bit: LyriXeeker-1 nicht deinstallierbar
    Log-Analyse und Auswertung - 27.09.2013 (15)
  13. Windows 7: LyricsGet-1 und LyriXeeker-1 nicht deinstallierbar
    Log-Analyse und Auswertung - 19.09.2013 (10)
  14. Yontoo 2.051 nicht deinstallierbar !
    Log-Analyse und Auswertung - 29.07.2013 (17)
  15. Chatzum nicht deinstallierbar
    Log-Analyse und Auswertung - 23.04.2013 (12)
  16. BDS\Bifrose.ejdg in AdoRed32.exe - PDFs lassen sich nicht mehr öffnen
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (3)
  17. Firefox: PDFs nicht öffnen, sondern downloaden!
    Alles rund um Windows - 13.03.2005 (2)

Zum Thema Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar - Hallo, es geht um den PC meines Schwiegervaters, der sich seit einigen Tagen komisch verhält: - PDF Dateien im Outlook Posteingang sind kaputt (unvollständig, ein beträchtlicher Teil wird abgeschnitten), gleicher - Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar...
Archiv
Du betrachtest: Windows7: PDFs in Inbox kaputt, Amazon Downloader nicht deinstallierbar auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.