Trojaner-Board - Wie entferne ich "Script.Adware.DealPly.G (Engine B)" unter Windows7?

Seite 1 von 2

100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Wie entferne ich "Script.Adware.DealPly.G (Engine B)" unter Windows7? (https://www.trojaner-board.de/171583-entferne-script-adware-dealply-g-engine-b-windows7.html)

Thorsten_

28.09.2015 00:02

Wie entferne ich "Script.Adware.DealPly.G (Engine B)" unter Windows7?

Hallo Trojaner-Board Team,

seit längerer Zeit erhalte ich beim Gebrauch vom Internet Explorer (Version 11) die Meldung von G Data, dass "Script.Adware.DealPly.G (Engine B)" gefunden wurde.

Hier ist das Protokoll von G Data:

Code:

Virenprüfung von Web-Inhalten
 

Adresse:         hxxp://i.stegjs.info/steg/javascript.js?channel=ChipAdv241214

Junkware (PUP):         Script.Adware.DealPly.G (Engine B)

Status:         Der Zugriff wurde verweigert.

defogger_disable.log:

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 22:32 on 27/09/2015 (Thorsten)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

HKCU:DAEMON Tools Lite -> Removed
 

Checking for services/drivers...
 
 

-=E.O.F=-

FRST.txt:

Code:

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01

durchgeführt von Thorsten (Administrator) auf THORSTEN-PC-SSD (27-09-2015 22:44:24)

Gestartet von C:\Users\Thorsten\Desktop

Geladene Profile: Thorsten (Verfügbare Profile: Thorsten)

Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)

Internet Explorer Version 11 (Standard-Browser: IE)

Start-Modus: Normal

Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Prozesse (Nicht auf der Ausnahmeliste) =================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
 

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(STRATO) C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe

(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe

(TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe

(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe

(Dominik Reichl) F:\Eigene Dateien\Thorsten\Install\Tools\Passwortverwaltung\KeePass-2.16\KeePass.exe

(Fieldston Software) C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe

(Marius Lutz) C:\Program Files (x86)\Shutdown7\Shutdown7.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe

(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe

(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

(Philips) C:\Program Files (x86)\Philips\Configo\2.1.7.0\Configo.exe

() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe

(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Joyent, Inc) C:\Users\Thorsten\AppData\Roaming\Steganos\OkayFreedom\Proxy\node.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltSur64.exe

(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_19_0_0_185_ActiveX.exe

(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

() C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe

() C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe

(g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\gpg-agent.exe

(g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\scdaemon.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Nicht auf der Ausnahmeliste) ===========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
 

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-03-20] (Realtek Semiconductor)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)

HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)

HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)

HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)

HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)

HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)

HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1864312 2015-06-16] (G DATA Software AG)

HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)

HKLM\...\Winlogon: [Userinit] C:\Windows\System32\Userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,

HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 

HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [Wunderlist] => "C:\Program Files (x86)\Wunderlist2\Wunderlist.exe" /silent

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1963912 2015-07-23] (TomTom)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-04-29] (Google Inc.)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-05-07] (TrueCrypt Foundation)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [KeePass Password Safe 2] => F:\Eigene Dateien\Thorsten\Install\Tools\Passwortverwaltung\KeePass-2.16\KeePass.exe [1764352 2011-07-12] (Dominik Reichl)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [gSyncit] => C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [228352 2015-09-09] (Fieldston Software)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [Shutdown] => C:\Program Files (x86)\Shutdown7\Shutdown7.exe [2276864 2014-09-28] (Marius Lutz)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-04-26] (Apple Inc.)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [6601224 2015-09-10] (Steganos Software GmbH)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\MountPoints2: {d7db8937-6a57-11e2-9779-005056c00008} - M:\pushinst.exe

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2012-07-18]

ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips Configo.lnk [2012-05-18]

ShortcutTarget: Philips Configo.lnk -> C:\Program Files (x86)\Philips\Configo\2.1.7.0\Configo.exe (Philips)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012-08-22]

ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
 

==================== Internet (Nicht auf der Ausnahmeliste) ====================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
 

AutoConfigURL: [S-1-5-21-1553145624-146524218-4249679610-1001] => hxxp://127.0.0.1:8445/okf.pac

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{BBA20A84-353E-4C25-9B52-ABDD82773A58}: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{CB18DCCC-3BA8-4717-AA5B-3B7174CBDBD4}: [DhcpNameServer] 192.168.178.1
 

Internet Explorer:

==================

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-24] (Oracle Corporation)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-24] (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)

Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

Toolbar: HKU\S-1-5-21-1553145624-146524218-4249679610-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

DPF: HKLM {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex64-2.2.6.2.cab

DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
 

FireFox:

========

FF ProfilePath: C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\r28c51jj.default-1391730025297

FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-13] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-21] (CANON INC.)

FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-24] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-24] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-12-21] ( )

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

FF Extension: OkayFreedom - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\r28c51jj.default-1391730025297\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2015-09-18]

FF Extension: Kein Name - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\r28c51jj.default-1391730025297\extensions\ascsurfingprotection@iobit.com [nicht gefunden]
 

==================== Dienste (Nicht auf der Ausnahmeliste) ========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2558072 2015-06-19] (G Data Software AG)

R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [966776 2015-06-16] (G Data Software AG)

R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [3711712 2015-06-16] (G Data Software AG)

R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [Datei ist nicht signiert]

R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-07-10] () [Datei ist nicht signiert]

R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]

S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]

R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3202368 2015-06-19] (G Data Software AG)

R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789624 2015-06-16] (G Data Software AG)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [345632 2015-09-10] (Steganos Software GmbH)

S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2013-08-22] (The OpenVPN Project)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()

R2 STRATO HiDrive Service; C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO) [Datei ist nicht signiert]

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)

R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-06-09] (VMware, Inc.) [Datei ist nicht signiert]

R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
 

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)

R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)

R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)

R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()

R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-17] (Disc Soft Ltd)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] () [Datei ist nicht signiert]

S3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [158720 2015-08-11] (G Data Software AG)

R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [27648 2015-04-22] (G Data Software AG)

R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-04-22] (G Data Software AG)

R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [230912 2015-08-11] (G Data Software AG)

R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [76288 2015-08-11] (G Data Software AG)

R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [65024 2015-08-11] (G Data Software AG)

S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2013-04-25] (Siemens Home and Office Communication Devices GmbH & Co. KG)

R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2015-06-07] (G Data Software)

R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [125952 2015-08-11] (G Data Software AG)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31384 2012-06-09] (VMware, Inc.)
 

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 

==================== Ein Monat: Erstellte Dateien und Ordner ========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 

2015-09-27 22:41 - 2015-09-27 22:44 - 00057590 _____ C:\Users\Thorsten\Desktop\Addition.txt

2015-09-27 22:40 - 2015-09-27 22:44 - 00024988 _____ C:\Users\Thorsten\Desktop\FRST.txt

2015-09-27 22:35 - 2015-09-27 22:44 - 00000000 ____D C:\FRST

2015-09-27 22:33 - 2015-09-27 22:33 - 02192384 _____ (Farbar) C:\Users\Thorsten\Desktop\FRST64.exe

2015-09-27 22:32 - 2015-09-27 22:32 - 00000548 _____ C:\Users\Thorsten\Desktop\defogger_disable.log

2015-09-27 22:32 - 2015-09-27 22:32 - 00000168 _____ C:\Users\Thorsten\defogger_reenable

2015-09-27 22:29 - 2015-09-27 22:29 - 00050477 _____ C:\Users\Thorsten\Desktop\Defogger.exe

2015-09-27 21:32 - 2015-09-27 21:32 - 00003669 _____ C:\Users\Thorsten\Desktop\JRT.txt

2015-09-27 21:27 - 2015-09-22 19:06 - 01800512 _____ (Malwarebytes) C:\Users\Thorsten\Desktop\JRT.exe

2015-09-27 09:44 - 2015-09-27 21:36 - 00000022 _____ C:\Windows\S.dirmngr

2015-09-26 22:39 - 2015-09-26 22:42 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-09-26 22:38 - 2015-09-26 22:38 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-09-26 22:38 - 2015-09-26 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-09-26 22:38 - 2015-09-26 22:38 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-09-26 22:38 - 2015-09-26 22:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-09-26 22:38 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-09-26 22:38 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-09-26 22:38 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-09-18 21:12 - 2015-09-18 21:12 - 00001129 _____ C:\Users\Public\Desktop\OkayFreedom.lnk

2015-09-18 08:46 - 2015-09-18 08:46 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk

2015-09-18 08:46 - 2015-09-18 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-09-18 08:46 - 2015-09-18 08:46 - 00000000 ____D C:\Program Files\iTunes

2015-09-18 08:46 - 2015-09-18 08:46 - 00000000 ____D C:\Program Files\iPod

2015-09-18 08:46 - 2015-09-18 08:46 - 00000000 ____D C:\Program Files (x86)\iTunes

2015-09-18 08:44 - 2015-09-18 08:44 - 00000000 ____D C:\Windows\System32\Tasks\Apple

2015-09-18 08:44 - 2015-09-18 08:44 - 00000000 ____D C:\Program Files\Bonjour

2015-09-18 08:44 - 2015-09-18 08:44 - 00000000 ____D C:\Program Files (x86)\Bonjour

2015-09-18 08:44 - 2015-09-18 08:44 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2015-09-17 23:49 - 2015-09-17 23:49 - 00000000 ____D C:\Users\Thorsten\AppData\Local\FreeOCR

2015-09-17 23:44 - 2015-09-17 23:44 - 00002596 _____ C:\Users\Thorsten\AppData\Local\recently-used.xbel

2015-09-17 23:33 - 2015-09-17 23:46 - 00000000 ____D C:\FreeOCR

2015-09-17 23:33 - 2015-09-17 23:33 - 00000590 _____ C:\Users\Thorsten\Desktop\FreeOCR.lnk

2015-09-17 23:33 - 2015-09-17 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR

2015-09-17 23:33 - 2007-03-10 10:11 - 02680320 _____ (HiComponents) C:\Windows\SysWOW64\ImageEnXLibrary.ocx

2015-09-15 08:21 - 2015-09-15 08:21 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\PC-FAX TX

2015-09-09 19:27 - 2015-09-09 19:27 - 00000000 ____D C:\Windows\rescache

2015-09-09 09:54 - 2015-08-05 19:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2015-09-09 09:54 - 2015-08-05 19:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll

2015-09-09 09:54 - 2015-08-05 19:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll

2015-09-09 09:54 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

2015-09-09 09:54 - 2015-07-15 05:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-09-09 09:54 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2015-09-09 09:54 - 2015-07-09 19:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll

2015-09-09 09:54 - 2015-07-09 19:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll

2015-09-09 09:54 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll

2015-09-09 09:54 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll

2015-09-09 09:53 - 2015-08-18 03:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-09-09 09:53 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-09-09 09:53 - 2015-08-15 08:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-09-09 09:53 - 2015-08-15 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-09-09 09:53 - 2015-08-15 08:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-09-09 09:53 - 2015-08-15 08:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-09-09 09:53 - 2015-08-15 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-09-09 09:53 - 2015-08-15 08:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-09-09 09:53 - 2015-08-15 08:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-09-09 09:53 - 2015-08-15 08:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-09-09 09:53 - 2015-08-15 08:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-09-09 09:53 - 2015-08-15 08:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-09-09 09:53 - 2015-08-15 08:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-09-09 09:53 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-09-09 09:53 - 2015-08-15 08:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-09-09 09:53 - 2015-08-15 08:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-09-09 09:53 - 2015-08-15 08:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-09-09 09:53 - 2015-08-15 08:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-09-09 09:53 - 2015-08-15 08:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-09-09 09:53 - 2015-08-15 08:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-09-09 09:53 - 2015-08-15 07:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-09-09 09:53 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-09-09 09:53 - 2015-08-15 07:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-09-09 09:53 - 2015-08-15 07:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-09-09 09:53 - 2015-08-15 07:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-09-09 09:53 - 2015-08-15 07:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-09-09 09:53 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-09-09 09:53 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-09-09 09:53 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-09-09 09:53 - 2015-08-15 07:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-09-09 09:53 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-09-09 09:53 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-09-09 09:53 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-09-09 09:53 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-09-09 09:53 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-09-09 09:53 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-09-09 09:53 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-09-09 09:53 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-09-09 09:53 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-09-09 09:53 - 2015-08-15 07:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-09-09 09:53 - 2015-08-15 07:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-09-09 09:53 - 2015-08-15 07:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-09-09 09:53 - 2015-08-15 07:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-09-09 09:53 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-09-09 09:53 - 2015-08-15 07:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-09-09 09:53 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-09-09 09:53 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-09-09 09:53 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-09-09 09:53 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-09-09 09:53 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-09-09 09:53 - 2015-08-15 07:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-09-09 09:53 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-09-09 09:53 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-09-09 09:53 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-09-09 09:53 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-09-09 09:53 - 2015-08-15 06:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-09-09 09:53 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-09-09 09:53 - 2015-08-15 06:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-09-09 09:53 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-09-09 09:53 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-09-09 09:50 - 2015-09-02 05:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-09-09 09:50 - 2015-09-02 05:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-09-09 09:50 - 2015-09-02 05:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-09-09 09:50 - 2015-09-02 05:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-09-09 09:50 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2015-09-09 09:50 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-09-09 09:50 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2015-09-09 09:50 - 2015-09-02 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2015-09-09 09:50 - 2015-09-02 03:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-09-09 09:50 - 2015-09-02 03:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-09-09 09:50 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-09-09 09:50 - 2015-08-27 20:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2015-09-09 09:50 - 2015-08-27 20:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-09-09 09:50 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2015-09-09 09:50 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2015-09-09 09:50 - 2015-08-27 19:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2015-09-09 09:50 - 2015-08-27 19:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2015-09-09 09:50 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll

2015-09-09 09:50 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-09-09 09:50 - 2015-08-26 20:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-09-09 09:50 - 2015-08-26 20:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-09-09 09:50 - 2015-08-26 20:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-09-09 09:50 - 2015-08-26 20:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-09-09 09:50 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-09-09 09:50 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-09-09 09:50 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-09-09 09:50 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-09-09 09:50 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-09-09 09:50 - 2015-08-04 20:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2015-09-09 09:50 - 2015-08-04 20:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2015-09-09 09:50 - 2015-08-04 19:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-09-09 09:50 - 2015-08-04 19:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-09-09 09:50 - 2015-08-04 19:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-09-09 09:50 - 2015-08-04 19:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-09-09 09:50 - 2015-08-04 19:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-09-09 09:50 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2015-09-09 09:50 - 2015-08-04 18:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-09-09 09:50 - 2015-07-23 02:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-09-09 09:50 - 2015-07-23 02:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-09-09 09:50 - 2015-07-23 02:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-09-09 09:50 - 2015-07-23 02:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-09-09 09:50 - 2015-07-23 02:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-09-09 09:50 - 2015-07-23 02:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-09-09 09:50 - 2015-07-23 02:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-09-09 09:50 - 2015-07-23 02:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-09-09 09:50 - 2015-07-23 02:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-09-09 09:50 - 2015-07-23 02:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-09-09 09:50 - 2015-07-23 02:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-09-09 09:50 - 2015-07-23 02:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-09-09 09:50 - 2015-07-23 02:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-09-09 09:50 - 2015-07-23 01:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-09-09 09:50 - 2015-07-23 01:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-09-09 09:50 - 2015-07-22 19:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-09-09 09:50 - 2015-07-22 19:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-09-09 09:50 - 2015-07-22 19:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-09-09 09:50 - 2015-07-22 19:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-09-09 09:50 - 2015-07-22 19:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-09-09 09:50 - 2015-07-22 19:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-09-09 09:50 - 2015-07-22 19:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 18:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll

2015-09-09 09:50 - 2015-07-22 18:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2015-09-09 09:50 - 2015-07-22 18:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2015-09-09 09:50 - 2015-07-22 18:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2015-09-09 09:50 - 2015-07-22 18:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-09-09 09:50 - 2015-07-22 18:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-09-09 09:50 - 2015-07-22 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-09-09 09:50 - 2015-06-25 12:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2015-09-09 09:50 - 2015-06-25 12:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2015-09-09 09:50 - 2015-06-25 12:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2015-09-09 09:50 - 2015-06-25 11:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2015-09-04 17:34 - 2015-09-04 17:44 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\RavensburgerTipToi

2015-09-04 17:34 - 2015-09-04 17:34 - 00001072 _____ C:\Users\Thorsten\Desktop\tiptoi.lnk

2015-09-04 17:34 - 2015-09-04 17:34 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager

2015-09-04 17:34 - 2015-09-04 17:34 - 00000000 ____D C:\ProgramData\RavensburgerTipToi

2015-09-04 17:34 - 2015-09-04 17:34 - 00000000 ____D C:\Program Files (x86)\Ravensburger tiptoi

2015-08-28 22:59 - 2015-08-28 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2015-08-28 22:59 - 2015-08-28 22:59 - 00000000 ____D C:\Program Files (x86)\QuickTime
 

==================== Ein Monat: Geänderte Dateien und Ordner ========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 

2015-09-27 22:37 - 2013-02-03 00:21 - 00000000 ____D C:\Users\Thorsten\AppData\Local\2CC90263-1882-4F5C-8A1C-98D4D2B885D0.aplzod

2015-09-27 22:37 - 2012-05-02 18:02 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\gSyncit

2015-09-27 22:32 - 2012-04-27 23:43 - 00000000 ____D C:\Users\Thorsten

2015-09-27 21:58 - 2015-08-25 21:47 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\gnupg

2015-09-27 21:58 - 2012-04-29 22:04 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-09-27 21:57 - 2012-04-29 21:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-09-27 21:43 - 2009-07-14 06:45 - 00031872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-09-27 21:43 - 2009-07-14 06:45 - 00031872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-09-27 21:40 - 2011-04-12 09:43 - 00702116 _____ C:\Windows\system32\perfh007.dat

2015-09-27 21:40 - 2011-04-12 09:43 - 00150782 _____ C:\Windows\system32\perfc007.dat

2015-09-27 21:40 - 2009-07-14 07:13 - 01628866 _____ C:\Windows\system32\PerfStringBackup.INI

2015-09-27 21:39 - 2012-04-27 23:43 - 01682015 _____ C:\Windows\WindowsUpdate.log

2015-09-27 21:37 - 2014-12-26 11:33 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\Steganos VPN

2015-09-27 21:36 - 2012-07-14 21:35 - 00000000 ____D C:\ProgramData\VMware

2015-09-27 21:36 - 2012-04-29 22:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-09-27 21:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-09-27 21:35 - 2014-09-08 08:05 - 00037581 _____ C:\Windows\setupact.log

2015-09-27 21:30 - 2013-12-11 16:45 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\IObit

2015-09-27 21:19 - 2014-09-08 08:05 - 00012344 _____ C:\Windows\PFRO.log

2015-09-27 21:18 - 2014-10-28 22:24 - 00000000 ____D C:\AdwCleaner

2015-09-27 09:44 - 2012-06-24 21:39 - 00000000 ____D C:\Windows\Downloaded Installations

2015-09-25 22:58 - 2015-01-15 23:34 - 00000000 ____D C:\Users\Thorsten\AppData\Local\Wunderlist

2015-09-24 18:48 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2015-09-24 18:47 - 2014-10-04 00:45 - 00000034 _____ C:\Windows\SysWOW64\BD8860DN.DAT

2015-09-24 18:47 - 2012-04-29 21:36 - 00000432 _____ C:\Windows\BRWMARK.INI

2015-09-24 13:32 - 2012-04-29 00:28 - 00000000 ____D C:\Users\Thorsten\AppData\Local\Google

2015-09-23 23:28 - 2012-05-17 22:32 - 00019456 _____ C:\Users\Thorsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-09-21 22:58 - 2012-04-29 21:49 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-09-21 22:58 - 2012-04-29 21:49 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-09-21 22:58 - 2012-04-29 21:49 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-09-21 22:27 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-09-20 21:27 - 2014-03-04 09:41 - 00000000 ____D C:\Users\Thorsten\AppData\Local\FRITZ!

2015-09-18 21:12 - 2015-02-09 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom

2015-09-18 21:12 - 2014-12-26 11:33 - 00000000 ____D C:\Program Files (x86)\OkayFreedom

2015-09-18 08:46 - 2012-05-11 22:37 - 00000000 ____D C:\Program Files\Common Files\Apple

2015-09-18 08:44 - 2014-01-24 23:49 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2015-09-17 23:45 - 2012-06-25 23:32 - 00000000 ____D C:\Users\Thorsten\.gimp-2.8

2015-09-15 08:22 - 2012-04-29 21:36 - 00000804 _____ C:\Windows\Brpfx04a.ini

2015-09-15 07:53 - 2012-04-29 22:04 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-09-15 07:53 - 2012-04-29 22:04 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-09-09 18:47 - 2009-07-14 06:45 - 00426288 _____ C:\Windows\system32\FNTCACHE.DAT

2015-09-09 18:46 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal

2015-09-09 18:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2015-09-09 10:29 - 2013-08-14 19:36 - 00000000 ____D C:\Windows\system32\MRT

2015-09-09 10:29 - 2012-04-29 09:11 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-09-01 22:06 - 2012-05-05 13:34 - 00000000 ____D C:\Users\Thorsten\AppData\Local\Apple
 

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
 

2014-08-08 22:09 - 2014-08-08 22:09 - 0000000 _____ () C:\Users\Thorsten\AppData\Roaming\gdfw.log

2014-08-08 22:09 - 2014-08-08 22:09 - 0000779 _____ () C:\Users\Thorsten\AppData\Roaming\gdscan.log

2015-06-20 01:14 - 2015-06-23 22:49 - 0000154 _____ () C:\Users\Thorsten\AppData\Roaming\Rim.Desktop.Exception.log

2015-06-20 01:13 - 2015-06-20 01:13 - 0001153 _____ () C:\Users\Thorsten\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

2015-06-20 01:14 - 2015-06-23 22:49 - 0000154 _____ () C:\Users\Thorsten\AppData\Roaming\Rim.DesktopHelper.Exception.log

2012-05-17 22:32 - 2015-09-23 23:28 - 0019456 _____ () C:\Users\Thorsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-09-17 23:44 - 2015-09-17 23:44 - 0002596 _____ () C:\Users\Thorsten\AppData\Local\recently-used.xbel

2012-05-05 13:48 - 2012-05-05 13:48 - 0007666 _____ () C:\Users\Thorsten\AppData\Local\Resmon.ResmonCfg
 

Einige Dateien in TEMP:

====================

C:\Users\Thorsten\AppData\Local\Temp\AudibleDM_iTunesSetup.exe

C:\Users\Thorsten\AppData\Local\Temp\avgnt.exe

C:\Users\Thorsten\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe

C:\Users\Thorsten\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

C:\Users\Thorsten\AppData\Local\Temp\NOSEventMessages.dll

C:\Users\Thorsten\AppData\Local\Temp\sqlite3.dll

C:\Users\Thorsten\AppData\Local\Temp\tiptoi-install.exe

C:\Users\Thorsten\AppData\Local\Temp\Wunderlist-Bridge.exe

C:\Users\Thorsten\AppData\Local\Temp\_is8E6D.exe
 
 

==================== Bamital & volsnap =================
 

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
 

C:\Windows\system32\winlogon.exe => Datei ist digital signiert

C:\Windows\system32\wininit.exe => Datei ist digital signiert

C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert

C:\Windows\explorer.exe => Datei ist digital signiert

C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert

C:\Windows\system32\svchost.exe => Datei ist digital signiert

C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert

C:\Windows\system32\services.exe => Datei ist digital signiert

C:\Windows\system32\User32.dll => Datei ist digital signiert

C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert

C:\Windows\system32\userinit.exe => Datei ist digital signiert

C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert

C:\Windows\system32\rpcss.dll => Datei ist digital signiert

C:\Windows\system32\dnsapi.dll => Datei ist digital signiert

C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert

C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
 
 

LastRegBack: 2015-09-21 23:13
 

==================== Ende von FRST.txt ============================

Ich poste weitere Logs in weiteren Beiträgen (Addition.txt und Gmer.txt), da sie sonst zu lang sind für diesen Beitrag. Das mache ich dann aber erst, nachdem ihr euch gemeldet habt, damit mein Thema nicht als "In Bearbeitung" angesehen wird :-). Ich hoffe, das habe ich so richtig verstanden.

Meine Anfrage ist nicht dringend, da ich annehme und hoffe, dass dies keine ernsthafte Bedrohung für meinen PC darsteht. Allerdings möchte ich auch einen sauberen PC haben und würde mich über Hilfe sehr freuen. Vielen Dank.

Viele Grüße,
Thorsten

schrauber

28.09.2015 07:23

Hi,

bitte poste den Rest :)

Thorsten_

28.09.2015 07:34

Hallo Schrauber,

hier ist zunächst "Addition.txt":

Code:

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-09-2015 01

durchgeführt von Thorsten (2015-09-27 22:44:55)

Gestartet von C:\Users\Thorsten\Desktop

Windows 7 Professional Service Pack 1 (X64) (2012-04-27 21:43:28)

Start-Modus: Normal

==========================================================
 
 

==================== Konten: =============================
 

Administrator (S-1-5-21-1553145624-146524218-4249679610-500 - Administrator - Disabled)

Gast (S-1-5-21-1553145624-146524218-4249679610-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1553145624-146524218-4249679610-1002 - Limited - Enabled)

Thorsten (S-1-5-21-1553145624-146524218-4249679610-1001 - Administrator - Enabled) => C:\Users\Thorsten
 

==================== Sicherheits-Center ========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
 

AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}

AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: G*DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
 

==================== Installierte Programme ======================
 

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)

AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)

AM-DeadLink 4.6 (HKLM-x32\...\aignesamdeadlink_is1) (Version: 4.6 - www.aignes.com)

Angry Birds (HKLM-x32\...\{910D3FB9-E341-4DD9-B52A-3B3C0C340AF6}) (Version: 1.5.3 - Rovio)

Ankh (HKLM-x32\...\Ankh) (Version:  - )

Apple Application Support (32-Bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)

Apple Application Support (64-Bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

Areca (HKLM-x32\...\Areca) (Version:  - )

Art Effects for PDR10 (HKLM\...\NewBlue Art Effects for PDR10) (Version: 2.0 - NewBlue)

Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)

AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )

AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)

AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)

BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)

BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Brother MFL-Pro Suite MFC-8860DN (HKLM-x32\...\{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}) (Version: 1.0.0.0 - Brother Industries, Ltd.)

Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)

Bullzip PDF Printer 8.2.0.1406 (HKLM\...\Bullzip PDF Printer_is1) (Version: 8.2.0.1406 - Bullzip)

Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )

CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)

Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)

Canon iP4700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series) (Version:  - )

Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.3.0.14 - Canon Inc.)

Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.1.0.18 - Canon Inc.)

Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.2.0.34 - Canon Inc.)

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )

Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)

Canon Utilities Digital Photo Professional 3.6 (HKLM-x32\...\DPP) (Version: 3.6.0.0 - Canon Inc.)

Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)

Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)

Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)

Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.5.0.0 - Canon Inc.)

Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)

Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.3.1.8 - Canon Inc.)

Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.2.11 - Canon Inc.)

CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)

CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )

Configo (HKLM-x32\...\{9DDF445F-D818-4280-B182-41FAC10DB715}) (Version: 2.1.7.0 - Philips)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2231 - CyberLink Corp.)

CyberLink PowerDirector 10 (Version: 10.0.0.2231 - CyberLink Corp.) Hidden

CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.3320 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)

Documents To Go Desktop für iOS (HKLM-x32\...\DTGDesktop) (Version: 4.0001.010 - DataViz, Inc.)

DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )

DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)

elmeg Phone WIN-Tools V7.63 Beta 2 (HKLM-x32\...\InstallShield_{7CE806D5-C3E4-43C0-94B9-A6C88E7CA28A}) (Version: 7.63.0002 - Funkwerk Enterprise Communications GmbH)

elmeg Phone WIN-Tools V7.63 Beta 2 (Version: 7.63.0002 - Funkwerk Enterprise Communications GmbH) Hidden

ffdshow v1.3.4500 [2013-01-06] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4500.0 - )

Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)

Free Video Editor version 1.4.0.530 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.0.530 - DVDVideoSoft Ltd.)

FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)

FreeFileSync 6.8 (HKLM-x32\...\FreeFileSync) (Version: 6.8 - Zenju)

FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version:  - )

funkwerk WINUSB Driver V1.01 (HKLM\...\{BB649458-6732-4EE6-A7CC-A303677968FD}) (Version: 1.01.0000 - Funkwerk Enterprise Communications GmbH)

G DATA INTERNET SECURITY (HKLM-x32\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.8 - G DATA Software AG)

GetFoldersize 2.5.24 (HKLM-x32\...\GetFoldersize_is1) (Version: 2.5.24 - Michael Thummerer Software Design)

Gigaset QuickSync (HKLM\...\{b49e8cfb-f094-4467-925a-97c23972cb50}) (Version: 8.3.0868.3 - Gigaset Communications GmbH)

GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)

Gpg4win (2.2.5) (HKLM-x32\...\GPG4Win) (Version: 2.2.5 - The Gpg4win Project)

Grundschule Lernspass mit Hexe Lilli Deutsch Klasse 3+4 (HKLM-x32\...\Grundschule Lernspass mit Hexe Lilli Deutsch Klasse 3+4) (Version:  - )

Grundschule Lernspass mit Hexe Lilli Mathematik Klasse 3+4 (HKLM-x32\...\Grundschule Lernspass mit Hexe Lilli Mathematik Klasse 3+4) (Version:  - )

gSyncit (HKLM-x32\...\{97812291-FDA2-4654-BADE-60891483B4EF}) (Version: 4.1.40 - Fieldston Software)

Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )

HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )

HDR Projects platin (64-Bit) (HKLM\...\HDR Projects platin_is1) (Version: 1.23 - Franzis Verlag GmbH)

iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)

ImageMate 6 in 1 Read/Writer (HKLM-x32\...\{59719F49-219A-4C02-904A-BF18E1956419}) (Version:  - )

iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)

Japanese Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

Joe (HKLM-x32\...\{2F8C3308-46DC-4431-B1C0-5C579A5CADBE}) (Version: 3.08.0100 - Wirth IT Design)

Kaminfeuer Comprehensive Edition 1080 (HKLM-x32\...\ST5UNST #1) (Version:  - )

KeePass Password Safe 2.25 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)

Lidl-Fotos (HKLM-x32\...\Lidl-Fotos_is1) (Version:  - )

MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)

MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{4745C004-7D5D-42BB-816A-79BF29C3A65C}) (Version: 4.3.2.0 - MAGIX Software GmbH)

MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX Software GmbH) Hidden

MAGIX Music Maker 2013 (HKLM-x32\...\MX.{E7F7CA64-C0FC-4499-BC4D-C764E24CA67B}) (Version: 19.0.7.67 - MAGIX Software GmbH)

MAGIX Music Maker 2013 (Version: 19.0.7.67 - MAGIX Software GmbH) Hidden

MAGIX Music Maker 2013 Trial Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden

Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)

Mediaport (HKLM-x32\...\Mediaport) (Version:  - )

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)

MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden

MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden

MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden

MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MyDriveConnect 4.0.4.2260 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.4.2260 - TomTom)

NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)

Nokia Connectivity Cable Driver (HKLM-x32\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)

Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)

Nokia Suite (x32 Version: 3.7.22.0 - Nokia) Hidden

OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.6.2 - Steganos Software GmbH)

OpenVPN 2.3.2-I003  (HKLM\...\OpenVPN) (Version: 2.3.2-I003 - )

PaperPort (HKLM-x32\...\{71C97545-E547-4A8B-B0C8-61FF853270AC}) (Version: 9.02.0827 - ScanSoft, Inc.)

PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)

PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)

PowerDirector (Version: 10.00.0000 - CyberLink Corp.) Hidden

QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)

Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )

Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)

Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)

Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden

Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.1.0.11112_41 - Samsung Electronics Co., Ltd.)

Samsung Kies (x32 Version: 2.1.0.11112_41 - Samsung Electronics Co., Ltd.) Hidden

Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)

Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)

Security Task Manager 1.8d (HKLM-x32\...\Security Task Manager) (Version: 1.8d - Neuber Software)

Shutdown7 Version 2.1.2 (HKLM-x32\...\{37D95233-83D5-4511-8FFA-E6110FBB1F3E}_is1) (Version: 2.1.2 - Marius Lutz)

Siggi Blitz Vorschule 1 (HKLM-x32\...\Siggi Blitz Vorschule 1_is1) (Version:  - Paletti)

SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)

SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden

STRATO HiDrive (remove only) (HKLM-x32\...\STRATO HiDrive) (Version:  - STRATO AG)

TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )

Task Coach 1.3.38 (HKLM-x32\...\Task Coach_is1) (Version:  - Frank Niessink, Jerome Laheurte, and Aaron Wolf)

TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)

Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)

TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)

VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden

VMware Player (HKLM-x32\...\VMware_Player) (Version: 4.0.4.30409 - VMware, Inc)

VMware Player (x32 Version: 4.0.4.30409 - VMware, Inc.) Hidden

WD Drive Utilities (HKLM-x32\...\{2F540611-6560-470F-924A-5F52EFA9156F}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)

WD Quick View (HKLM-x32\...\{948427A9-EC32-47A3-AA32-3C9EBA7C7E5D}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)

WD Security (HKLM-x32\...\{8A7B24E8-864E-4794-95C4-17644D0991AA}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows-Treiberpaket - Funkwerk (WinUSB) MyDeviceClass  (11/15/2010 1.0.0.2) (HKLM\...\71B1F586AD0C9816250D297A4E45C51B92B20C83) (Version: 11/15/2010 1.0.0.2 - Funkwerk)

Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)

WISO Steuer-Sparbuch 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)

WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)

WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{7A619227-116C-4B0F-97CE-B34E53D4E0BB}) (Version: 21.00.8480 - Buhl Data Service GmbH)

WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{FFF441EC-44A8-48D0-8B02-731FC7175305}) (Version: 22.00.8811 - Buhl Data Service GmbH)

Wunderlist - Wunderlist (HKLM-x32\...\Wunderlist Wunderlist) (Version: 3.4.3 - Wunderlist)

XMedia Recode Version 3.2.3.3 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.3.3 - XMedia Recode)
 

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 

==================== Wiederherstellungspunkte =========================
 

27-09-2015 21:28:07 JRT Pre-Junkware Removal
 

==================== Hosts Inhalt: ===============================
 

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

Task: {03601431-604F-42C6-8511-403DC502EA31} - System32\Tasks\Areca Backup monatlich => F:\Eigene Dateien\Thorsten\Andere Benutzer\Thorsten\IT und TK\Backup\97364814_every_28_days.bat [2014-10-23] ()

Task: {0F0A1301-B3E1-429C-921E-0D0B45DA8A80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {18280E33-486C-487B-8869-52A111BE1376} - System32\Tasks\Areca Backup täglich => F:\Eigene Dateien\Thorsten\Andere Benutzer\Thorsten\IT und TK\Backup\97364814_every_1_days.bat [2014-10-23] ()

Task: {25136AB6-61B4-4D76-9FA6-6F7502B2F20D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

Task: {3E74C2A3-0542-4279-BDA3-59BEF5E05108} - System32\Tasks\Areca Backup wöchentlich => F:\Eigene Dateien\Thorsten\Andere Benutzer\Thorsten\IT und TK\Backup\97364814_every_7_days.bat [2014-10-23] ()

Task: {4A2486D8-4B77-412A-9E92-205E7C3FE7DB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {4C12C8F9-55FF-4AB7-8CC7-83769ECA3F07} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

Task: {4CDF0708-F526-4315-AB20-80481252C396} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)

Task: {62871875-F7AE-4774-A475-098B90B397C3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

Task: {7184E9AE-B01E-4582-8E63-5C9110F168C2} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {82DE5D07-9962-401D-9866-53F04A1CC62B} - System32\Tasks\{FCF98728-23EA-47B7-85E4-20F7C0F4D4E9} => C:\Program Files (x86)\Elaborate Bytes\CloneCD\CloneCD.exe

Task: {86EED966-CA97-4FA3-AD8A-1D465CEE2194} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {ADD511ED-2FC4-4900-AB0F-B172B6800413} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {AF20CA7C-EF74-497D-9EA2-8BF47C51EA59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {B6659BDA-0AA0-4CF2-B3A0-BAB83669679E} - System32\Tasks\{9051820C-5BAA-4C92-B9AB-339E430CB551} => pcalua.exe -a "C:\Program Files (x86)\ScanSoft\PaperPort\ptdntins.exe"

Task: {EDBC1990-8CD7-4D9D-8170-CEFFDE262409} - System32\Tasks\{C155EAD2-073D-46A6-834A-C74306E538F2} => pcalua.exe -a "C:\Users\Thorsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0OV4JJIY\AudibleDM_iTunesSetup.exe" -d C:\Users\Thorsten\Desktop

Task: {F5A58AA2-9B47-46A4-86B8-44C3D1F7E8A5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
 

2014-03-04 09:37 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll

2014-03-04 09:37 - 2006-02-22 11:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2015-07-10 12:11 - 2015-07-10 12:11 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

2012-05-17 11:18 - 2012-04-24 18:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe

2012-04-29 21:35 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll

2015-06-16 11:17 - 2015-06-16 11:17 - 00382584 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll

2011-07-31 18:39 - 2011-07-12 10:01 - 00307200 _____ () F:\Eigene Dateien\Thorsten\Install\Tools\Passwortverwaltung\KeePass-2.16\KeePass.XmlSerializers.dll

2013-11-25 18:12 - 2014-07-02 10:13 - 01427736 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe

2013-04-17 15:09 - 2013-04-17 15:09 - 00635392 _____ () C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe

2015-07-08 14:01 - 2015-07-08 14:01 - 04101632 _____ () C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe

2015-07-10 11:57 - 2015-07-10 11:57 - 00221696 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll

2015-07-10 11:51 - 2015-07-10 11:51 - 00087040 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll

2015-07-10 11:43 - 2015-07-10 11:43 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll

2015-07-10 11:57 - 2015-07-10 11:57 - 00070656 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll

2015-07-10 11:59 - 2015-07-10 11:59 - 00744448 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll

2012-06-09 02:36 - 2012-06-09 02:36 - 01229464 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll

2015-09-15 14:25 - 2015-09-15 14:25 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 08507384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 02354168 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 01014776 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00364536 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 02481144 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 01347064 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00206328 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 02653176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00033272 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00035832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00207352 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 11166712 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00276984 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll

2012-12-21 16:29 - 2012-12-21 16:29 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll

2012-12-21 16:29 - 2012-12-21 16:29 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll

2012-12-21 18:56 - 2012-12-21 18:56 - 00438264 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00446456 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00520696 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00720888 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll

2012-12-21 18:56 - 2012-12-21 18:56 - 00606200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00093176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll

2012-12-21 16:29 - 2012-12-21 16:29 - 00110080 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll

2015-07-23 10:59 - 2015-07-23 10:59 - 00140288 _____ () C:\Program Files (x86)\MyDrive Connect\quazip.dll

2014-09-11 17:06 - 2014-09-11 17:06 - 00878592 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00032256 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00027648 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00381952 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00204800 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00218112 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll

2014-09-11 17:08 - 2014-09-11 17:08 - 00015872 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00015360 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll

2014-09-11 17:15 - 2014-09-11 17:15 - 00307712 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll

2014-09-11 17:15 - 2014-09-11 17:15 - 00014848 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll

2014-09-11 17:15 - 2014-09-11 17:15 - 00252928 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00036352 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll

2014-09-11 17:06 - 2014-09-11 17:06 - 00038912 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll

2015-05-30 22:34 - 2011-04-18 09:46 - 00285696 _____ () C:\Program Files (x86)\Shutdown7\WPFToolkit.Extended.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 00088064 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\QtSolutions_SingleApplication-2.6.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 00011362 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\mingwm10.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 00043008 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\libgcc_s_dw2-1.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 02411520 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\QtCore4.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 09489920 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\QtGui4.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 01135616 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\QtNetwork4.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 00398336 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\QtXml4.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 00179712 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\QtSolutions_SOAP-2.7.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 09789208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll

2013-11-25 18:10 - 2014-07-02 10:14 - 03880216 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 02738456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 02116376 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01932568 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 04326168 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll

2013-11-25 18:10 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll

2013-11-25 18:10 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll

2013-11-25 18:10 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01564952 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 05291288 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01698584 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01809688 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01627928 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01341208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01309464 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 07340824 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01286936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll

2013-04-29 12:22 - 2013-04-29 12:22 - 00247747 _____ () C:\Program Files (x86)\GNU\GnuPG\libexpat.dll

2015-07-08 14:01 - 2015-07-08 14:01 - 01955840 _____ () C:\Program Files (x86)\GNU\GnuPG\libkleo.dll

2015-07-08 14:00 - 2015-07-08 14:00 - 03361280 _____ () C:\Program Files (x86)\GNU\GnuPG\bin\libkdecore.dll

2015-07-08 14:00 - 2015-07-08 14:00 - 00039936 _____ () C:\Program Files (x86)\GNU\GnuPG\libkdewin.dll

2015-07-08 15:10 - 2015-07-08 15:10 - 00038912 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcc_s_sjlj-1.dll

2013-04-17 15:09 - 2013-04-17 15:09 - 00507904 _____ () C:\Program Files (x86)\GNU\GnuPG\libdbus-1.dll

2015-07-08 14:00 - 2015-07-08 14:00 - 04033024 _____ () C:\Program Files (x86)\GNU\GnuPG\libkdeui.dll

2015-07-08 14:00 - 2015-07-08 14:00 - 00949760 _____ () C:\Program Files (x86)\GNU\GnuPG\libattica.dll

2015-07-08 14:00 - 2015-07-08 14:00 - 00258560 _____ () C:\Program Files (x86)\GNU\GnuPG\libdbusmenu-qt.dll

2015-07-08 14:00 - 2015-07-08 14:00 - 00858112 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpgme++.dll

2015-07-10 12:35 - 2015-07-10 12:35 - 00260608 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpgme-11.dll

2014-12-16 17:35 - 2014-12-16 17:35 - 00075692 _____ () C:\Program Files (x86)\GNU\GnuPG\bin\libassuan-0.dll

2014-12-16 17:31 - 2014-12-16 17:31 - 00079589 _____ () C:\Program Files (x86)\GNU\GnuPG\bin\libgpg-error-0.dll

2015-07-08 14:00 - 2015-07-08 14:00 - 00072704 _____ () C:\Program Files (x86)\GNU\GnuPG\libqgpgme.dll

2015-07-08 14:00 - 2015-07-08 14:00 - 00294400 _____ () C:\Program Files (x86)\GNU\GnuPG\libkcmutils.dll

2015-07-08 14:00 - 2015-07-08 14:00 - 00603136 _____ () C:\Program Files (x86)\GNU\GnuPG\libkmime.dll
 

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
 
 

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
 
 

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
 
 

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
 

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com

IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com

IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com

IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info

IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com

IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net

IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net

IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com

IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com

IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com

IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com

IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com

IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz

IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net

IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com
 

Da befinden sich 4788 mehr eingeschränkte Seiten.
 

==================== Andere Bereiche ============================
 

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Thorsten\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.178.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall ist deaktiviert.
 

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
 

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 
 

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{786F2C49-A09E-4BAA-A02F-F42E53A75627}] => (Allow) C:\Program Files (x86)\Brother\Brmfl05c\FAXRX.exe

FirewallRules: [{229E1F92-A8DC-4B5C-AAD4-A22584BA912F}] => (Allow) C:\Program Files (x86)\Brother\Brmfl05c\FAXRX.exe

FirewallRules: [{F64B86A4-C359-480A-BA9E-4707C54FBCB6}] => (Allow) LPort=54925

FirewallRules: [{4F20E569-DBBE-4CD8-A83C-A54F9145C325}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

FirewallRules: [{5B2ACB7F-D6A7-4424-875C-B6525136ED84}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

FirewallRules: [{D0E87458-DCC1-4CE8-80BD-45C240AE9525}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

FirewallRules: [{10A8E631-2B29-4EC5-898E-7754962699C4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

FirewallRules: [TCP Query User{785794A0-0720-4EFA-B2A0-47810EB921D7}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe

FirewallRules: [UDP Query User{193D045D-0530-48DA-BEA3-566EA6EC3663}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe

FirewallRules: [{26055A18-230C-4873-98EC-C081614A16A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{8172ECB3-D45B-4A53-8B37-E77ABC8EA2BB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{1DAB8DFD-332A-4277-9F11-EF8297343F04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{8B36766C-B8EB-4D5A-94EC-3B3F4F21F6F3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{BB41935E-6C0D-4F1B-9216-57B9D09E30E4}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE

FirewallRules: [{93EAE340-B1B9-4297-ADEB-16BA6C4E5889}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{C95642E6-5E90-41D3-9BAC-EC48F5BDEC3E}] => (Allow) LPort=2869

FirewallRules: [{9165F8DE-2173-43ED-8D05-A9DF9A50DB1A}] => (Allow) LPort=1900

FirewallRules: [{B048EA78-B549-42B0-81CD-6A3353025963}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

FirewallRules: [{A5C401FD-3144-46A8-9334-123FDF22CB44}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

FirewallRules: [{62E850E4-4077-4186-BD3E-02DA13B94D37}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe

FirewallRules: [{8F4321AE-EB5C-42DF-9C9A-F50A4B1EAC21}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe

FirewallRules: [{95F629B1-67CE-473A-B276-5DC56B9FB10B}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe

FirewallRules: [{39DEFA3C-C433-47FE-8117-16ECC040ABD2}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe

FirewallRules: [{94847366-37EA-44A1-B1A0-0785A1E13CCD}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{1C003368-3A32-432E-92C2-AC283616F176}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [TCP Query User{02DF6646-4F32-4FDB-8B41-E112952F2C3B}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe

FirewallRules: [UDP Query User{21041C26-C6B7-4419-88D6-32097132D404}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe

FirewallRules: [{B45459F5-71E6-41F2-92C5-5B19E265D008}] => (Block) C:\program files\openvpn\bin\openvpn.exe

FirewallRules: [{8B276753-F802-4D1A-A285-E4375C5F9FE8}] => (Block) C:\program files\openvpn\bin\openvpn.exe

FirewallRules: [TCP Query User{789C4396-8391-4A54-9938-AFF152DEDA91}C:\users\thorsten\appdata\local\temp\_istmp2.dir\_ins5576._mp] => (Allow) C:\users\thorsten\appdata\local\temp\_istmp2.dir\_ins5576._mp

FirewallRules: [UDP Query User{70A7036D-C223-4AAA-9E81-58DFCAF7CC9D}C:\users\thorsten\appdata\local\temp\_istmp2.dir\_ins5576._mp] => (Allow) C:\users\thorsten\appdata\local\temp\_istmp2.dir\_ins5576._mp

FirewallRules: [{5D8B56C0-E491-4F98-9697-269CC000A430}] => (Block) C:\users\thorsten\appdata\local\temp\_istmp2.dir\_ins5576._mp

FirewallRules: [{5DFB3188-9CB0-4A3B-A2F8-BA3DAD4444C2}] => (Block) C:\users\thorsten\appdata\local\temp\_istmp2.dir\_ins5576._mp

FirewallRules: [TCP Query User{AB63F857-1C8A-466E-8F65-F748914163E7}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe

FirewallRules: [UDP Query User{EC91B8B9-919D-4E49-A088-7FA4FEA51DE3}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe

FirewallRules: [{FC39D6BA-19A0-4B88-8402-EFE560075D54}] => (Block) C:\program files (x86)\fritz!\frifax32.exe

FirewallRules: [{9FD9E172-F7BC-4615-A637-373F54A32693}] => (Block) C:\program files (x86)\fritz!\frifax32.exe

FirewallRules: [{0617755E-D8C4-4F4C-9597-8F537E595433}] => (Allow) C:\Program Files (x86)\Brother\Brmfl05c\FAXRX.exe

FirewallRules: [{96B08EAB-1B54-4EC7-9D1A-9D8B999EE81B}] => (Allow) C:\Program Files (x86)\Brother\Brmfl05c\FAXRX.exe

FirewallRules: [{F5B095D5-77FA-4965-B18A-BF35E17D87A3}] => (Allow) LPort=54925

FirewallRules: [{5D290E12-D126-42FC-B2CD-848554077966}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{301B9949-41DE-490E-9ED3-4BAC1DD2C744}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{AB25209A-63BB-4DFA-A968-EB68D9A7B44C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{78758E49-E6E2-417A-BCCC-E6A353D4679D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{FF6900D8-79A4-419A-9BA7-C75EA0F0F502}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

FirewallRules: [{3B8BA473-E80B-4FD4-A3B7-B413E50B5E21}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

FirewallRules: [{C6233F94-1062-430F-895A-5CA18DEEF678}] => (Allow) LPort=4481

FirewallRules: [{570512E3-84BB-4508-B778-E1505D2F065C}] => (Allow) LPort=4481

FirewallRules: [{EDBB8581-F206-4A42-9904-F58A0AC486F8}] => (Allow) LPort=4482

FirewallRules: [{6ABF50B2-08F5-4E67-B061-177A41E77D26}] => (Allow) LPort=4482

FirewallRules: [{0157406D-42A6-4909-875D-AA6CB4DE38A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{D7324AEC-24F1-4651-8DA7-DA138E370187}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{5A32BF07-57E0-4A22-9F1C-D646B5A6A322}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{F001E7B5-A5A1-4257-AFDF-1B731C467881}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{B8FE8193-13D4-490C-ABA2-65C67B4712D8}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{8F5FB7E4-0FD2-4156-839C-DF4CDCE7D2C1}] => (Allow) C:\Users\Thorsten\AppData\Roaming\Steganos\OkayFreedom\Proxy\node.exe
 

==================== Fehlerhafte Geräte im Gerätemanager =============
 
 

==================== Fehlereinträge in der Ereignisanzeige: =========================
 

Applikationsfehler:

==================

Error: (09/27/2015 09:37:47 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (09/27/2015 09:21:38 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (09/27/2015 10:15:58 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80004005
 

Error: (09/27/2015 09:46:04 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (09/26/2015 10:01:43 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (09/26/2015 08:13:59 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (09/25/2015 09:09:54 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80004005
 

Error: (09/25/2015 08:51:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (09/24/2015 06:48:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80004005
 

Error: (09/24/2015 05:58:49 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80004005
 
 

Systemfehler:

=============

Error: (09/27/2015 09:36:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "LiveUpdate" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (09/27/2015 09:36:00 PM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.
 

Error: (09/27/2015 09:35:56 PM) (Source: amdkmdag) (EventID: 10270) (User: )

Description: EDID contain an error in the RangeLimit field
 

Error: (09/27/2015 09:29:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (09/27/2015 09:29:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "FABS - Helping agent for MAGIX media database" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (09/27/2015 09:29:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (09/27/2015 09:29:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (09/27/2015 09:29:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "ServiceLayer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (09/27/2015 09:29:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Blackberry Device Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (09/27/2015 09:29:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
 

CodeIntegrity:

===================================

  Date: 2015-09-24 18:47:54.759

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-24 17:53:42.967

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-24 17:41:33.107

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-24 13:28:05.872

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-18 22:16:02.085

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-18 13:26:08.216

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-18 10:04:44.647

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-18 09:58:39.816

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-18 09:48:47.762

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-18 09:37:58.623

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Speicherinformationen =========================== 
 

Prozessor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz

Prozentuale Nutzung des RAM: 34%

Installierter physikalischer RAM: 8190.49 MB

Verfügbarer physikalischer RAM: 5383.48 MB

Summe virtueller Speicher: 16379.19 MB

Verfügbarer virtueller Speicher: 13068.7 MB
 

==================== Laufwerke ================================
 

Drive c: () (Fixed) (Total:111.69 GB) (Free:2.57 GB) NTFS

Drive e: (Daten01) (Fixed) (Total:2794.39 GB) (Free:1783.16 GB) NTFS

Drive f: (Daten02) (Fixed) (Total:931.51 GB) (Free:685.56 GB) NTFS

Drive i: (LOTTA_DVD2) (CDROM) (Total:3.85 GB) (Free:0 GB) UDF
 

==================== MBR & Partitionstabelle ==================
 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0DF7472A)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)
 

Partition: GPT.
 

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: A22EF57C)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 

==================== Ende von Addition.txt ============================

Grüße,
Thorsten

Thorsten_

28.09.2015 07:35

...und "Gmer.txt":

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2015-09-27 23:12:19

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-5 Corsair_Force_3_SSD rev.1.3.3 111,79GB

Running: Gmer-19357.exe; Driver: C:\Users\Thorsten\AppData\Local\Temp\pwxcrkob.sys
 
 

---- User code sections - GMER 2.1 ----
 

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                  0000000076151401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                    0000000076151419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                  0000000076151431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                  000000007615144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                                                      * 9

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                     00000000761514dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                              00000000761514f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                     000000007615150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                              0000000076151525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                    000000007615153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                         0000000076151555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                  000000007615156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                    0000000076151585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                       000000007615159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                    00000000761515b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                  00000000761515cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                              00000000761516b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                              00000000761516bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                   0000000076151401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                     0000000076151419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                   0000000076151431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                   000000007615144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                                                      * 9

.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                      00000000761514dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                               00000000761514f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                      000000007615150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                               0000000076151525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                     000000007615153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                          0000000076151555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                   000000007615156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                     0000000076151585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                        000000007615159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                     00000000761515b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                   00000000761515cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                               00000000761516b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                               00000000761516bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll

.text  C:\WINDOWS\SYSWOW64\VMNAT.EXE[2768] C:\WINDOWS\SYSWOW64\SHFOLDER.dll!SHGetFolderPathW + 4                                                                                0000000070d613b0 2 bytes JMP 769a55a8 C:\Windows\syswow64\SHELL32.dll

.text  C:\WINDOWS\SYSWOW64\VMNAT.EXE[2768] C:\WINDOWS\SYSWOW64\SHFOLDER.dll!SHGetFolderPathW + 20                                                                               0000000070d613c0 2 bytes CALL 753a9cee C:\Windows\syswow64\msvcrt.dll

.text  ...                                                                                                                                                                      * 20

.text  C:\WINDOWS\SYSWOW64\VMNAT.EXE[2768] C:\WINDOWS\SYSWOW64\SHFOLDER.dll!SHGetFolderPathA + 22                                                                               0000000070d6153e 2 bytes CALL 76a37724 C:\Windows\syswow64\SHELL32.dll

.text  C:\WINDOWS\SYSWOW64\VMNAT.EXE[2768] C:\WINDOWS\SYSWOW64\SHFOLDER.dll!SHGetFolderPathA + 43                                                                               0000000070d61553 2 bytes CALL 75a910ff C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                               0000000076151401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2908] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                 0000000076151419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                               0000000076151431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                               000000007615144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                                                      * 9

.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2908] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                  00000000761514dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                           00000000761514f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                  000000007615150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                           0000000076151525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                 000000007615153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2908] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                      0000000076151555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                               000000007615156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                 0000000076151585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                    000000007615159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                 00000000761515b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                               00000000761515cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                           00000000761516b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                           00000000761516bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                             0000000076151401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4684] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                               0000000076151419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                             0000000076151431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                             000000007615144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                                                      * 9

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4684] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                00000000761514dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                         00000000761514f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                000000007615150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                         0000000076151525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                               000000007615153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4684] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                    0000000076151555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                             000000007615156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                               0000000076151585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                  000000007615159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                               00000000761515b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                             00000000761515cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                         00000000761516b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                         00000000761516bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4692] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint                                               00000000779d000c 1 byte [C3]

.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4692] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                          0000000077a5fbaa 5 bytes JMP 0000000177a19c63

.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                               0000000076151401 2 bytes JMP 75abb20b C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4728] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                 0000000076151419 2 bytes JMP 75abb336 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                               0000000076151431 2 bytes JMP 75b38f39 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                               000000007615144a 2 bytes CALL 75a94885 C:\Windows\syswow64\KERNEL32.dll

.text  ...                                                                                                                                                                      * 9

.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4728] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                  00000000761514dd 2 bytes JMP 75b38832 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                           00000000761514f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                  000000007615150d 2 bytes JMP 75b38728 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                           0000000076151525 2 bytes JMP 75b38af2 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                 000000007615153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4728] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                      0000000076151555 2 bytes JMP 75ab68df C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                               000000007615156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                 0000000076151585 2 bytes JMP 75b38b52 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                    000000007615159d 2 bytes JMP 75b386ec C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                 00000000761515b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                               00000000761515cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                           00000000761516b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                           00000000761516bd 2 bytes JMP 75b38681 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                          0000000076151401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[4740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                            0000000076151419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                          0000000076151431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                          000000007615144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                                                      * 9

.text  C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[4740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                             00000000761514dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                      00000000761514f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[4740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                             000000007615150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                      0000000076151525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                            000000007615153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[4740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                 0000000076151555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                          000000007615156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                            0000000076151585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[4740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                               000000007615159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                            00000000761515b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                          00000000761515cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                      00000000761516b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                      00000000761516bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe[4848] C:\Program Files (x86)\Common Files\SYSTEM\MSMAPI\1031\MSMAPI32.DLL!HrDispatchNotifications@4 + 112  0000000058721b80 4 bytes [68, 06, A3, C0]

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[4872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                 0000000076151401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[4872] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                   0000000076151419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[4872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                 0000000076151431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[4872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                 000000007615144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                                                      * 9

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[4872] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                    00000000761514dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[4872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                             00000000761514f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[4872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                    000000007615150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[4872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                             0000000076151525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[4872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                   000000007615153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[4872] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                        0000000076151555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[4872] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                 000000007615156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[4872] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                   0000000076151585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[4872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                      000000007615159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[4872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                   00000000761515b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[4872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                 00000000761515cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[4872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                             00000000761516b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[4872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                             00000000761516bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                   0000000076151401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe[4880] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                     0000000076151419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                   0000000076151431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                   000000007615144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                                                      * 9

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe[4880] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                      00000000761514dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                               00000000761514f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe[4880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                      000000007615150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                               0000000076151525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                     000000007615153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe[4880] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                          0000000076151555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                   000000007615156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                     0000000076151585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe[4880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                        000000007615159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                     00000000761515b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                   00000000761515cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                               00000000761516b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                               00000000761516bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\kernel32.dll!FindResourceW                                                        0000000075a95911 5 bytes JMP 0000000100440980

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\kernel32.dll!FindResourceA                                                        0000000075aae97b 5 bytes JMP 0000000100440930

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\user32.DLL!LoadStringW                                                            0000000076418eb9 5 bytes JMP 0000000100440fd0

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\user32.DLL!LoadStringA                                                            000000007641db21 5 bytes JMP 0000000100441110

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\user32.DLL!LoadMenuW                                                              0000000076424391 5 bytes JMP 0000000100440b40

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\user32.DLL!LoadMenuA                                                              0000000076434eef 5 bytes JMP 0000000100440ad0

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\user32.DLL!CreateDialogParamA                                                     0000000076435246 5 bytes JMP 00000001004409d0

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\user32.DLL!CreateDialogParamW                                                     00000000764410dc 5 bytes JMP 0000000100440a50

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                               0000000076151401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                 0000000076151419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                               0000000076151431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                               000000007615144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                                                      * 9

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                  00000000761514dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                           00000000761514f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                  000000007615150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                           0000000076151525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                 000000007615153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                      0000000076151555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                               000000007615156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                 0000000076151585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                    000000007615159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                 00000000761515b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                               00000000761515cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                           00000000761516b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                           00000000761516bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                      0000000076151401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                        0000000076151419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                      0000000076151431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                      000000007615144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                                                      * 9

.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                         00000000761514dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                  00000000761514f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                         000000007615150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                  0000000076151525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                        000000007615153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                             0000000076151555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                      000000007615156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                        0000000076151585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                           000000007615159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                        00000000761515b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                      00000000761515cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                  00000000761516b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                  00000000761516bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                    0000000076151401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5456] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                      0000000076151419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                    0000000076151431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                    000000007615144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                                                      * 9

.text  C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5456] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                       00000000761514dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                00000000761514f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                       000000007615150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                0000000076151525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                      000000007615153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5456] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                           0000000076151555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                    000000007615156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                      0000000076151585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                         000000007615159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                      00000000761515b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                    00000000761515cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                00000000761516b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                00000000761516bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                 0000000076151401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[5528] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                   0000000076151419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                 0000000076151431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                 000000007615144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                                                      * 9

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[5528] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                    00000000761514dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                             00000000761514f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[5528] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                    000000007615150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                             0000000076151525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                   000000007615153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[5528] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                        0000000076151555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                 000000007615156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                   0000000076151585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[5528] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                      000000007615159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                   00000000761515b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                 00000000761515cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                             00000000761516b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                             00000000761516bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[7876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                          0000000076151401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[7876] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                            0000000076151419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[7876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                          0000000076151431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[7876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                          000000007615144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                                                      * 9

.text  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[7876] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                             00000000761514dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[7876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                      00000000761514f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[7876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                             000000007615150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[7876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                      0000000076151525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[7876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                            000000007615153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[7876] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                 0000000076151555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[7876] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                          000000007615156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[7876] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                            0000000076151585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[7876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                               000000007615159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[7876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                            00000000761515b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[7876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                          00000000761515cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[7876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                      00000000761516b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[7876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                      00000000761516bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files\Internet Explorer\iexplore.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf + 207                                                                    000000007780fc5b 7 bytes JMP 0000000077a00097

.text  C:\Program Files\Internet Explorer\iexplore.exe[8972] C:\Windows\SYSTEM32\ntdll.dll!RtlEnterUmsSchedulingMode + 171                                                      00000000778bfc4b 7 bytes JMP 0000000077a00016

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\SysWOW64\ntdll.dll!RtlImageNtHeaderEx + 172                                                       00000000779ef569 7 bytes JMP 0000000077b60088

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\SysWOW64\ntdll.dll!RtlRemoveVectoredExceptionHandler + 572                                        0000000077a324bc 7 bytes JMP 0000000077b60008

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                      0000000076151401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                        0000000076151419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                      0000000076151431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                      000000007615144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                                                      * 9

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                         00000000761514dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                  00000000761514f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                         000000007615150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                  0000000076151525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                        000000007615153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                             0000000076151555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                      000000007615156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                        0000000076151585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                           000000007615159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                        00000000761515b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                      00000000761515cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                  00000000761516b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[9120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                  00000000761516bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                      0000000076151401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4168] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                        0000000076151419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                      0000000076151431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                      000000007615144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                                                      * 9

.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4168] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                         00000000761514dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                  00000000761514f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4168] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                         000000007615150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                  0000000076151525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                        000000007615153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4168] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                             0000000076151555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                      000000007615156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                        0000000076151585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4168] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                           000000007615159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                        00000000761515b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                      00000000761515cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                  00000000761516b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                  00000000761516bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[6056] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                       0000000076151401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[6056] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                         0000000076151419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[6056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                       0000000076151431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[6056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                       000000007615144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                                                      * 9

.text  C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[6056] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                          00000000761514dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[6056] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                   00000000761514f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[6056] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                          000000007615150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[6056] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                   0000000076151525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[6056] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                         000000007615153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[6056] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                              0000000076151555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[6056] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                       000000007615156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[6056] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                         0000000076151585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[6056] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                            000000007615159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[6056] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                         00000000761515b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[6056] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                       00000000761515cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[6056] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                   00000000761516b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe[6056] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                   00000000761516bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[6792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                         0000000076151401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[6792] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                           0000000076151419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[6792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                         0000000076151431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[6792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                         000000007615144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                                                      * 9

.text  C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[6792] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                            00000000761514dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[6792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                     00000000761514f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[6792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                            000000007615150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[6792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                     0000000076151525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[6792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                           000000007615153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[6792] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                0000000076151555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[6792] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                         000000007615156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[6792] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                           0000000076151585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[6792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                              000000007615159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[6792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                           00000000761515b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[6792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                         00000000761515cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[6792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                     00000000761516b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe[6792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                     00000000761516bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\SysWOW64\ntdll.dll!RtlImageNtHeaderEx + 172                                                       00000000779ef569 7 bytes JMP 0000000077b60088

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\SysWOW64\ntdll.dll!RtlRemoveVectoredExceptionHandler + 572                                        0000000077a324bc 7 bytes JMP 0000000077b60008

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                      0000000076151401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                        0000000076151419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                      0000000076151431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                      000000007615144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                                                      * 9

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                         00000000761514dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                  00000000761514f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                         000000007615150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                  0000000076151525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                        000000007615153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                             0000000076151555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                      000000007615156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                        0000000076151585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                           000000007615159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                        00000000761515b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                      00000000761515cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                  00000000761516b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7584] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                  00000000761516bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll
 

---- EOF - GMER 2.1 ----

Grüße,
Thorsten

schrauber

28.09.2015 20:11

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Thorsten_

28.09.2015 22:36

Hallo Schrauber,

hier die ComboFix.txt. Ich habe ComboFix 2 x ausgeführt. Beim ersten Mal war der Windows Defender noch aktiv. Nachher ist mir dann aufgefallen, dass ich ja damit die erste Logdatei überschrieben habe. Beim ersten Mal wurden 3 Dateien gelöscht: Eine Datei von Kies (Samsung), eine von Windows SysWow... (?) und an die dritte kann ich mich nicht erinnern.

Code:

ComboFix 15-09-25.01 - Thorsten 28.09.2015  23:00:44.3.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8190.6314 [GMT 2:00]

ausgeführt von:: c:\users\Thorsten\Desktop\ComboFix.exe

AV: G DATA INTERNET SECURITY *Disabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}

FW: G*DATA Personal Firewall *Disabled* {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

SP: G DATA INTERNET SECURITY *Disabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2015-08-28 bis 2015-09-28  ))))))))))))))))))))))))))))))

.

.

2015-09-28 21:07 . 2015-09-28 21:07        --------        d-----w-        c:\users\Default\AppData\Local\temp

2015-09-27 20:35 . 2015-09-27 20:45        --------        d-----w-        C:\FRST

2015-09-26 20:39 . 2015-09-26 20:42        113880        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-09-26 20:38 . 2015-09-26 20:38        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware

2015-09-26 20:38 . 2015-09-26 20:38        --------        d-----w-        c:\programdata\Malwarebytes

2015-09-26 20:38 . 2015-06-18 06:41        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys

2015-09-26 20:38 . 2015-06-18 06:41        109272        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2015-09-26 20:38 . 2015-06-18 06:41        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys

2015-09-25 18:58 . 2015-08-31 22:45        11062400        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC4D12B8-41B4-417D-B5AA-F68AA8FB11A0}\mpengine.dll

2015-09-18 06:46 . 2015-09-18 06:46        --------        d-----w-        c:\program files\iPod

2015-09-18 06:46 . 2015-09-18 06:46        --------        d-----w-        c:\program files (x86)\iTunes

2015-09-18 06:46 . 2015-09-18 06:46        --------        d-----w-        c:\program files\iTunes

2015-09-18 06:44 . 2015-09-18 06:44        --------        d-----w-        c:\program files\Bonjour

2015-09-18 06:44 . 2015-09-18 06:44        --------        d-----w-        c:\program files (x86)\Bonjour

2015-09-18 06:44 . 2015-09-18 06:44        --------        d-----w-        c:\program files (x86)\Apple Software Update

2015-09-17 21:49 . 2015-09-17 21:49        --------        d-----w-        c:\users\Thorsten\AppData\Local\FreeOCR

2015-09-17 21:33 . 2007-03-10 08:11        2680320        ----a-w-        c:\windows\SysWow64\ImageEnXLibrary.ocx

2015-09-17 21:33 . 2015-09-17 21:46        --------        d-----w-        C:\FreeOCR

2015-09-15 06:21 . 2015-09-15 06:21        --------        d-----w-        c:\users\Thorsten\AppData\Roaming\PC-FAX TX

2015-09-09 17:27 . 2015-09-09 17:27        --------        d-----w-        c:\windows\rescache

2015-09-09 07:50 . 2015-07-23 00:06        5568960        ----a-w-        c:\windows\system32\ntoskrnl.exe

2015-09-04 15:34 . 2015-09-04 15:44        --------        d-----w-        c:\users\Thorsten\AppData\Roaming\RavensburgerTipToi

2015-09-04 15:34 . 2015-09-04 15:34        --------        d-----w-        c:\programdata\RavensburgerTipToi

2015-09-04 15:34 . 2015-09-04 15:34        --------        d-----w-        c:\program files (x86)\Ravensburger tiptoi

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-09-21 20:58 . 2012-04-29 19:49        780488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2015-09-21 20:58 . 2012-04-29 19:49        142536        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2015-08-26 16:37 . 2012-04-28 13:11        134753440        ----a-w-        c:\windows\system32\MRT.exe

2015-08-26 09:59 . 2015-06-05 07:09        163504        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin

2015-08-12 14:03 . 2015-08-12 14:03        96528        ----a-w-        c:\windows\system32\dns-sd.exe

2015-08-12 14:03 . 2015-08-12 14:03        86288        ----a-w-        c:\windows\system32\dnssd.dll

2015-08-12 14:03 . 2015-08-12 14:03        61712        ----a-w-        c:\windows\system32\jdns_sd.dll

2015-08-12 14:03 . 2015-08-12 14:03        213264        ----a-w-        c:\windows\system32\dnssdX.dll

2015-08-12 14:03 . 2015-08-12 14:03        84240        ----a-w-        c:\windows\SysWow64\dns-sd.exe

2015-08-12 14:03 . 2015-08-12 14:03        72976        ----a-w-        c:\windows\SysWow64\dnssd.dll

2015-08-12 14:03 . 2015-08-12 14:03        50960        ----a-w-        c:\windows\SysWow64\jdns_sd.dll

2015-08-12 14:03 . 2015-08-12 14:03        178960        ----a-w-        c:\windows\SysWow64\dnssdX.dll

2015-08-11 19:13 . 2014-08-08 20:10        76288        ----a-w-        c:\windows\system32\drivers\PktIcpt.sys

2015-08-11 19:13 . 2014-08-08 20:09        65024        ----a-w-        c:\windows\system32\drivers\gdwfpcd64.sys

2015-08-11 19:13 . 2014-08-08 20:09        230912        ----a-w-        c:\windows\system32\drivers\MiniIcpt.sys

2015-08-11 19:13 . 2014-08-08 20:09        158720        ----a-w-        c:\windows\system32\drivers\GDBehave.sys

2015-08-11 19:13 . 2014-08-08 20:09        125952        ----a-w-        c:\windows\system32\drivers\HookCentre.sys

2015-08-06 09:43 . 2015-08-06 09:43        94208        ----a-w-        c:\windows\SysWow64\QuickTimeVR.qtx

2015-08-06 09:43 . 2015-08-06 09:43        69632        ----a-w-        c:\windows\SysWow64\QuickTime.qts

2015-07-30 18:06 . 2015-08-11 19:13        1648128        ----a-w-        c:\windows\system32\DWrite.dll

2015-07-30 18:06 . 2015-08-11 19:13        1180160        ----a-w-        c:\windows\system32\FntCache.dll

2015-07-30 18:06 . 2015-08-11 19:13        2565120        ----a-w-        c:\windows\system32\d3d10warp.dll

2015-07-30 17:57 . 2015-08-11 19:13        1251328        ----a-w-        c:\windows\SysWow64\DWrite.dll

2015-07-30 17:57 . 2015-08-11 19:13        1987584        ----a-w-        c:\windows\SysWow64\d3d10warp.dll

2015-07-30 13:13 . 2015-08-11 20:59        103120        ----a-w-        c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

2015-07-30 13:13 . 2015-08-11 20:59        124624        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2015-07-28 20:09 . 2015-08-11 19:20        17344        ----a-w-        c:\windows\system32\CompatTelRunner.exe

2015-07-28 20:05 . 2015-08-11 19:20        774656        ----a-w-        c:\windows\system32\invagent.dll

2015-07-28 20:05 . 2015-08-11 19:20        743424        ----a-w-        c:\windows\system32\generaltel.dll

2015-07-28 20:05 . 2015-08-11 19:20        437760        ----a-w-        c:\windows\system32\devinv.dll

2015-07-28 20:05 . 2015-08-11 19:20        1116672        ----a-w-        c:\windows\system32\appraiser.dll

2015-07-28 20:05 . 2015-08-11 19:20        69120        ----a-w-        c:\windows\system32\acmigration.dll

2015-07-28 20:05 . 2015-08-11 19:20        227328        ----a-w-        c:\windows\system32\aepdu.dll

2015-07-28 19:55 . 2015-08-11 19:20        1148416        ----a-w-        c:\windows\system32\aeinv.dll

2015-07-22 17:53 . 2015-09-09 07:50        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2015-07-16 19:12 . 2015-08-11 19:19        856064        ----a-w-        c:\windows\SysWow64\rdvidcrl.dll

2015-07-16 19:12 . 2015-08-11 19:19        53248        ----a-w-        c:\windows\SysWow64\tsgqec.dll

2015-07-16 19:12 . 2015-08-11 19:19        6131200        ----a-w-        c:\windows\SysWow64\mstscax.dll

2015-07-16 19:11 . 2015-08-11 19:19        62976        ----a-w-        c:\windows\system32\tsgqec.dll

2015-07-16 19:11 . 2015-08-11 19:19        7077376        ----a-w-        c:\windows\system32\mstscax.dll

2015-07-16 19:11 . 2015-08-11 19:19        1057792        ----a-w-        c:\windows\system32\rdvidcrl.dll

2015-07-15 18:15 . 2015-08-11 19:19        94656        ----a-w-        c:\windows\system32\drivers\mountmgr.sys

2015-07-15 18:10 . 2015-08-11 19:19        1743360        ----a-w-        c:\windows\system32\sysmain.dll

2015-07-15 18:10 . 2015-08-11 19:19        11264        ----a-w-        c:\windows\system32\msmmsp.dll

2015-07-15 03:19 . 2015-08-11 19:18        52736        ----a-w-        c:\windows\system32\basesrv.dll

2015-07-11 13:15 . 2015-08-11 19:19        429568        ----a-w-        c:\windows\system32\wksprt.exe

2015-07-11 02:33 . 2015-07-11 02:33        4587520        ----a-w-        c:\windows\SysWow64\GPhotos.scr

2015-07-10 17:51 . 2015-08-11 19:13        14177280        ----a-w-        c:\windows\system32\shell32.dll

2015-07-09 17:57 . 2015-08-11 19:13        193536        ----a-w-        c:\windows\system32\notepad.exe

2015-07-09 17:57 . 2015-08-11 19:13        193536        ----a-w-        c:\windows\notepad.exe

2015-07-09 17:42 . 2015-08-11 19:13        179712        ----a-w-        c:\windows\SysWow64\notepad.exe

2015-07-04 18:07 . 2015-07-20 17:21        2087424        ----a-w-        c:\windows\system32\ole32.dll

2015-07-04 17:48 . 2015-07-20 17:21        1414656        ----a-w-        c:\windows\SysWow64\ole32.dll

2015-07-01 20:49 . 2015-08-11 19:13        260096        ----a-w-        c:\windows\system32\WebClnt.dll

2015-07-01 20:48 . 2015-08-11 19:13        102912        ----a-w-        c:\windows\system32\davclnt.dll

2015-07-01 20:30 . 2015-08-11 19:13        206848        ----a-w-        c:\windows\SysWow64\WebClnt.dll

2015-07-01 20:30 . 2015-08-11 19:13        82432        ----a-w-        c:\windows\SysWow64\davclnt.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-04-26 43816]

"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-12-21 1090040]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-05-23 1561968]

"MyDriveConnect.exe"="c:\program files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe" [2015-07-23 1963912]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-29 39408]

"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2014-05-07 1516496]

"KeePass Password Safe 2"="f:\eigene dateien\Thorsten\Install\Tools\Passwortverwaltung\KeePass-2.16\KeePass.exe" [2011-07-12 1764352]

"gSyncit"="c:\program files (x86)\Fieldston Software\gSyncit\gsyncit.exe" [2015-09-09 228352]

"Shutdown"="c:\program files (x86)\Shutdown7\Shutdown7.exe" [2014-09-28 2276864]

"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2015-04-26 1079592]

"OKAYFREEDOM_Agent"="c:\program files (x86)\OkayFreedom\OkayFreedomClient.exe" [2015-09-10 6601224]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]

"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-09-15 60688]

"AVMWlanClient"="c:\program files (x86)\avmwlanstick\FRITZWLANMini.exe" [2012-08-21 933888]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-05-23 311152]

"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2013-07-10 1694080]

"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2014-07-22 5562736]

"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2014-02-03 2092032]

"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2015-06-16 1864312]

"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]

"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-08-06 421888]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]

Philips Configo.lnk - c:\program files (x86)\Philips\Configo\2.1.7.0\Configo.exe --daemon [2011-6-16 6338048]

WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe [2013-11-25 1427736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]

R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]

R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]

R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]

R3 fwlanusb5;FRITZ!WLAN N v2;c:\windows\system32\DRIVERS\fwlanusb5.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb5.sys [x]

R3 GigasetGenericUSB_x64;GigasetGenericUSB_x64;c:\windows\system32\DRIVERS\GigasetGenericUSB_x64.sys;c:\windows\SYSNATIVE\DRIVERS\GigasetGenericUSB_x64.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]

S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S1 GDKBFlt;G Data GDKBFlt Driver;c:\windows\system32\drivers\GDKBFlt64.sys;c:\windows\SYSNATIVE\drivers\GDKBFlt64.sys [x]

S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]

S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]

S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]

S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]

S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x]

S2 AVKService;G DATA Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [x]

S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [x]

S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 DRHARD64;DRHARD64;c:\windows\system32\drivers\DRHARD64.sys;c:\windows\SYSNATIVE\drivers\DRHARD64.sys [x]

S2 DRHMSR64;DRHMSR64;c:\windows\system32\drivers\DRHMSR64.sys;c:\windows\SYSNATIVE\drivers\DRHMSR64.sys [x]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]

S2 OkayFreedom VPN Starter Service;OkayFreedom VPN Starter Service;c:\program files (x86)\OkayFreedom\OkayFreedomService.exe;c:\program files (x86)\OkayFreedom\OkayFreedomService.exe [x]

S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]

S2 STRATO HiDrive Service;STRATO HiDrive Service;c:\program files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe;c:\program files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [x]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]

S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [x]

S3 GDKBB;G Data GDKBB Driver;c:\windows\system32\drivers\GDKBB64.sys;c:\windows\SYSNATIVE\drivers\GDKBB64.sys [x]

S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]

S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2015-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 20:58]

.

2015-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-29 19:48]

.

2015-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-29 19:48]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-03-20 13667032]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-09-15 170256]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.de/

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\r28c51jj.default-1391730025297\

.

.

------- Dateityp-Verknüpfung -------

.

inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1

txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe

.

.

"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z

[\]^_°\00\00°\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~°\00\00°\00\00\00\00t\00\00\00\00\00\00\00\00‘’“"

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,3f,6d,b8,c4,5a,f6,4e,ba,2f,16,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,3f,6d,b8,c4,5a,f6,4e,ba,2f,16,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.19"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2015-09-28  23:09:48

ComboFix-quarantined-files.txt  2015-09-28 21:09

ComboFix2.txt  2015-09-28 20:40

.

Vor Suchlauf: 14 Verzeichnis(se), 11.667.394.560 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 12.322.070.528 Bytes frei

.

- - End Of File - - 7B0B583C7E842D35D1951E5D12DB5C06

8F558EB6672622401DA993E1E865C861

Gruß,
Thorsten

schrauber

29.09.2015 19:05

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Thorsten_

29.09.2015 22:50

Hallo Schrauber,

"mbam.txt":

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlaufdatum: 29.09.2015

Suchlaufzeit: 22:40

Protokolldatei: mbam.txt

Administrator: Ja
 

Version: 2.1.8.1057

Malware-Datenbank: v2015.09.29.06

Rootkit-Datenbank: v2015.09.22.01

Lizenz: Kostenlose Version

Malware-Schutz: Deaktiviert

Schutz vor bösartigen Websites: Deaktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: Thorsten
 

Suchlauftyp: Bedrohungssuchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 421287

Abgelaufene Zeit: 17 Min., 33 Sek.
 

Speicher: Aktiviert

Start: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(keine bösartigen Elemente erkannt)
 

Module: 0

(keine bösartigen Elemente erkannt)
 

Registrierungsschlüssel: 0

(keine bösartigen Elemente erkannt)
 

Registrierungswerte: 0

(keine bösartigen Elemente erkannt)
 

Registrierungsdaten: 0

(keine bösartigen Elemente erkannt)
 

Ordner: 0

(keine bösartigen Elemente erkannt)
 

Dateien: 0

(keine bösartigen Elemente erkannt)
 

Physische Sektoren: 0

(keine bösartigen Elemente erkannt)
 
 

(end)

"AdwCleaner[C4].txt":

Code:

# AdwCleaner v5.009 - Bericht erstellt am 29/09/2015 um 23:08:24

# Aktualisiert am 27/09/2015 von Xplode

# Datenbank : 2015-09-27.1 [Server]

# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)

# Benutzername : Thorsten - THORSTEN-PC-SSD

# Gestartet von : C:\Users\Thorsten\Desktop\AdwCleaner_5.009.exe

# Option : Löschen

# Unterstützung : hxxp://toolslib.net/forum
 

***** [ Dienste ] *****
 
 

***** [ Ordner ] *****
 

[-] Ordner Gelöscht : C:\ProgramData\Buhl Data Service GmbH
 

***** [ Dateien ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Geplante Tasks ] *****
 

[-] Task Gelöscht : Adobe Flash Player Updater
 

***** [ Registrierungsdatenbank ] *****
 
 

***** [ Internetbrowser ] *****
 
 

*************************
 

:: Proxy Einstellungen zurückgesetzt

:: Winsock Einstellungen zurückgesetzt

:: Internet Explorer Richtlinien gelöscht

:: Chrome Richtlinien gelöscht
 

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [916 Bytes] ##########

"JRT.txt":

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.6.4 (09.28.2015:1)

OS: Windows 7 Professional x64

Ran by Thorsten on 29.09.2015 at 23:23:36,90

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Tasks
 
 
 

~~~ Registry Values
 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 29.09.2015 at 23:28:00,03

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

...und die neue "FRST.txt":

Code:

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01

durchgeführt von Thorsten (Administrator) auf THORSTEN-PC-SSD (29-09-2015 23:37:56)

Gestartet von C:\Users\Thorsten\Desktop

Geladene Profile: Thorsten (Verfügbare Profile: Thorsten)

Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)

Internet Explorer Version 11 (Standard-Browser: IE)

Start-Modus: Normal

Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Prozesse (Nicht auf der Ausnahmeliste) =================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
 

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_19_0_0_185_ActiveX.exe
 
 

==================== Registry (Nicht auf der Ausnahmeliste) ===========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
 

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-03-20] (Realtek Semiconductor)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)

HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)

HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)

HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)

HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)

HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)

HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1864312 2015-06-16] (G DATA Software AG)

HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)

HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 

HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1963912 2015-07-23] (TomTom)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-04-29] (Google Inc.)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-05-07] (TrueCrypt Foundation)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [KeePass Password Safe 2] => F:\Eigene Dateien\Thorsten\Install\Tools\Passwortverwaltung\KeePass-2.16\KeePass.exe [1764352 2011-07-12] (Dominik Reichl)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [gSyncit] => C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [228352 2015-09-09] (Fieldston Software)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [Shutdown] => C:\Program Files (x86)\Shutdown7\Shutdown7.exe [2276864 2014-09-28] (Marius Lutz)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-04-26] (Apple Inc.)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [6601224 2015-09-10] (Steganos Software GmbH)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2012-07-18]

ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips Configo.lnk [2012-05-18]

ShortcutTarget: Philips Configo.lnk -> C:\Program Files (x86)\Philips\Configo\2.1.7.0\Configo.exe (Philips)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012-08-22]

ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
 

==================== Internet (Nicht auf der Ausnahmeliste) ====================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
 

AutoConfigURL: [S-1-5-21-1553145624-146524218-4249679610-1001] => hxxp://127.0.0.1:8445/okf.pac

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{BBA20A84-353E-4C25-9B52-ABDD82773A58}: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{CB18DCCC-3BA8-4717-AA5B-3B7174CBDBD4}: [DhcpNameServer] 192.168.178.1
 

Internet Explorer:

==================

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-24] (Oracle Corporation)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-24] (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)

Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

Toolbar: HKU\S-1-5-21-1553145624-146524218-4249679610-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

DPF: HKLM {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex64-2.2.6.2.cab

DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
 

FireFox:

========

FF ProfilePath: C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\r28c51jj.default-1391730025297

FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-13] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-21] (CANON INC.)

FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-24] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-24] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-12-21] ( )

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

FF Extension: OkayFreedom - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\r28c51jj.default-1391730025297\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2015-09-18]

FF Extension: Kein Name - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\r28c51jj.default-1391730025297\extensions\ascsurfingprotection@iobit.com [nicht gefunden]
 

==================== Dienste (Nicht auf der Ausnahmeliste) ========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2558072 2015-06-19] (G Data Software AG)

R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [966776 2015-06-16] (G Data Software AG)

R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [3711712 2015-06-16] (G Data Software AG)

S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [Datei ist nicht signiert]

S2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-07-10] () [Datei ist nicht signiert]

S2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]

S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]

R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3202368 2015-06-19] (G Data Software AG)

R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789624 2015-06-16] (G Data Software AG)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [345632 2015-09-10] (Steganos Software GmbH)

S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2013-08-22] (The OpenVPN Project)

S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()

S2 STRATO HiDrive Service; C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO) [Datei ist nicht signiert]

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)

S2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-06-09] (VMware, Inc.) [Datei ist nicht signiert]

R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
 

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)

R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)

R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)

R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()

R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-17] (Disc Soft Ltd)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] () [Datei ist nicht signiert]

S3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [158720 2015-08-11] (G Data Software AG)

R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [27648 2015-04-22] (G Data Software AG)

R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-04-22] (G Data Software AG)

R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [230912 2015-08-11] (G Data Software AG)

R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [76288 2015-08-11] (G Data Software AG)

R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [65024 2015-08-11] (G Data Software AG)

S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2013-04-25] (Siemens Home and Office Communication Devices GmbH & Co. KG)

R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2015-06-07] (G Data Software)

R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [125952 2015-08-11] (G Data Software AG)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31384 2012-06-09] (VMware, Inc.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 

==================== Ein Monat: Erstellte Dateien und Ordner ========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 

2015-09-29 23:37 - 2015-09-29 23:38 - 00020354 _____ C:\Users\Thorsten\Desktop\FRST.txt

2015-09-29 23:28 - 2015-09-29 23:28 - 00000834 _____ C:\Users\Thorsten\Desktop\JRT.txt

2015-09-29 23:12 - 2015-09-29 23:12 - 00000994 _____ C:\Users\Thorsten\Desktop\AdwCleaner[C4].txt

2015-09-29 23:10 - 2015-09-29 23:10 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH

2015-09-29 23:01 - 2015-09-29 23:01 - 01670656 _____ C:\Users\Thorsten\Desktop\AdwCleaner_5.009.exe

2015-09-29 22:59 - 2015-09-29 22:59 - 00001213 _____ C:\Users\Thorsten\Desktop\mbam.txt

2015-09-29 22:01 - 2015-09-29 22:34 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Thorsten\Desktop\mbam-setup-2.1.8.1057.exe

2015-09-29 21:53 - 2015-09-29 23:09 - 00000022 _____ C:\Windows\S.dirmngr

2015-09-28 23:09 - 2015-09-28 23:09 - 00029041 _____ C:\ComboFix.txt

2015-09-28 21:57 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe

2015-09-28 21:57 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe

2015-09-28 21:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-09-28 21:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-09-28 21:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-09-28 21:57 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe

2015-09-28 21:57 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe

2015-09-28 21:57 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe

2015-09-28 21:56 - 2015-09-28 23:09 - 00000000 ____D C:\Qoobox

2015-09-28 21:56 - 2015-09-28 22:39 - 00000000 ____D C:\Windows\erdnt

2015-09-28 21:51 - 2015-09-28 21:52 - 05636489 ____R (Swearware) C:\Users\Thorsten\Desktop\ComboFix.exe

2015-09-27 23:20 - 2015-09-27 23:20 - 00000202 _____ C:\Users\Thorsten\Desktop\G*DATA Protokoll ID 4133.txt

2015-09-27 23:12 - 2015-09-27 23:12 - 00084469 _____ C:\Users\Thorsten\Desktop\Gmer.txt

2015-09-27 22:55 - 2015-09-27 22:56 - 00380416 _____ C:\Users\Thorsten\Desktop\Gmer-19357.exe

2015-09-27 22:41 - 2015-09-27 22:45 - 00057589 _____ C:\Users\Thorsten\Desktop\Additionalt.txt

2015-09-27 22:40 - 2015-09-27 22:45 - 00065342 _____ C:\Users\Thorsten\Desktop\FRSTalt.txt

2015-09-27 22:35 - 2015-09-29 23:37 - 00000000 ____D C:\FRST

2015-09-27 22:33 - 2015-09-27 22:33 - 02192384 _____ (Farbar) C:\Users\Thorsten\Desktop\FRST64.exe

2015-09-27 22:32 - 2015-09-27 22:32 - 00000548 _____ C:\Users\Thorsten\Desktop\defogger_disable.log

2015-09-27 22:32 - 2015-09-27 22:32 - 00000168 _____ C:\Users\Thorsten\defogger_reenable

2015-09-27 22:29 - 2015-09-27 22:29 - 00050477 _____ C:\Users\Thorsten\Desktop\Defogger.exe

2015-09-27 21:27 - 2015-09-22 19:06 - 01800512 _____ (Malwarebytes) C:\Users\Thorsten\Desktop\JRT.exe

2015-09-26 22:39 - 2015-09-29 22:40 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-09-26 22:38 - 2015-09-29 22:35 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-09-26 22:38 - 2015-09-29 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-09-26 22:38 - 2015-09-29 22:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-09-26 22:38 - 2015-09-26 22:38 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-09-26 22:38 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-09-26 22:38 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-09-26 22:38 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-09-18 21:12 - 2015-09-18 21:12 - 00001129 _____ C:\Users\Public\Desktop\OkayFreedom.lnk

2015-09-18 08:46 - 2015-09-18 08:46 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk

2015-09-18 08:46 - 2015-09-18 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-09-18 08:46 - 2015-09-18 08:46 - 00000000 ____D C:\Program Files\iTunes

2015-09-18 08:46 - 2015-09-18 08:46 - 00000000 ____D C:\Program Files\iPod

2015-09-18 08:46 - 2015-09-18 08:46 - 00000000 ____D C:\Program Files (x86)\iTunes

2015-09-18 08:44 - 2015-09-18 08:44 - 00000000 ____D C:\Windows\System32\Tasks\Apple

2015-09-18 08:44 - 2015-09-18 08:44 - 00000000 ____D C:\Program Files\Bonjour

2015-09-18 08:44 - 2015-09-18 08:44 - 00000000 ____D C:\Program Files (x86)\Bonjour

2015-09-18 08:44 - 2015-09-18 08:44 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2015-09-17 23:49 - 2015-09-17 23:49 - 00000000 ____D C:\Users\Thorsten\AppData\Local\FreeOCR

2015-09-17 23:44 - 2015-09-17 23:44 - 00002596 _____ C:\Users\Thorsten\AppData\Local\recently-used.xbel

2015-09-17 23:33 - 2015-09-17 23:46 - 00000000 ____D C:\FreeOCR

2015-09-17 23:33 - 2015-09-17 23:33 - 00000590 _____ C:\Users\Thorsten\Desktop\FreeOCR.lnk

2015-09-17 23:33 - 2015-09-17 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR

2015-09-17 23:33 - 2007-03-10 10:11 - 02680320 _____ (HiComponents) C:\Windows\SysWOW64\ImageEnXLibrary.ocx

2015-09-15 08:21 - 2015-09-15 08:21 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\PC-FAX TX

2015-09-09 19:27 - 2015-09-09 19:27 - 00000000 ____D C:\Windows\rescache

2015-09-09 09:54 - 2015-08-05 19:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2015-09-09 09:54 - 2015-08-05 19:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll

2015-09-09 09:54 - 2015-08-05 19:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll

2015-09-09 09:54 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

2015-09-09 09:54 - 2015-07-15 05:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-09-09 09:54 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2015-09-09 09:54 - 2015-07-09 19:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll

2015-09-09 09:54 - 2015-07-09 19:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll

2015-09-09 09:54 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll

2015-09-09 09:54 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll

2015-09-09 09:53 - 2015-08-18 03:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-09-09 09:53 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-09-09 09:53 - 2015-08-15 08:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-09-09 09:53 - 2015-08-15 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-09-09 09:53 - 2015-08-15 08:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-09-09 09:53 - 2015-08-15 08:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-09-09 09:53 - 2015-08-15 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-09-09 09:53 - 2015-08-15 08:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-09-09 09:53 - 2015-08-15 08:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-09-09 09:53 - 2015-08-15 08:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-09-09 09:53 - 2015-08-15 08:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-09-09 09:53 - 2015-08-15 08:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-09-09 09:53 - 2015-08-15 08:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-09-09 09:53 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-09-09 09:53 - 2015-08-15 08:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-09-09 09:53 - 2015-08-15 08:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-09-09 09:53 - 2015-08-15 08:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-09-09 09:53 - 2015-08-15 08:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-09-09 09:53 - 2015-08-15 08:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-09-09 09:53 - 2015-08-15 08:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-09-09 09:53 - 2015-08-15 07:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-09-09 09:53 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-09-09 09:53 - 2015-08-15 07:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-09-09 09:53 - 2015-08-15 07:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-09-09 09:53 - 2015-08-15 07:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-09-09 09:53 - 2015-08-15 07:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-09-09 09:53 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-09-09 09:53 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-09-09 09:53 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-09-09 09:53 - 2015-08-15 07:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-09-09 09:53 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-09-09 09:53 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-09-09 09:53 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-09-09 09:53 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-09-09 09:53 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-09-09 09:53 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-09-09 09:53 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-09-09 09:53 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-09-09 09:53 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-09-09 09:53 - 2015-08-15 07:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-09-09 09:53 - 2015-08-15 07:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-09-09 09:53 - 2015-08-15 07:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-09-09 09:53 - 2015-08-15 07:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-09-09 09:53 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-09-09 09:53 - 2015-08-15 07:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-09-09 09:53 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-09-09 09:53 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-09-09 09:53 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-09-09 09:53 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-09-09 09:53 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-09-09 09:53 - 2015-08-15 07:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-09-09 09:53 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-09-09 09:53 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-09-09 09:53 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-09-09 09:53 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-09-09 09:53 - 2015-08-15 06:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-09-09 09:53 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-09-09 09:53 - 2015-08-15 06:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-09-09 09:53 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-09-09 09:53 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-09-09 09:50 - 2015-09-02 05:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-09-09 09:50 - 2015-09-02 05:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-09-09 09:50 - 2015-09-02 05:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-09-09 09:50 - 2015-09-02 05:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-09-09 09:50 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2015-09-09 09:50 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-09-09 09:50 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2015-09-09 09:50 - 2015-09-02 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2015-09-09 09:50 - 2015-09-02 03:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-09-09 09:50 - 2015-09-02 03:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-09-09 09:50 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-09-09 09:50 - 2015-08-27 20:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2015-09-09 09:50 - 2015-08-27 20:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-09-09 09:50 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2015-09-09 09:50 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2015-09-09 09:50 - 2015-08-27 19:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2015-09-09 09:50 - 2015-08-27 19:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2015-09-09 09:50 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll

2015-09-09 09:50 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-09-09 09:50 - 2015-08-26 20:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-09-09 09:50 - 2015-08-26 20:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-09-09 09:50 - 2015-08-26 20:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-09-09 09:50 - 2015-08-26 20:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-09-09 09:50 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-09-09 09:50 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-09-09 09:50 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-09-09 09:50 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-09-09 09:50 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-09-09 09:50 - 2015-08-04 20:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2015-09-09 09:50 - 2015-08-04 20:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2015-09-09 09:50 - 2015-08-04 19:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-09-09 09:50 - 2015-08-04 19:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-09-09 09:50 - 2015-08-04 19:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-09-09 09:50 - 2015-08-04 19:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-09-09 09:50 - 2015-08-04 19:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-09-09 09:50 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2015-09-09 09:50 - 2015-08-04 18:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-09-09 09:50 - 2015-07-23 02:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-09-09 09:50 - 2015-07-23 02:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-09-09 09:50 - 2015-07-23 02:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-09-09 09:50 - 2015-07-23 02:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-09-09 09:50 - 2015-07-23 02:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-09-09 09:50 - 2015-07-23 02:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-09-09 09:50 - 2015-07-23 02:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-09-09 09:50 - 2015-07-23 02:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-09-09 09:50 - 2015-07-23 02:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-09-09 09:50 - 2015-07-23 02:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-09-09 09:50 - 2015-07-23 02:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-09-09 09:50 - 2015-07-23 02:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-09-09 09:50 - 2015-07-23 02:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-09-09 09:50 - 2015-07-23 01:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-09-09 09:50 - 2015-07-23 01:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-09-09 09:50 - 2015-07-22 19:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-09-09 09:50 - 2015-07-22 19:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-09-09 09:50 - 2015-07-22 19:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-09-09 09:50 - 2015-07-22 19:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-09-09 09:50 - 2015-07-22 19:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-09-09 09:50 - 2015-07-22 19:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-09-09 09:50 - 2015-07-22 19:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 18:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll

2015-09-09 09:50 - 2015-07-22 18:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2015-09-09 09:50 - 2015-07-22 18:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2015-09-09 09:50 - 2015-07-22 18:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2015-09-09 09:50 - 2015-07-22 18:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-09-09 09:50 - 2015-07-22 18:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-09-09 09:50 - 2015-07-22 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-09-09 09:50 - 2015-06-25 12:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2015-09-09 09:50 - 2015-06-25 12:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2015-09-09 09:50 - 2015-06-25 12:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2015-09-09 09:50 - 2015-06-25 11:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2015-09-04 17:34 - 2015-09-04 17:44 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\RavensburgerTipToi

2015-09-04 17:34 - 2015-09-04 17:34 - 00001072 _____ C:\Users\Thorsten\Desktop\tiptoi.lnk

2015-09-04 17:34 - 2015-09-04 17:34 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager

2015-09-04 17:34 - 2015-09-04 17:34 - 00000000 ____D C:\ProgramData\RavensburgerTipToi

2015-09-04 17:34 - 2015-09-04 17:34 - 00000000 ____D C:\Program Files (x86)\Ravensburger tiptoi
 

==================== Ein Monat: Geänderte Dateien und Ordner ========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 

2015-09-29 23:17 - 2009-07-14 06:45 - 00031872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-09-29 23:17 - 2009-07-14 06:45 - 00031872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-09-29 23:14 - 2011-04-12 09:43 - 00702116 _____ C:\Windows\system32\perfh007.dat

2015-09-29 23:14 - 2011-04-12 09:43 - 00150782 _____ C:\Windows\system32\perfc007.dat

2015-09-29 23:14 - 2009-07-14 07:13 - 01628866 _____ C:\Windows\system32\PerfStringBackup.INI

2015-09-29 23:12 - 2012-04-27 23:43 - 01827203 _____ C:\Windows\WindowsUpdate.log

2015-09-29 23:10 - 2014-12-26 11:33 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\Steganos VPN

2015-09-29 23:10 - 2012-04-29 22:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-09-29 23:09 - 2014-09-08 08:05 - 00038141 _____ C:\Windows\setupact.log

2015-09-29 23:09 - 2012-07-14 21:35 - 00000000 ____D C:\ProgramData\VMware

2015-09-29 23:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-09-29 23:08 - 2014-10-28 22:24 - 00000000 ____D C:\AdwCleaner

2015-09-29 22:58 - 2012-04-29 22:04 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-09-28 23:13 - 2014-09-08 08:05 - 00014000 _____ C:\Windows\PFRO.log

2015-09-28 23:07 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini

2015-09-28 22:40 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default

2015-09-28 22:05 - 2012-05-05 13:31 - 00000000 ____D C:\ProgramData\Temp

2015-09-28 10:27 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2015-09-28 10:26 - 2012-05-02 18:02 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\gSyncit

2015-09-28 10:16 - 2015-08-25 21:47 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\gnupg

2015-09-28 10:16 - 2013-02-03 00:21 - 00000000 ____D C:\Users\Thorsten\AppData\Local\2CC90263-1882-4F5C-8A1C-98D4D2B885D0.aplzod

2015-09-28 09:59 - 2014-10-04 00:45 - 00000034 _____ C:\Windows\SysWOW64\BD8860DN.DAT

2015-09-28 09:59 - 2012-04-29 21:36 - 00000432 _____ C:\Windows\BRWMARK.INI

2015-09-27 22:32 - 2012-04-27 23:43 - 00000000 ____D C:\Users\Thorsten

2015-09-27 21:30 - 2013-12-11 16:45 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\IObit

2015-09-27 09:44 - 2012-06-24 21:39 - 00000000 ____D C:\Windows\Downloaded Installations

2015-09-25 22:58 - 2015-01-15 23:34 - 00000000 ____D C:\Users\Thorsten\AppData\Local\Wunderlist

2015-09-24 13:32 - 2012-04-29 00:28 - 00000000 ____D C:\Users\Thorsten\AppData\Local\Google

2015-09-23 23:28 - 2012-05-17 22:32 - 00019456 _____ C:\Users\Thorsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-09-21 22:58 - 2012-04-29 21:49 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-09-21 22:58 - 2012-04-29 21:49 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-09-21 22:27 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-09-20 21:27 - 2014-03-04 09:41 - 00000000 ____D C:\Users\Thorsten\AppData\Local\FRITZ!

2015-09-18 21:12 - 2015-02-09 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom

2015-09-18 21:12 - 2014-12-26 11:33 - 00000000 ____D C:\Program Files (x86)\OkayFreedom

2015-09-18 08:46 - 2012-05-11 22:37 - 00000000 ____D C:\Program Files\Common Files\Apple

2015-09-18 08:44 - 2014-01-24 23:49 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2015-09-17 23:45 - 2012-06-25 23:32 - 00000000 ____D C:\Users\Thorsten\.gimp-2.8

2015-09-15 08:22 - 2012-04-29 21:36 - 00000804 _____ C:\Windows\Brpfx04a.ini

2015-09-15 07:53 - 2012-04-29 22:04 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-09-15 07:53 - 2012-04-29 22:04 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-09-09 18:47 - 2009-07-14 06:45 - 00426288 _____ C:\Windows\system32\FNTCACHE.DAT

2015-09-09 18:46 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal

2015-09-09 18:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2015-09-09 10:29 - 2013-08-14 19:36 - 00000000 ____D C:\Windows\system32\MRT

2015-09-09 10:29 - 2012-04-29 09:11 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-09-01 22:06 - 2012-05-05 13:34 - 00000000 ____D C:\Users\Thorsten\AppData\Local\Apple
 

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
 

2014-08-08 22:09 - 2014-08-08 22:09 - 0000000 _____ () C:\Users\Thorsten\AppData\Roaming\gdfw.log

2014-08-08 22:09 - 2014-08-08 22:09 - 0000779 _____ () C:\Users\Thorsten\AppData\Roaming\gdscan.log

2015-06-20 01:14 - 2015-06-23 22:49 - 0000154 _____ () C:\Users\Thorsten\AppData\Roaming\Rim.Desktop.Exception.log

2015-06-20 01:13 - 2015-06-20 01:13 - 0001153 _____ () C:\Users\Thorsten\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

2015-06-20 01:14 - 2015-06-23 22:49 - 0000154 _____ () C:\Users\Thorsten\AppData\Roaming\Rim.DesktopHelper.Exception.log

2012-05-17 22:32 - 2015-09-23 23:28 - 0019456 _____ () C:\Users\Thorsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-09-17 23:44 - 2015-09-17 23:44 - 0002596 _____ () C:\Users\Thorsten\AppData\Local\recently-used.xbel

2012-05-05 13:48 - 2012-05-05 13:48 - 0007666 _____ () C:\Users\Thorsten\AppData\Local\Resmon.ResmonCfg
 

Einige Dateien in TEMP:

====================

C:\Users\Thorsten\AppData\Local\Temp\NOSEventMessages.dll

C:\Users\Thorsten\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap =================
 

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
 

C:\Windows\system32\winlogon.exe => Datei ist digital signiert

C:\Windows\system32\wininit.exe => Datei ist digital signiert

C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert

C:\Windows\explorer.exe => Datei ist digital signiert

C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert

C:\Windows\system32\svchost.exe => Datei ist digital signiert

C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert

C:\Windows\system32\services.exe => Datei ist digital signiert

C:\Windows\system32\User32.dll => Datei ist digital signiert

C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert

C:\Windows\system32\userinit.exe => Datei ist digital signiert

C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert

C:\Windows\system32\rpcss.dll => Datei ist digital signiert

C:\Windows\system32\dnsapi.dll => Datei ist digital signiert

C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert

C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
 
 

LastRegBack: 2015-09-21 23:13
 

==================== Ende von FRST.txt ============================

Gruß,
Thorsten

Ach so, hatte ich ganz vergessen :-). Die Meldung von G Data kam nicht mehr nach Combofix.

schrauber

30.09.2015 19:35

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Thorsten_

02.10.2015 07:08

Hallo Schrauber, hier die ESET log Datei:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=0e71b7134356954d824413e2e3b1da6f

# end=init

# utc_time=2015-10-01 08:05:13

# local_time=2015-10-01 10:05:13 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# osver=6.1.7601 NT Service Pack 1

Update Init

Update Download

Update Finalize

Updated modules version: 26036

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=0e71b7134356954d824413e2e3b1da6f

# end=updated

# utc_time=2015-10-01 08:18:04

# local_time=2015-10-01 10:18:04 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# osver=6.1.7601 NT Service Pack 1

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7777

# api_version=3.1.1

# EOSSerial=0e71b7134356954d824413e2e3b1da6f

# engine=26036

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-10-01 10:41:00

# local_time=2015-10-02 12:41:00 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='G DATA INTERNET SECURITY'

# compatibility_mode=4112 16777213 100 100 14496 19339264 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 182557 195369110 0 0

# scanned=881785

# found=7

# cleaned=0

# scan_time=8574

sh=1176305BF4CCF3EF786D3148569D342CFEE26BEB ft=0 fh=0000000000000000 vn="JS/Adware.Spigot.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx.vir"

sh=43A205985790C47A7E611FA2D3CAB9B4EB59121F ft=1 fh=5bd497922ffc5928 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thorsten\AppData\Local\Babylon\Setup\BExternal.dll.vir"

sh=1B2801DD02E9D9B7F27789ED161BC1761943E921 ft=1 fh=8073091e54552e56 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thorsten\AppData\Local\Babylon\Setup\IECookieLow.dll.vir"

sh=3A9D7D4639B5EB8BEC42DF972C44493690EAADFC ft=1 fh=b8a59cf28e1dc165 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thorsten\AppData\Local\Babylon\Setup\Setup.exe.vir"

sh=F24B0F26E05A72E7F43A1BA3C258F04750A5931F ft=0 fh=0000000000000000 vn="JS/Adware.Spigot.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\r28c51jj.default-1391730025297\Extensions\savingsslider@mybrowserbar.com\chrome\content\spigot.js.vir"

sh=023C71EA87DB7C032A736354D52EA1FFC02B2553 ft=1 fh=ef9908314b3d6e93 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="F:\Eigene Dateien\Thorsten\Install\Multimedia\Audiograbber\agsetup183se.exe"

sh=C2501DBCCB1A6CF87B72F459C198F9F28350B9DA ft=1 fh=bee377bc78651edd vn="Win32/HackTool.Wpakill.A Trojaner" ac=I fn="R:\Backup\Backup Cruzer Titanum 4GB\Data\Antiwpa-V3.4.6 for X64 and X86\AMD64\antiwpa.dll"

Security check log Datei:

Code:

 Results of screen317's Security Check version 1.008  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

G DATA INTERNET SECURITY   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 JavaFX 2.1.1    

 Java 7 Update 71  

 Java version 32-bit out of Date! 

 Adobe Reader XI  

 Mozilla Firefox 27.0.1 Firefox out of Date!  
 ````````Process Check: objlist.exe by Laurent````````  

 G Data InternetSecurity Firewall GDFwSvcx64.exe 

 G Data InternetSecurity Firewall GDFirewallTray.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

Die frische FRST:

Code:

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01

durchgeführt von Thorsten (Administrator) auf THORSTEN-PC-SSD (02-10-2015 08:06:45)

Gestartet von C:\Users\Thorsten\Desktop

Geladene Profile: Thorsten (Verfügbare Profile: Thorsten)

Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)

Internet Explorer Version 11 (Standard-Browser: IE)

Start-Modus: Normal

Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Prozesse (Nicht auf der Ausnahmeliste) =================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
 

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(STRATO) C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe

(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe

(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe

(TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe

(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe

(Dominik Reichl) F:\Eigene Dateien\Thorsten\Install\Tools\Passwortverwaltung\KeePass-2.16\KeePass.exe

(Fieldston Software) C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe

(Marius Lutz) C:\Program Files (x86)\Shutdown7\Shutdown7.exe

(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe

(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe

(Philips) C:\Program Files (x86)\Philips\Configo\2.1.7.0\Configo.exe

() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe

(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Joyent, Inc) C:\Users\Thorsten\AppData\Roaming\Steganos\OkayFreedom\Proxy\node.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_19_0_0_185_ActiveX.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe

(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

() C:\Users\Thorsten\Desktop\SecurityCheck.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
 

==================== Registry (Nicht auf der Ausnahmeliste) ===========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
 

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-03-20] (Realtek Semiconductor)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)

HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)

HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)

HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)

HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)

HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)

HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1864312 2015-06-16] (G DATA Software AG)

HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)

HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 

HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1963912 2015-07-23] (TomTom)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-04-29] (Google Inc.)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-05-07] (TrueCrypt Foundation)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [KeePass Password Safe 2] => F:\Eigene Dateien\Thorsten\Install\Tools\Passwortverwaltung\KeePass-2.16\KeePass.exe [1764352 2011-07-12] (Dominik Reichl)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [gSyncit] => C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [228352 2015-09-09] (Fieldston Software)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [Shutdown] => C:\Program Files (x86)\Shutdown7\Shutdown7.exe [2276864 2014-09-28] (Marius Lutz)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-04-26] (Apple Inc.)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [6601224 2015-09-10] (Steganos Software GmbH)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2012-07-18]

ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips Configo.lnk [2012-05-18]

ShortcutTarget: Philips Configo.lnk -> C:\Program Files (x86)\Philips\Configo\2.1.7.0\Configo.exe (Philips)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012-08-22]

ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
 

==================== Internet (Nicht auf der Ausnahmeliste) ====================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
 

AutoConfigURL: [S-1-5-21-1553145624-146524218-4249679610-1001] => hxxp://127.0.0.1:8445/okf.pac

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{BBA20A84-353E-4C25-9B52-ABDD82773A58}: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{CB18DCCC-3BA8-4717-AA5B-3B7174CBDBD4}: [DhcpNameServer] 192.168.178.1
 

Internet Explorer:

==================

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-24] (Oracle Corporation)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-24] (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)

Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

Toolbar: HKU\S-1-5-21-1553145624-146524218-4249679610-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

DPF: HKLM {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex64-2.2.6.2.cab

DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
 

FireFox:

========

FF ProfilePath: C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\r28c51jj.default-1391730025297

FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-13] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-21] (CANON INC.)

FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-24] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-24] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-12-21] ( )

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

FF Extension: OkayFreedom - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\r28c51jj.default-1391730025297\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2015-09-18]

FF Extension: Kein Name - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\r28c51jj.default-1391730025297\extensions\ascsurfingprotection@iobit.com [nicht gefunden]
 

==================== Dienste (Nicht auf der Ausnahmeliste) ========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2558072 2015-06-19] (G Data Software AG)

R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [966776 2015-06-16] (G Data Software AG)

R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [3711712 2015-06-16] (G Data Software AG)

R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [Datei ist nicht signiert]

R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-07-10] () [Datei ist nicht signiert]

R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]

S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]

R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3202368 2015-06-19] (G Data Software AG)

R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789624 2015-06-16] (G Data Software AG)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [345632 2015-09-10] (Steganos Software GmbH)

S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2013-08-22] (The OpenVPN Project)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()

R2 STRATO HiDrive Service; C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO) [Datei ist nicht signiert]

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)

R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-06-09] (VMware, Inc.) [Datei ist nicht signiert]

R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
 

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)

R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)

R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)

R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()

R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-17] (Disc Soft Ltd)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] () [Datei ist nicht signiert]

S3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [158720 2015-08-11] (G Data Software AG)

R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [27648 2015-04-22] (G Data Software AG)

R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-04-22] (G Data Software AG)

R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [230912 2015-08-11] (G Data Software AG)

R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [76288 2015-08-11] (G Data Software AG)

R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [65024 2015-08-11] (G Data Software AG)

S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2013-04-25] (Siemens Home and Office Communication Devices GmbH & Co. KG)

R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2015-06-07] (G Data Software)

R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [125952 2015-08-11] (G Data Software AG)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31384 2012-06-09] (VMware, Inc.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 

==================== Ein Monat: Erstellte Dateien und Ordner ========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 

2015-10-02 08:06 - 2015-10-02 08:06 - 00023772 _____ C:\Users\Thorsten\Desktop\FRST.txt

2015-10-02 07:57 - 2015-10-02 07:57 - 00852704 _____ C:\Users\Thorsten\Desktop\SecurityCheck.exe

2015-10-01 21:57 - 2015-10-01 21:57 - 02870984 _____ (ESET) C:\Users\Thorsten\Desktop\esetsmartinstaller_deu.exe

2015-10-01 20:39 - 2015-10-01 20:39 - 00000022 _____ C:\Windows\S.dirmngr

2015-09-29 23:38 - 2015-09-29 23:38 - 00047596 _____ C:\Users\Thorsten\Desktop\Additionalt2.txt

2015-09-29 23:37 - 2015-09-29 23:38 - 00061919 _____ C:\Users\Thorsten\Desktop\FRST 2.txt

2015-09-29 23:28 - 2015-09-29 23:28 - 00000834 _____ C:\Users\Thorsten\Desktop\JRT.txt

2015-09-29 23:12 - 2015-09-29 23:12 - 00000994 _____ C:\Users\Thorsten\Desktop\AdwCleaner[C4].txt

2015-09-29 23:10 - 2015-09-29 23:10 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH

2015-09-29 23:01 - 2015-09-29 23:01 - 01670656 _____ C:\Users\Thorsten\Desktop\AdwCleaner_5.009.exe

2015-09-29 22:59 - 2015-09-29 22:59 - 00001213 _____ C:\Users\Thorsten\Desktop\mbam.txt

2015-09-29 22:01 - 2015-09-29 22:34 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Thorsten\Desktop\mbam-setup-2.1.8.1057.exe

2015-09-28 23:09 - 2015-09-28 23:09 - 00029041 _____ C:\ComboFix.txt

2015-09-28 21:57 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe

2015-09-28 21:57 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe

2015-09-28 21:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-09-28 21:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-09-28 21:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-09-28 21:57 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe

2015-09-28 21:57 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe

2015-09-28 21:57 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe

2015-09-28 21:56 - 2015-09-28 23:09 - 00000000 ____D C:\Qoobox

2015-09-28 21:56 - 2015-09-28 22:39 - 00000000 ____D C:\Windows\erdnt

2015-09-28 21:51 - 2015-09-28 21:52 - 05636489 ____R (Swearware) C:\Users\Thorsten\Desktop\ComboFix.exe

2015-09-27 23:20 - 2015-09-27 23:20 - 00000202 _____ C:\Users\Thorsten\Desktop\G*DATA Protokoll ID 4133.txt

2015-09-27 23:12 - 2015-09-27 23:12 - 00084469 _____ C:\Users\Thorsten\Desktop\Gmer.txt

2015-09-27 22:55 - 2015-09-27 22:56 - 00380416 _____ C:\Users\Thorsten\Desktop\Gmer-19357.exe

2015-09-27 22:41 - 2015-09-27 22:45 - 00057589 _____ C:\Users\Thorsten\Desktop\Additionalt.txt

2015-09-27 22:40 - 2015-09-27 22:45 - 00065342 _____ C:\Users\Thorsten\Desktop\FRSTalt.txt

2015-09-27 22:35 - 2015-10-02 08:06 - 00000000 ____D C:\FRST

2015-09-27 22:33 - 2015-09-27 22:33 - 02192384 _____ (Farbar) C:\Users\Thorsten\Desktop\FRST64.exe

2015-09-27 22:32 - 2015-09-27 22:32 - 00000548 _____ C:\Users\Thorsten\Desktop\defogger_disable.log

2015-09-27 22:32 - 2015-09-27 22:32 - 00000168 _____ C:\Users\Thorsten\defogger_reenable

2015-09-27 22:29 - 2015-09-27 22:29 - 00050477 _____ C:\Users\Thorsten\Desktop\Defogger.exe

2015-09-27 21:27 - 2015-09-22 19:06 - 01800512 _____ (Malwarebytes) C:\Users\Thorsten\Desktop\JRT.exe

2015-09-26 22:39 - 2015-09-29 22:40 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-09-26 22:38 - 2015-09-29 22:35 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-09-26 22:38 - 2015-09-29 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-09-26 22:38 - 2015-09-29 22:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-09-26 22:38 - 2015-09-26 22:38 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-09-26 22:38 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-09-26 22:38 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-09-26 22:38 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-09-18 21:12 - 2015-09-18 21:12 - 00001129 _____ C:\Users\Public\Desktop\OkayFreedom.lnk

2015-09-18 08:46 - 2015-09-18 08:46 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk

2015-09-18 08:46 - 2015-09-18 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-09-18 08:46 - 2015-09-18 08:46 - 00000000 ____D C:\Program Files\iTunes

2015-09-18 08:46 - 2015-09-18 08:46 - 00000000 ____D C:\Program Files\iPod

2015-09-18 08:46 - 2015-09-18 08:46 - 00000000 ____D C:\Program Files (x86)\iTunes

2015-09-18 08:44 - 2015-09-18 08:44 - 00000000 ____D C:\Windows\System32\Tasks\Apple

2015-09-18 08:44 - 2015-09-18 08:44 - 00000000 ____D C:\Program Files\Bonjour

2015-09-18 08:44 - 2015-09-18 08:44 - 00000000 ____D C:\Program Files (x86)\Bonjour

2015-09-18 08:44 - 2015-09-18 08:44 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2015-09-17 23:49 - 2015-09-17 23:49 - 00000000 ____D C:\Users\Thorsten\AppData\Local\FreeOCR

2015-09-17 23:44 - 2015-09-17 23:44 - 00002596 _____ C:\Users\Thorsten\AppData\Local\recently-used.xbel

2015-09-17 23:33 - 2015-09-17 23:46 - 00000000 ____D C:\FreeOCR

2015-09-17 23:33 - 2015-09-17 23:33 - 00000590 _____ C:\Users\Thorsten\Desktop\FreeOCR.lnk

2015-09-17 23:33 - 2015-09-17 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR

2015-09-17 23:33 - 2007-03-10 10:11 - 02680320 _____ (HiComponents) C:\Windows\SysWOW64\ImageEnXLibrary.ocx

2015-09-15 08:21 - 2015-09-15 08:21 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\PC-FAX TX

2015-09-09 19:27 - 2015-09-09 19:27 - 00000000 ____D C:\Windows\rescache

2015-09-09 09:54 - 2015-08-05 19:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2015-09-09 09:54 - 2015-08-05 19:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll

2015-09-09 09:54 - 2015-08-05 19:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll

2015-09-09 09:54 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

2015-09-09 09:54 - 2015-07-15 05:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-09-09 09:54 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2015-09-09 09:54 - 2015-07-09 19:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll

2015-09-09 09:54 - 2015-07-09 19:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll

2015-09-09 09:54 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll

2015-09-09 09:54 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll

2015-09-09 09:53 - 2015-08-18 03:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-09-09 09:53 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-09-09 09:53 - 2015-08-15 08:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-09-09 09:53 - 2015-08-15 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-09-09 09:53 - 2015-08-15 08:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-09-09 09:53 - 2015-08-15 08:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-09-09 09:53 - 2015-08-15 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-09-09 09:53 - 2015-08-15 08:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-09-09 09:53 - 2015-08-15 08:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-09-09 09:53 - 2015-08-15 08:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-09-09 09:53 - 2015-08-15 08:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-09-09 09:53 - 2015-08-15 08:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-09-09 09:53 - 2015-08-15 08:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-09-09 09:53 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-09-09 09:53 - 2015-08-15 08:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-09-09 09:53 - 2015-08-15 08:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-09-09 09:53 - 2015-08-15 08:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-09-09 09:53 - 2015-08-15 08:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-09-09 09:53 - 2015-08-15 08:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-09-09 09:53 - 2015-08-15 08:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-09-09 09:53 - 2015-08-15 07:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-09-09 09:53 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-09-09 09:53 - 2015-08-15 07:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-09-09 09:53 - 2015-08-15 07:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-09-09 09:53 - 2015-08-15 07:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-09-09 09:53 - 2015-08-15 07:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-09-09 09:53 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-09-09 09:53 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-09-09 09:53 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-09-09 09:53 - 2015-08-15 07:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-09-09 09:53 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-09-09 09:53 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-09-09 09:53 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-09-09 09:53 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-09-09 09:53 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-09-09 09:53 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-09-09 09:53 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-09-09 09:53 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-09-09 09:53 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-09-09 09:53 - 2015-08-15 07:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-09-09 09:53 - 2015-08-15 07:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-09-09 09:53 - 2015-08-15 07:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-09-09 09:53 - 2015-08-15 07:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-09-09 09:53 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-09-09 09:53 - 2015-08-15 07:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-09-09 09:53 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-09-09 09:53 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-09-09 09:53 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-09-09 09:53 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-09-09 09:53 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-09-09 09:53 - 2015-08-15 07:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-09-09 09:53 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-09-09 09:53 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-09-09 09:53 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-09-09 09:53 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-09-09 09:53 - 2015-08-15 06:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-09-09 09:53 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-09-09 09:53 - 2015-08-15 06:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-09-09 09:53 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-09-09 09:53 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-09-09 09:50 - 2015-09-02 05:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-09-09 09:50 - 2015-09-02 05:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-09-09 09:50 - 2015-09-02 05:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-09-09 09:50 - 2015-09-02 05:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-09-09 09:50 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2015-09-09 09:50 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-09-09 09:50 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2015-09-09 09:50 - 2015-09-02 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2015-09-09 09:50 - 2015-09-02 03:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-09-09 09:50 - 2015-09-02 03:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-09-09 09:50 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-09-09 09:50 - 2015-08-27 20:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2015-09-09 09:50 - 2015-08-27 20:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-09-09 09:50 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2015-09-09 09:50 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2015-09-09 09:50 - 2015-08-27 19:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2015-09-09 09:50 - 2015-08-27 19:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2015-09-09 09:50 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll

2015-09-09 09:50 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-09-09 09:50 - 2015-08-26 20:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-09-09 09:50 - 2015-08-26 20:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-09-09 09:50 - 2015-08-26 20:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-09-09 09:50 - 2015-08-26 20:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-09-09 09:50 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-09-09 09:50 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-09-09 09:50 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-09-09 09:50 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-09-09 09:50 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-09-09 09:50 - 2015-08-04 20:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2015-09-09 09:50 - 2015-08-04 20:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2015-09-09 09:50 - 2015-08-04 19:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-09-09 09:50 - 2015-08-04 19:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-09-09 09:50 - 2015-08-04 19:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-09-09 09:50 - 2015-08-04 19:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-09-09 09:50 - 2015-08-04 19:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-09-09 09:50 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2015-09-09 09:50 - 2015-08-04 18:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-09-09 09:50 - 2015-07-23 02:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-09-09 09:50 - 2015-07-23 02:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-09-09 09:50 - 2015-07-23 02:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-09-09 09:50 - 2015-07-23 02:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-09-09 09:50 - 2015-07-23 02:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-09-09 09:50 - 2015-07-23 02:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-09-09 09:50 - 2015-07-23 02:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-09-09 09:50 - 2015-07-23 02:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-09-09 09:50 - 2015-07-23 02:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-09-09 09:50 - 2015-07-23 02:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-09-09 09:50 - 2015-07-23 02:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-09-09 09:50 - 2015-07-23 02:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-09-09 09:50 - 2015-07-23 02:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-09-09 09:50 - 2015-07-23 01:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-09-09 09:50 - 2015-07-23 01:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-09-09 09:50 - 2015-07-22 19:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-09-09 09:50 - 2015-07-22 19:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-09-09 09:50 - 2015-07-22 19:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-09-09 09:50 - 2015-07-22 19:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-09-09 09:50 - 2015-07-22 19:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-09-09 09:50 - 2015-07-22 19:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-09-09 09:50 - 2015-07-22 19:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 18:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll

2015-09-09 09:50 - 2015-07-22 18:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2015-09-09 09:50 - 2015-07-22 18:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2015-09-09 09:50 - 2015-07-22 18:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2015-09-09 09:50 - 2015-07-22 18:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-09-09 09:50 - 2015-07-22 18:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-09-09 09:50 - 2015-07-22 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-09-09 09:50 - 2015-06-25 12:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2015-09-09 09:50 - 2015-06-25 12:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2015-09-09 09:50 - 2015-06-25 12:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2015-09-09 09:50 - 2015-06-25 11:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2015-09-04 17:34 - 2015-09-04 17:44 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\RavensburgerTipToi

2015-09-04 17:34 - 2015-09-04 17:34 - 00001072 _____ C:\Users\Thorsten\Desktop\tiptoi.lnk

2015-09-04 17:34 - 2015-09-04 17:34 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager

2015-09-04 17:34 - 2015-09-04 17:34 - 00000000 ____D C:\ProgramData\RavensburgerTipToi

2015-09-04 17:34 - 2015-09-04 17:34 - 00000000 ____D C:\Program Files (x86)\Ravensburger tiptoi
 

==================== Ein Monat: Geänderte Dateien und Ordner ========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 

2015-10-02 07:58 - 2012-04-29 22:04 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-10-02 07:58 - 2012-04-29 22:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-10-02 07:12 - 2012-04-27 23:43 - 01905753 _____ C:\Windows\WindowsUpdate.log

2015-10-01 21:38 - 2011-04-12 09:43 - 00702116 _____ C:\Windows\system32\perfh007.dat

2015-10-01 21:38 - 2011-04-12 09:43 - 00150782 _____ C:\Windows\system32\perfc007.dat

2015-10-01 21:38 - 2009-07-14 07:13 - 01628866 _____ C:\Windows\system32\PerfStringBackup.INI

2015-10-01 21:32 - 2009-07-14 06:45 - 00031872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-10-01 21:32 - 2009-07-14 06:45 - 00031872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-10-01 21:27 - 2014-12-26 11:33 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\Steganos VPN

2015-10-01 20:39 - 2014-09-08 08:05 - 00038309 _____ C:\Windows\setupact.log

2015-10-01 20:39 - 2012-07-14 21:35 - 00000000 ____D C:\ProgramData\VMware

2015-10-01 20:39 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-09-29 23:08 - 2014-10-28 22:24 - 00000000 ____D C:\AdwCleaner

2015-09-28 23:13 - 2014-09-08 08:05 - 00014000 _____ C:\Windows\PFRO.log

2015-09-28 23:07 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini

2015-09-28 22:40 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default

2015-09-28 22:05 - 2012-05-05 13:31 - 00000000 ____D C:\ProgramData\Temp

2015-09-28 10:27 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2015-09-28 10:26 - 2012-05-02 18:02 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\gSyncit

2015-09-28 10:16 - 2015-08-25 21:47 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\gnupg

2015-09-28 10:16 - 2013-02-03 00:21 - 00000000 ____D C:\Users\Thorsten\AppData\Local\2CC90263-1882-4F5C-8A1C-98D4D2B885D0.aplzod

2015-09-28 09:59 - 2014-10-04 00:45 - 00000034 _____ C:\Windows\SysWOW64\BD8860DN.DAT

2015-09-28 09:59 - 2012-04-29 21:36 - 00000432 _____ C:\Windows\BRWMARK.INI

2015-09-27 22:32 - 2012-04-27 23:43 - 00000000 ____D C:\Users\Thorsten

2015-09-27 21:30 - 2013-12-11 16:45 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\IObit

2015-09-27 09:44 - 2012-06-24 21:39 - 00000000 ____D C:\Windows\Downloaded Installations

2015-09-25 22:58 - 2015-01-15 23:34 - 00000000 ____D C:\Users\Thorsten\AppData\Local\Wunderlist

2015-09-24 13:32 - 2012-04-29 00:28 - 00000000 ____D C:\Users\Thorsten\AppData\Local\Google

2015-09-23 23:28 - 2012-05-17 22:32 - 00019456 _____ C:\Users\Thorsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-09-21 22:58 - 2012-04-29 21:49 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-09-21 22:58 - 2012-04-29 21:49 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-09-21 22:27 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-09-20 21:27 - 2014-03-04 09:41 - 00000000 ____D C:\Users\Thorsten\AppData\Local\FRITZ!

2015-09-18 21:12 - 2015-02-09 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom

2015-09-18 21:12 - 2014-12-26 11:33 - 00000000 ____D C:\Program Files (x86)\OkayFreedom

2015-09-18 08:46 - 2012-05-11 22:37 - 00000000 ____D C:\Program Files\Common Files\Apple

2015-09-18 08:44 - 2014-01-24 23:49 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2015-09-17 23:45 - 2012-06-25 23:32 - 00000000 ____D C:\Users\Thorsten\.gimp-2.8

2015-09-15 08:22 - 2012-04-29 21:36 - 00000804 _____ C:\Windows\Brpfx04a.ini

2015-09-15 07:53 - 2012-04-29 22:04 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-09-15 07:53 - 2012-04-29 22:04 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-09-09 18:47 - 2009-07-14 06:45 - 00426288 _____ C:\Windows\system32\FNTCACHE.DAT

2015-09-09 18:46 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal

2015-09-09 18:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2015-09-09 10:29 - 2013-08-14 19:36 - 00000000 ____D C:\Windows\system32\MRT

2015-09-09 10:29 - 2012-04-29 09:11 - 00000000 ____D C:\ProgramData\Microsoft Help
 

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
 

2014-08-08 22:09 - 2014-08-08 22:09 - 0000000 _____ () C:\Users\Thorsten\AppData\Roaming\gdfw.log

2014-08-08 22:09 - 2014-08-08 22:09 - 0000779 _____ () C:\Users\Thorsten\AppData\Roaming\gdscan.log

2015-06-20 01:14 - 2015-06-23 22:49 - 0000154 _____ () C:\Users\Thorsten\AppData\Roaming\Rim.Desktop.Exception.log

2015-06-20 01:13 - 2015-06-20 01:13 - 0001153 _____ () C:\Users\Thorsten\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

2015-06-20 01:14 - 2015-06-23 22:49 - 0000154 _____ () C:\Users\Thorsten\AppData\Roaming\Rim.DesktopHelper.Exception.log

2012-05-17 22:32 - 2015-09-23 23:28 - 0019456 _____ () C:\Users\Thorsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-09-17 23:44 - 2015-09-17 23:44 - 0002596 _____ () C:\Users\Thorsten\AppData\Local\recently-used.xbel

2012-05-05 13:48 - 2012-05-05 13:48 - 0007666 _____ () C:\Users\Thorsten\AppData\Local\Resmon.ResmonCfg
 

Einige Dateien in TEMP:

====================

C:\Users\Thorsten\AppData\Local\Temp\NOSEventMessages.dll

C:\Users\Thorsten\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap =================
 

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
 

C:\Windows\system32\winlogon.exe => Datei ist digital signiert

C:\Windows\system32\wininit.exe => Datei ist digital signiert

C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert

C:\Windows\explorer.exe => Datei ist digital signiert

C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert

C:\Windows\system32\svchost.exe => Datei ist digital signiert

C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert

C:\Windows\system32\services.exe => Datei ist digital signiert

C:\Windows\system32\User32.dll => Datei ist digital signiert

C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert

C:\Windows\system32\userinit.exe => Datei ist digital signiert

C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert

C:\Windows\system32\rpcss.dll => Datei ist digital signiert

C:\Windows\system32\dnsapi.dll => Datei ist digital signiert

C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert

C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
 
 

LastRegBack: 2015-10-01 08:12
 

==================== Ende von FRST.txt ============================

Thorsten_

02.10.2015 07:17

... und die Addition.txt

Code:

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-09-2015 01

durchgeführt von Thorsten (2015-10-02 08:09:42)

Gestartet von C:\Users\Thorsten\Desktop

Windows 7 Professional Service Pack 1 (X64) (2012-04-27 21:43:28)

Start-Modus: Normal

==========================================================
 
 

==================== Konten: =============================
 

Administrator (S-1-5-21-1553145624-146524218-4249679610-500 - Administrator - Disabled)

Gast (S-1-5-21-1553145624-146524218-4249679610-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1553145624-146524218-4249679610-1002 - Limited - Enabled)

Thorsten (S-1-5-21-1553145624-146524218-4249679610-1001 - Administrator - Enabled) => C:\Users\Thorsten
 

==================== Sicherheits-Center ========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
 

AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}

AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: G*DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
 

==================== Installierte Programme ======================
 

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)

AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)

AM-DeadLink 4.6 (HKLM-x32\...\aignesamdeadlink_is1) (Version: 4.6 - www.aignes.com)

Angry Birds (HKLM-x32\...\{910D3FB9-E341-4DD9-B52A-3B3C0C340AF6}) (Version: 1.5.3 - Rovio)

Ankh (HKLM-x32\...\Ankh) (Version:  - )

Apple Application Support (32-Bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)

Apple Application Support (64-Bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

Areca (HKLM-x32\...\Areca) (Version:  - )

Art Effects for PDR10 (HKLM\...\NewBlue Art Effects for PDR10) (Version: 2.0 - NewBlue)

Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)

AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )

AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)

AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)

BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)

BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Brother MFL-Pro Suite MFC-8860DN (HKLM-x32\...\{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}) (Version: 1.0.0.0 - Brother Industries, Ltd.)

Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)

Bullzip PDF Printer 8.2.0.1406 (HKLM\...\Bullzip PDF Printer_is1) (Version: 8.2.0.1406 - Bullzip)

Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )

CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)

Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)

Canon iP4700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series) (Version:  - )

Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.3.0.14 - Canon Inc.)

Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.1.0.18 - Canon Inc.)

Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.2.0.34 - Canon Inc.)

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )

Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)

Canon Utilities Digital Photo Professional 3.6 (HKLM-x32\...\DPP) (Version: 3.6.0.0 - Canon Inc.)

Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)

Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)

Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)

Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.5.0.0 - Canon Inc.)

Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)

Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.3.1.8 - Canon Inc.)

Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.2.11 - Canon Inc.)

CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)

CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )

Configo (HKLM-x32\...\{9DDF445F-D818-4280-B182-41FAC10DB715}) (Version: 2.1.7.0 - Philips)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2231 - CyberLink Corp.)

CyberLink PowerDirector 10 (Version: 10.0.0.2231 - CyberLink Corp.) Hidden

CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.3320 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)

Documents To Go Desktop für iOS (HKLM-x32\...\DTGDesktop) (Version: 4.0001.010 - DataViz, Inc.)

DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )

DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)

elmeg Phone WIN-Tools V7.63 Beta 2 (HKLM-x32\...\InstallShield_{7CE806D5-C3E4-43C0-94B9-A6C88E7CA28A}) (Version: 7.63.0002 - Funkwerk Enterprise Communications GmbH)

elmeg Phone WIN-Tools V7.63 Beta 2 (Version: 7.63.0002 - Funkwerk Enterprise Communications GmbH) Hidden

ffdshow v1.3.4500 [2013-01-06] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4500.0 - )

Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)

Free Video Editor version 1.4.0.530 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.0.530 - DVDVideoSoft Ltd.)

FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)

FreeFileSync 6.8 (HKLM-x32\...\FreeFileSync) (Version: 6.8 - Zenju)

FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version:  - )

funkwerk WINUSB Driver V1.01 (HKLM\...\{BB649458-6732-4EE6-A7CC-A303677968FD}) (Version: 1.01.0000 - Funkwerk Enterprise Communications GmbH)

G DATA INTERNET SECURITY (HKLM-x32\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.8 - G DATA Software AG)

GetFoldersize 2.5.24 (HKLM-x32\...\GetFoldersize_is1) (Version: 2.5.24 - Michael Thummerer Software Design)

Gigaset QuickSync (HKLM\...\{b49e8cfb-f094-4467-925a-97c23972cb50}) (Version: 8.3.0868.3 - Gigaset Communications GmbH)

GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)

Gpg4win (2.2.5) (HKLM-x32\...\GPG4Win) (Version: 2.2.5 - The Gpg4win Project)

Grundschule Lernspass mit Hexe Lilli Deutsch Klasse 3+4 (HKLM-x32\...\Grundschule Lernspass mit Hexe Lilli Deutsch Klasse 3+4) (Version:  - )

Grundschule Lernspass mit Hexe Lilli Mathematik Klasse 3+4 (HKLM-x32\...\Grundschule Lernspass mit Hexe Lilli Mathematik Klasse 3+4) (Version:  - )

gSyncit (HKLM-x32\...\{97812291-FDA2-4654-BADE-60891483B4EF}) (Version: 4.1.40 - Fieldston Software)

Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )

HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )

HDR Projects platin (64-Bit) (HKLM\...\HDR Projects platin_is1) (Version: 1.23 - Franzis Verlag GmbH)

iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)

ImageMate 6 in 1 Read/Writer (HKLM-x32\...\{59719F49-219A-4C02-904A-BF18E1956419}) (Version:  - )

iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)

Japanese Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

Joe (HKLM-x32\...\{2F8C3308-46DC-4431-B1C0-5C579A5CADBE}) (Version: 3.08.0100 - Wirth IT Design)

Kaminfeuer Comprehensive Edition 1080 (HKLM-x32\...\ST5UNST #1) (Version:  - )

KeePass Password Safe 2.25 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)

Lidl-Fotos (HKLM-x32\...\Lidl-Fotos_is1) (Version:  - )

MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)

MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{4745C004-7D5D-42BB-816A-79BF29C3A65C}) (Version: 4.3.2.0 - MAGIX Software GmbH)

MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX Software GmbH) Hidden

MAGIX Music Maker 2013 (HKLM-x32\...\MX.{E7F7CA64-C0FC-4499-BC4D-C764E24CA67B}) (Version: 19.0.7.67 - MAGIX Software GmbH)

MAGIX Music Maker 2013 (Version: 19.0.7.67 - MAGIX Software GmbH) Hidden

MAGIX Music Maker 2013 Trial Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden

Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)

Mediaport (HKLM-x32\...\Mediaport) (Version:  - )

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)

MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden

MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden

MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden

MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MyDriveConnect 4.0.4.2260 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.4.2260 - TomTom)

NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)

Nokia Connectivity Cable Driver (HKLM-x32\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)

Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)

Nokia Suite (x32 Version: 3.7.22.0 - Nokia) Hidden

OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.6.2 - Steganos Software GmbH)

OpenVPN 2.3.2-I003  (HKLM\...\OpenVPN) (Version: 2.3.2-I003 - )

PaperPort (HKLM-x32\...\{71C97545-E547-4A8B-B0C8-61FF853270AC}) (Version: 9.02.0827 - ScanSoft, Inc.)

PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)

PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)

PowerDirector (Version: 10.00.0000 - CyberLink Corp.) Hidden

QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)

Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )

Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)

Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)

Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden

Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.1.0.11112_41 - Samsung Electronics Co., Ltd.)

Samsung Kies (x32 Version: 2.1.0.11112_41 - Samsung Electronics Co., Ltd.) Hidden

Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)

Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)

Security Task Manager 1.8d (HKLM-x32\...\Security Task Manager) (Version: 1.8d - Neuber Software)

Shutdown7 Version 2.1.2 (HKLM-x32\...\{37D95233-83D5-4511-8FFA-E6110FBB1F3E}_is1) (Version: 2.1.2 - Marius Lutz)

Siggi Blitz Vorschule 1 (HKLM-x32\...\Siggi Blitz Vorschule 1_is1) (Version:  - Paletti)

SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)

SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden

STRATO HiDrive (remove only) (HKLM-x32\...\STRATO HiDrive) (Version:  - STRATO AG)

TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )

Task Coach 1.3.38 (HKLM-x32\...\Task Coach_is1) (Version:  - Frank Niessink, Jerome Laheurte, and Aaron Wolf)

TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)

Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)

TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)

VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden

VMware Player (HKLM-x32\...\VMware_Player) (Version: 4.0.4.30409 - VMware, Inc)

VMware Player (x32 Version: 4.0.4.30409 - VMware, Inc.) Hidden

WD Drive Utilities (HKLM-x32\...\{2F540611-6560-470F-924A-5F52EFA9156F}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)

WD Quick View (HKLM-x32\...\{948427A9-EC32-47A3-AA32-3C9EBA7C7E5D}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)

WD Security (HKLM-x32\...\{8A7B24E8-864E-4794-95C4-17644D0991AA}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows-Treiberpaket - Funkwerk (WinUSB) MyDeviceClass  (11/15/2010 1.0.0.2) (HKLM\...\71B1F586AD0C9816250D297A4E45C51B92B20C83) (Version: 11/15/2010 1.0.0.2 - Funkwerk)

Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)

WISO Steuer-Sparbuch 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)

WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)

WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{7A619227-116C-4B0F-97CE-B34E53D4E0BB}) (Version: 21.00.8480 - Buhl Data Service GmbH)

WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{FFF441EC-44A8-48D0-8B02-731FC7175305}) (Version: 22.00.8811 - Buhl Data Service GmbH)

Wunderlist - Wunderlist (HKLM-x32\...\Wunderlist Wunderlist) (Version: 3.4.3 - Wunderlist)

XMedia Recode Version 3.2.3.3 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.3.3 - XMedia Recode)
 

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 

==================== Wiederherstellungspunkte =========================
 

29-09-2015 21:58:13 Windows Update

29-09-2015 23:23:38 JRT Pre-Junkware Removal
 

==================== Hosts Inhalt: ===============================
 

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
 

2009-07-14 04:34 - 2015-09-28 22:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

Task: {03601431-604F-42C6-8511-403DC502EA31} - System32\Tasks\Areca Backup monatlich => F:\Eigene Dateien\Thorsten\Andere Benutzer\Thorsten\IT und TK\Backup\97364814_every_28_days.bat [2014-10-23] ()

Task: {0F0A1301-B3E1-429C-921E-0D0B45DA8A80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {18280E33-486C-487B-8869-52A111BE1376} - System32\Tasks\Areca Backup täglich => F:\Eigene Dateien\Thorsten\Andere Benutzer\Thorsten\IT und TK\Backup\97364814_every_1_days.bat [2014-10-23] ()

Task: {25136AB6-61B4-4D76-9FA6-6F7502B2F20D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

Task: {3E74C2A3-0542-4279-BDA3-59BEF5E05108} - System32\Tasks\Areca Backup wöchentlich => F:\Eigene Dateien\Thorsten\Andere Benutzer\Thorsten\IT und TK\Backup\97364814_every_7_days.bat [2014-10-23] ()

Task: {4A2486D8-4B77-412A-9E92-205E7C3FE7DB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {4C12C8F9-55FF-4AB7-8CC7-83769ECA3F07} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

Task: {62871875-F7AE-4774-A475-098B90B397C3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

Task: {7184E9AE-B01E-4582-8E63-5C9110F168C2} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {82DE5D07-9962-401D-9866-53F04A1CC62B} - System32\Tasks\{FCF98728-23EA-47B7-85E4-20F7C0F4D4E9} => C:\Program Files (x86)\Elaborate Bytes\CloneCD\CloneCD.exe

Task: {86EED966-CA97-4FA3-AD8A-1D465CEE2194} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {ADD511ED-2FC4-4900-AB0F-B172B6800413} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {AF20CA7C-EF74-497D-9EA2-8BF47C51EA59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {B6659BDA-0AA0-4CF2-B3A0-BAB83669679E} - System32\Tasks\{9051820C-5BAA-4C92-B9AB-339E430CB551} => pcalua.exe -a "C:\Program Files (x86)\ScanSoft\PaperPort\ptdntins.exe"

Task: {EDBC1990-8CD7-4D9D-8170-CEFFDE262409} - System32\Tasks\{C155EAD2-073D-46A6-834A-C74306E538F2} => pcalua.exe -a "C:\Users\Thorsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0OV4JJIY\AudibleDM_iTunesSetup.exe" -d C:\Users\Thorsten\Desktop

Task: {F5A58AA2-9B47-46A4-86B8-44C3D1F7E8A5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
 

2014-03-04 09:37 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll

2014-03-04 09:37 - 2006-02-22 11:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2015-07-10 12:11 - 2015-07-10 12:11 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

2012-05-17 11:18 - 2012-04-24 18:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe

2015-06-16 11:17 - 2015-06-16 11:17 - 00382584 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll

2011-07-31 18:39 - 2011-07-12 10:01 - 00307200 _____ () F:\Eigene Dateien\Thorsten\Install\Tools\Passwortverwaltung\KeePass-2.16\KeePass.XmlSerializers.dll

2013-11-25 18:12 - 2014-07-02 10:13 - 01427736 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe

2012-04-29 21:35 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll

2015-07-10 11:57 - 2015-07-10 11:57 - 00221696 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll

2015-07-10 11:51 - 2015-07-10 11:51 - 00087040 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll

2015-07-10 11:43 - 2015-07-10 11:43 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll

2015-07-10 11:57 - 2015-07-10 11:57 - 00070656 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll

2015-07-10 11:59 - 2015-07-10 11:59 - 00744448 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll

2012-06-09 02:36 - 2012-06-09 02:36 - 01229464 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll

2015-09-15 14:25 - 2015-09-15 14:25 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 08507384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 02354168 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 01014776 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00364536 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 02481144 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 01347064 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00206328 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 02653176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00033272 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00035832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00207352 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 11166712 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00276984 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll

2012-12-21 16:29 - 2012-12-21 16:29 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll

2012-12-21 16:29 - 2012-12-21 16:29 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll

2012-12-21 18:56 - 2012-12-21 18:56 - 00438264 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00446456 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00520696 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00720888 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll

2012-12-21 18:56 - 2012-12-21 18:56 - 00606200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00093176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll

2012-12-21 16:29 - 2012-12-21 16:29 - 00110080 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll

2015-07-23 10:59 - 2015-07-23 10:59 - 00140288 _____ () C:\Program Files (x86)\MyDrive Connect\quazip.dll

2014-09-11 17:06 - 2014-09-11 17:06 - 00878592 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00032256 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00027648 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00381952 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00204800 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00218112 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll

2014-09-11 17:08 - 2014-09-11 17:08 - 00015872 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00015360 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll

2014-09-11 17:15 - 2014-09-11 17:15 - 00307712 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll

2014-09-11 17:15 - 2014-09-11 17:15 - 00014848 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll

2014-09-11 17:15 - 2014-09-11 17:15 - 00252928 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00036352 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll

2014-09-11 17:06 - 2014-09-11 17:06 - 00038912 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll

2015-05-30 22:34 - 2011-04-18 09:46 - 00285696 _____ () C:\Program Files (x86)\Shutdown7\WPFToolkit.Extended.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 00088064 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\QtSolutions_SingleApplication-2.6.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 00011362 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\mingwm10.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 00043008 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\libgcc_s_dw2-1.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 02411520 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\QtCore4.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 09489920 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\QtGui4.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 01135616 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\QtNetwork4.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 00398336 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\QtXml4.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 00179712 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\QtSolutions_SOAP-2.7.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 09789208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll

2013-11-25 18:10 - 2014-07-02 10:14 - 03880216 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 02738456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 02116376 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01932568 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 04326168 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll

2013-11-25 18:10 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll

2013-11-25 18:10 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll

2013-11-25 18:10 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01564952 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 05291288 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01698584 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01809688 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01627928 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01341208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01309464 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 07340824 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01286936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
 

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
 
 

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
 
 

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
 
 

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
 

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com

IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com

IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com

IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info

IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com

IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net

IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net

IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com

IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com

IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com

IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com

IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com

IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz

IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net

IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com
 

Da befinden sich 4788 mehr eingeschränkte Seiten.
 

==================== Andere Bereiche ============================
 

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Thorsten\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.178.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall ist deaktiviert.
 

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
 

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 
 

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{786F2C49-A09E-4BAA-A02F-F42E53A75627}] => (Allow) C:\Program Files (x86)\Brother\Brmfl05c\FAXRX.exe

FirewallRules: [{229E1F92-A8DC-4B5C-AAD4-A22584BA912F}] => (Allow) C:\Program Files (x86)\Brother\Brmfl05c\FAXRX.exe

FirewallRules: [{F64B86A4-C359-480A-BA9E-4707C54FBCB6}] => (Allow) LPort=54925

FirewallRules: [{4F20E569-DBBE-4CD8-A83C-A54F9145C325}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

FirewallRules: [{5B2ACB7F-D6A7-4424-875C-B6525136ED84}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

FirewallRules: [{D0E87458-DCC1-4CE8-80BD-45C240AE9525}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

FirewallRules: [{10A8E631-2B29-4EC5-898E-7754962699C4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

FirewallRules: [TCP Query User{785794A0-0720-4EFA-B2A0-47810EB921D7}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe

FirewallRules: [UDP Query User{193D045D-0530-48DA-BEA3-566EA6EC3663}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe

FirewallRules: [{26055A18-230C-4873-98EC-C081614A16A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{8172ECB3-D45B-4A53-8B37-E77ABC8EA2BB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{1DAB8DFD-332A-4277-9F11-EF8297343F04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{8B36766C-B8EB-4D5A-94EC-3B3F4F21F6F3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{BB41935E-6C0D-4F1B-9216-57B9D09E30E4}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE

FirewallRules: [{93EAE340-B1B9-4297-ADEB-16BA6C4E5889}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{C95642E6-5E90-41D3-9BAC-EC48F5BDEC3E}] => (Allow) LPort=2869

FirewallRules: [{9165F8DE-2173-43ED-8D05-A9DF9A50DB1A}] => (Allow) LPort=1900

FirewallRules: [{B048EA78-B549-42B0-81CD-6A3353025963}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

FirewallRules: [{A5C401FD-3144-46A8-9334-123FDF22CB44}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

FirewallRules: [{62E850E4-4077-4186-BD3E-02DA13B94D37}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe

FirewallRules: [{8F4321AE-EB5C-42DF-9C9A-F50A4B1EAC21}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe

FirewallRules: [{95F629B1-67CE-473A-B276-5DC56B9FB10B}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe

FirewallRules: [{39DEFA3C-C433-47FE-8117-16ECC040ABD2}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe

FirewallRules: [{94847366-37EA-44A1-B1A0-0785A1E13CCD}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{1C003368-3A32-432E-92C2-AC283616F176}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [TCP Query User{02DF6646-4F32-4FDB-8B41-E112952F2C3B}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe

FirewallRules: [UDP Query User{21041C26-C6B7-4419-88D6-32097132D404}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe

FirewallRules: [{B45459F5-71E6-41F2-92C5-5B19E265D008}] => (Block) C:\program files\openvpn\bin\openvpn.exe

FirewallRules: [{8B276753-F802-4D1A-A285-E4375C5F9FE8}] => (Block) C:\program files\openvpn\bin\openvpn.exe

FirewallRules: [TCP Query User{789C4396-8391-4A54-9938-AFF152DEDA91}C:\users\thorsten\appdata\local\temp\_istmp2.dir\_ins5576._mp] => (Allow) C:\users\thorsten\appdata\local\temp\_istmp2.dir\_ins5576._mp

FirewallRules: [UDP Query User{70A7036D-C223-4AAA-9E81-58DFCAF7CC9D}C:\users\thorsten\appdata\local\temp\_istmp2.dir\_ins5576._mp] => (Allow) C:\users\thorsten\appdata\local\temp\_istmp2.dir\_ins5576._mp

FirewallRules: [{5D8B56C0-E491-4F98-9697-269CC000A430}] => (Block) C:\users\thorsten\appdata\local\temp\_istmp2.dir\_ins5576._mp

FirewallRules: [{5DFB3188-9CB0-4A3B-A2F8-BA3DAD4444C2}] => (Block) C:\users\thorsten\appdata\local\temp\_istmp2.dir\_ins5576._mp

FirewallRules: [TCP Query User{AB63F857-1C8A-466E-8F65-F748914163E7}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe

FirewallRules: [UDP Query User{EC91B8B9-919D-4E49-A088-7FA4FEA51DE3}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe

FirewallRules: [{FC39D6BA-19A0-4B88-8402-EFE560075D54}] => (Block) C:\program files (x86)\fritz!\frifax32.exe

FirewallRules: [{9FD9E172-F7BC-4615-A637-373F54A32693}] => (Block) C:\program files (x86)\fritz!\frifax32.exe

FirewallRules: [{0617755E-D8C4-4F4C-9597-8F537E595433}] => (Allow) C:\Program Files (x86)\Brother\Brmfl05c\FAXRX.exe

FirewallRules: [{96B08EAB-1B54-4EC7-9D1A-9D8B999EE81B}] => (Allow) C:\Program Files (x86)\Brother\Brmfl05c\FAXRX.exe

FirewallRules: [{F5B095D5-77FA-4965-B18A-BF35E17D87A3}] => (Allow) LPort=54925

FirewallRules: [{5D290E12-D126-42FC-B2CD-848554077966}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{301B9949-41DE-490E-9ED3-4BAC1DD2C744}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{AB25209A-63BB-4DFA-A968-EB68D9A7B44C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{78758E49-E6E2-417A-BCCC-E6A353D4679D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{FF6900D8-79A4-419A-9BA7-C75EA0F0F502}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

FirewallRules: [{3B8BA473-E80B-4FD4-A3B7-B413E50B5E21}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

FirewallRules: [{C6233F94-1062-430F-895A-5CA18DEEF678}] => (Allow) LPort=4481

FirewallRules: [{570512E3-84BB-4508-B778-E1505D2F065C}] => (Allow) LPort=4481

FirewallRules: [{EDBB8581-F206-4A42-9904-F58A0AC486F8}] => (Allow) LPort=4482

FirewallRules: [{6ABF50B2-08F5-4E67-B061-177A41E77D26}] => (Allow) LPort=4482

FirewallRules: [{0157406D-42A6-4909-875D-AA6CB4DE38A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{D7324AEC-24F1-4651-8DA7-DA138E370187}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{5A32BF07-57E0-4A22-9F1C-D646B5A6A322}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{F001E7B5-A5A1-4257-AFDF-1B731C467881}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{B8FE8193-13D4-490C-ABA2-65C67B4712D8}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{8F5FB7E4-0FD2-4156-839C-DF4CDCE7D2C1}] => (Allow) C:\Users\Thorsten\AppData\Roaming\Steganos\OkayFreedom\Proxy\node.exe
 

==================== Fehlerhafte Geräte im Gerätemanager =============
 
 

==================== Fehlereinträge in der Ereignisanzeige: =========================
 

Applikationsfehler:

==================

Error: (10/02/2015 07:57:37 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 

Error: (10/02/2015 07:51:50 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 

Error: (10/01/2015 10:03:52 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 

Error: (10/01/2015 10:01:57 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 

Error: (10/01/2015 10:01:57 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 

Error: (10/01/2015 10:01:57 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 

Error: (10/01/2015 09:57:59 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 

Error: (10/01/2015 09:18:30 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80004005
 

Error: (10/01/2015 08:41:09 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/01/2015 08:08:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80004005
 
 

Systemfehler:

=============

Error: (10/01/2015 10:18:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 

Error: (10/01/2015 10:18:01 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Thorsten\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 

Error: (10/01/2015 10:18:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 

Error: (10/01/2015 10:18:00 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Thorsten\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 

Error: (10/01/2015 10:18:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 

Error: (10/01/2015 10:18:00 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Thorsten\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 

Error: (10/01/2015 10:06:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 

Error: (10/01/2015 10:06:27 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Thorsten\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 

Error: (10/01/2015 10:06:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 

Error: (10/01/2015 10:06:27 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Thorsten\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 
 

CodeIntegrity:

===================================

  Date: 2015-09-28 22:35:10.318

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-09-28 22:35:10.245

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-09-28 10:27:47.959

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-28 09:59:26.688

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-24 18:47:54.759

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-24 17:53:42.967

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-24 17:41:33.107

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-24 13:28:05.872

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-18 22:16:02.085

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-18 13:26:08.216

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Speicherinformationen =========================== 
 

Prozessor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz

Prozentuale Nutzung des RAM: 52%

Installierter physikalischer RAM: 8190.49 MB

Verfügbarer physikalischer RAM: 3881.87 MB

Summe virtueller Speicher: 16379.19 MB

Verfügbarer virtueller Speicher: 11653.99 MB
 

==================== Laufwerke ================================
 

Drive c: () (Fixed) (Total:111.69 GB) (Free:10.28 GB) NTFS

Drive e: (Daten01) (Fixed) (Total:2794.39 GB) (Free:1814.89 GB) NTFS

Drive f: (Daten02) (Fixed) (Total:931.51 GB) (Free:703.14 GB) NTFS

Drive g: () (Removable) (Total:3.76 GB) (Free:0.53 GB) FAT32

Drive r: (USB3-2TB) (Fixed) (Total:1863.01 GB) (Free:1046.65 GB) NTFS
 

==================== MBR & Partitionstabelle ==================
 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0DF7472A)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)
 

Partition: GPT.
 

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: A22EF57C)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 

========================================================

Disk: 3 (Size: 1863 GB) (Disk ID: 004534CC)

Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 

========================================================

Disk: 4 (Size: 3.8 GB) (Disk ID: 009AD014)

Partition 1: (Active) - (Size=3.8 GB) - (Type=0C)
 

==================== Ende von Addition.txt ============================

Seit Combifix habe ich die Message von G Data nicht mehr bekommen. Dann hätte ich jetzt noch ein paar Fragen:

1. ESET hat 7 Probleme gefunden, aber die sind doch gar nicht behoben worden. Sollten die nicht behoben warden?
2. Ich vermute, ich sollte Java aktualisieren, richtig? :-)
3. Firefox benutze ich gar nicht. Ich vermute, ich sollte auf Firefox umstellen und auf die neueste Version aktualisieren, oder ist es grundsätzlich schon ok auf den IE zu nehmen? Falls ja, sollte ich dann Firefox komplett deinstallieren?

Vielen Dank und Gruß,
Thorsten

schrauber

02.10.2015 20:04

Firefox kannste dann auch komplett entfernen. Java updaten, korrekt :)
ESET Funde sind schon in Quarantäne, Rest entfernen wir jetzt.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

F:\Eigene Dateien\Thorsten\Install\Multimedia\Audiograbber\agsetup183se.exe
 

R:\Backup\Backup Cruzer Titanum 4GB\Data\Antiwpa-V3.4.6 for X64 and X86\AMD64\antiwpa.dll

AutoConfigURL: [S-1-5-21-1553145624-146524218-4249679610-1001] => hxxp://127.0.0.1:8445/okf.pac

RemoveProxy:

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Frisches FRST log bitte.

Thorsten_

03.10.2015 14:30

Hallo Schrauber,

Java ist jetzt aktuell, Firefox entfernt. Beim FRST habe ich zuerst vergessen, meinen USB Stick einzustecken. Daher habe ich einen zweiten Durchgang gemacht (die Fixlist habe ich entsprechend angepasst). Hier die beiden Fixlog.txt:

Erster Run:

Code:

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:03-10-2015

durchgeführt von Thorsten (2015-10-03 14:51:20) Run:1

Gestartet von C:\Users\Thorsten\Desktop

Geladene Profile: Thorsten (Verfügbare Profile: Thorsten)

Start-Modus: Normal

==============================================
 

fixlist Inhalt:

*****************

F:\Eigene Dateien\Thorsten\Install\Multimedia\Audiograbber\agsetup183se.exe
 

R:\Backup\Backup Cruzer Titanum 4GB\Data\Antiwpa-V3.4.6 for X64 and X86\AMD64\antiwpa.dll

AutoConfigURL: [S-1-5-21-1553145624-146524218-4249679610-1001] => hxxp://127.0.0.1:8445/okf.pac

RemoveProxy:

Emptytemp:

*****************
 

F:\Eigene Dateien\Thorsten\Install\Multimedia\Audiograbber\agsetup183se.exe => erfolgreich verschoben

"R:\Backup\Backup Cruzer Titanum 4GB\Data\Antiwpa-V3.4.6 for X64 and X86\AMD64\antiwpa.dll" => Datei/Ordner nicht gefunden.

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => Wert erfolgreich entfernt
 

========= RemoveProxy: =========
 

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => Wert erfolgreich entfernt

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
 
 

========= Ende von RemoveProxy: =========
 

EmptyTemp: => 657.7 MB temporäre Dateien entfernt.
 
 

Das System musste neu gestartet werden.. 
 

==== Ende von Fixlog 14:52:01 ====

Zweiter Run:

Code:

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:03-10-2015

durchgeführt von Thorsten (2015-10-03 15:15:19) Run:2

Gestartet von C:\Users\Thorsten\Desktop

Geladene Profile: Thorsten (Verfügbare Profile: Thorsten)

Start-Modus: Normal

==============================================
 

fixlist Inhalt:

*****************

R:\Backup\Backup Cruzer Titanum 4GB\Data\Antiwpa-V3.4.6 for X64 and X86\AMD64\antiwpa.dll

         

*****************
 

R:\Backup\Backup Cruzer Titanum 4GB\Data\Antiwpa-V3.4.6 for X64 and X86\AMD64\antiwpa.dll => erfolgreich verschoben
 

==== Ende von Fixlog 15:15:19 ====

Hier noch ein frisches FRST log:

Code:

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015

durchgeführt von Thorsten (Administrator) auf THORSTEN-PC-SSD (03-10-2015 15:22:26)

Gestartet von C:\Users\Thorsten\Desktop

Geladene Profile: Thorsten (Verfügbare Profile: Thorsten)

Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)

Internet Explorer Version 11 (Standard-Browser: IE)

Start-Modus: Normal

Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Prozesse (Nicht auf der Ausnahmeliste) =================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
 

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(STRATO) C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe

(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe

(TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe

(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe

(Dominik Reichl) F:\Eigene Dateien\Thorsten\Install\Tools\Passwortverwaltung\KeePass-2.16\KeePass.exe

(Fieldston Software) C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe

(Marius Lutz) C:\Program Files (x86)\Shutdown7\Shutdown7.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe

(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe

(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

(Philips) C:\Program Files (x86)\Philips\Configo\2.1.7.0\Configo.exe

(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe

() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

(Joyent, Inc) C:\Users\Thorsten\AppData\Roaming\Steganos\OkayFreedom\Proxy\node.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_19_0_0_185_ActiveX.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
 
 

==================== Registry (Nicht auf der Ausnahmeliste) ===========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
 

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-03-20] (Realtek Semiconductor)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)

HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)

HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)

HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)

HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)

HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)

HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1864312 2015-06-16] (G DATA Software AG)

HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)

HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 

HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1963912 2015-07-23] (TomTom)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-04-29] (Google Inc.)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-05-07] (TrueCrypt Foundation)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [KeePass Password Safe 2] => F:\Eigene Dateien\Thorsten\Install\Tools\Passwortverwaltung\KeePass-2.16\KeePass.exe [1764352 2011-07-12] (Dominik Reichl)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [gSyncit] => C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [228352 2015-09-09] (Fieldston Software)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [Shutdown] => C:\Program Files (x86)\Shutdown7\Shutdown7.exe [2276864 2014-09-28] (Marius Lutz)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-04-26] (Apple Inc.)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [6601224 2015-09-10] (Steganos Software GmbH)

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2012-07-18]

ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips Configo.lnk [2012-05-18]

ShortcutTarget: Philips Configo.lnk -> C:\Program Files (x86)\Philips\Configo\2.1.7.0\Configo.exe (Philips)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012-08-22]

ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
 

==================== Internet (Nicht auf der Ausnahmeliste) ====================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
 

AutoConfigURL: [S-1-5-21-1553145624-146524218-4249679610-1001] => hxxp://127.0.0.1:8445/okf.pac

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{BBA20A84-353E-4C25-9B52-ABDD82773A58}: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{CB18DCCC-3BA8-4717-AA5B-3B7174CBDBD4}: [DhcpNameServer] 192.168.178.1
 

Internet Explorer:

==================

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-10-03] (Oracle Corporation)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-10-03] (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)

Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

Toolbar: HKU\S-1-5-21-1553145624-146524218-4249679610-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

DPF: HKLM {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex64-2.2.6.2.cab

DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-13] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-21] (CANON INC.)

FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-05-04] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-10-03] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-12-21] ( )

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
 

==================== Dienste (Nicht auf der Ausnahmeliste) ========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2558072 2015-06-19] (G Data Software AG)

R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [966776 2015-06-16] (G Data Software AG)

R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [3711712 2015-06-16] (G Data Software AG)

R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [Datei ist nicht signiert]

R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-07-10] () [Datei ist nicht signiert]

R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]

S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]

R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3202368 2015-06-19] (G Data Software AG)

R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789624 2015-06-16] (G Data Software AG)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [345632 2015-09-10] (Steganos Software GmbH)

S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2013-08-22] (The OpenVPN Project)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()

R2 STRATO HiDrive Service; C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO) [Datei ist nicht signiert]

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)

R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-06-09] (VMware, Inc.) [Datei ist nicht signiert]

R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
 

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)

R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)

R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)

R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()

R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-17] (Disc Soft Ltd)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] () [Datei ist nicht signiert]

S3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [158720 2015-08-11] (G Data Software AG)

R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [27648 2015-04-22] (G Data Software AG)

R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-04-22] (G Data Software AG)

R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [230912 2015-08-11] (G Data Software AG)

R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [76288 2015-08-11] (G Data Software AG)

R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [65024 2015-08-11] (G Data Software AG)

S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2013-04-25] (Siemens Home and Office Communication Devices GmbH & Co. KG)

R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2015-06-07] (G Data Software)

R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [125952 2015-08-11] (G Data Software AG)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31384 2012-06-09] (VMware, Inc.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 

==================== Ein Monat: Erstellte Dateien und Ordner ========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 

2015-10-03 15:22 - 2015-10-03 15:22 - 00023459 _____ C:\Users\Thorsten\Desktop\FRST.txt

2015-10-03 15:19 - 2015-10-03 15:19 - 00002629 _____ C:\Users\Thorsten\Desktop\temp.txt

2015-10-03 14:54 - 2015-10-03 14:54 - 00000022 _____ C:\Windows\S.dirmngr

2015-10-03 14:44 - 2015-10-03 14:44 - 00000000 ____D C:\Users\Thorsten\Desktop\FRST-OlderVersion

2015-10-03 08:33 - 2015-10-03 07:55 - 00273504 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2015-10-03 08:33 - 2012-05-04 19:29 - 00772504 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2015-10-03 08:33 - 2012-05-04 19:29 - 00687504 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2015-10-02 08:09 - 2015-10-02 08:10 - 00062388 _____ C:\Users\Thorsten\Desktop\Addition3.txt

2015-10-02 08:06 - 2015-10-02 08:10 - 00065658 _____ C:\Users\Thorsten\Desktop\FRST3.txt

2015-10-02 07:57 - 2015-10-02 07:57 - 00852704 _____ C:\Users\Thorsten\Desktop\SecurityCheck.exe

2015-10-01 21:57 - 2015-10-01 21:57 - 02870984 _____ (ESET) C:\Users\Thorsten\Desktop\esetsmartinstaller_deu.exe

2015-09-29 23:38 - 2015-09-29 23:38 - 00047596 _____ C:\Users\Thorsten\Desktop\Additionalt2.txt

2015-09-29 23:37 - 2015-09-29 23:38 - 00061919 _____ C:\Users\Thorsten\Desktop\FRST 2.txt

2015-09-29 23:28 - 2015-09-29 23:28 - 00000834 _____ C:\Users\Thorsten\Desktop\JRT.txt

2015-09-29 23:12 - 2015-09-29 23:12 - 00000994 _____ C:\Users\Thorsten\Desktop\AdwCleaner[C4].txt

2015-09-29 23:10 - 2015-09-29 23:10 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH

2015-09-29 23:01 - 2015-09-29 23:01 - 01670656 _____ C:\Users\Thorsten\Desktop\AdwCleaner_5.009.exe

2015-09-29 22:59 - 2015-09-29 22:59 - 00001213 _____ C:\Users\Thorsten\Desktop\mbam.txt

2015-09-29 22:01 - 2015-09-29 22:34 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Thorsten\Desktop\mbam-setup-2.1.8.1057.exe

2015-09-28 23:09 - 2015-09-28 23:09 - 00029041 _____ C:\ComboFix.txt

2015-09-28 21:57 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe

2015-09-28 21:57 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe

2015-09-28 21:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-09-28 21:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-09-28 21:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-09-28 21:57 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe

2015-09-28 21:57 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe

2015-09-28 21:57 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe

2015-09-28 21:56 - 2015-09-28 23:09 - 00000000 ____D C:\Qoobox

2015-09-28 21:56 - 2015-09-28 22:39 - 00000000 ____D C:\Windows\erdnt

2015-09-28 21:51 - 2015-09-28 21:52 - 05636489 ____R (Swearware) C:\Users\Thorsten\Desktop\ComboFix.exe

2015-09-27 23:20 - 2015-09-27 23:20 - 00000202 _____ C:\Users\Thorsten\Desktop\G*DATA Protokoll ID 4133.txt

2015-09-27 23:12 - 2015-09-27 23:12 - 00084469 _____ C:\Users\Thorsten\Desktop\Gmer.txt

2015-09-27 22:55 - 2015-09-27 22:56 - 00380416 _____ C:\Users\Thorsten\Desktop\Gmer-19357.exe

2015-09-27 22:41 - 2015-09-27 22:45 - 00057589 _____ C:\Users\Thorsten\Desktop\Additionalt.txt

2015-09-27 22:40 - 2015-09-27 22:45 - 00065342 _____ C:\Users\Thorsten\Desktop\FRSTalt.txt

2015-09-27 22:35 - 2015-10-03 15:22 - 00000000 ____D C:\FRST

2015-09-27 22:33 - 2015-10-03 14:44 - 02193408 _____ (Farbar) C:\Users\Thorsten\Desktop\FRST64.exe

2015-09-27 22:32 - 2015-09-27 22:32 - 00000548 _____ C:\Users\Thorsten\Desktop\defogger_disable.log

2015-09-27 22:32 - 2015-09-27 22:32 - 00000168 _____ C:\Users\Thorsten\defogger_reenable

2015-09-27 22:29 - 2015-09-27 22:29 - 00050477 _____ C:\Users\Thorsten\Desktop\Defogger.exe

2015-09-27 21:27 - 2015-09-22 19:06 - 01800512 _____ (Malwarebytes) C:\Users\Thorsten\Desktop\JRT.exe

2015-09-26 22:39 - 2015-09-29 22:40 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-09-26 22:38 - 2015-09-29 22:35 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-09-26 22:38 - 2015-09-29 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-09-26 22:38 - 2015-09-29 22:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-09-26 22:38 - 2015-09-26 22:38 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-09-26 22:38 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-09-26 22:38 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-09-26 22:38 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-09-18 21:12 - 2015-09-18 21:12 - 00001129 _____ C:\Users\Public\Desktop\OkayFreedom.lnk

2015-09-18 08:46 - 2015-09-18 08:46 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk

2015-09-18 08:46 - 2015-09-18 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-09-18 08:46 - 2015-09-18 08:46 - 00000000 ____D C:\Program Files\iTunes

2015-09-18 08:46 - 2015-09-18 08:46 - 00000000 ____D C:\Program Files\iPod

2015-09-18 08:46 - 2015-09-18 08:46 - 00000000 ____D C:\Program Files (x86)\iTunes

2015-09-18 08:44 - 2015-09-18 08:44 - 00000000 ____D C:\Windows\System32\Tasks\Apple

2015-09-18 08:44 - 2015-09-18 08:44 - 00000000 ____D C:\Program Files\Bonjour

2015-09-18 08:44 - 2015-09-18 08:44 - 00000000 ____D C:\Program Files (x86)\Bonjour

2015-09-18 08:44 - 2015-09-18 08:44 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2015-09-17 23:49 - 2015-09-17 23:49 - 00000000 ____D C:\Users\Thorsten\AppData\Local\FreeOCR

2015-09-17 23:44 - 2015-09-17 23:44 - 00002596 _____ C:\Users\Thorsten\AppData\Local\recently-used.xbel

2015-09-17 23:33 - 2015-09-17 23:46 - 00000000 ____D C:\FreeOCR

2015-09-17 23:33 - 2015-09-17 23:33 - 00000590 _____ C:\Users\Thorsten\Desktop\FreeOCR.lnk

2015-09-17 23:33 - 2015-09-17 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR

2015-09-17 23:33 - 2007-03-10 10:11 - 02680320 _____ (HiComponents) C:\Windows\SysWOW64\ImageEnXLibrary.ocx

2015-09-15 08:21 - 2015-09-15 08:21 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\PC-FAX TX

2015-09-09 19:27 - 2015-09-09 19:27 - 00000000 ____D C:\Windows\rescache

2015-09-09 09:54 - 2015-08-05 19:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2015-09-09 09:54 - 2015-08-05 19:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll

2015-09-09 09:54 - 2015-08-05 19:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll

2015-09-09 09:54 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

2015-09-09 09:54 - 2015-07-15 05:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-09-09 09:54 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2015-09-09 09:54 - 2015-07-09 19:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll

2015-09-09 09:54 - 2015-07-09 19:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll

2015-09-09 09:54 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll

2015-09-09 09:54 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll

2015-09-09 09:53 - 2015-08-18 03:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-09-09 09:53 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-09-09 09:53 - 2015-08-15 08:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-09-09 09:53 - 2015-08-15 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-09-09 09:53 - 2015-08-15 08:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-09-09 09:53 - 2015-08-15 08:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-09-09 09:53 - 2015-08-15 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-09-09 09:53 - 2015-08-15 08:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-09-09 09:53 - 2015-08-15 08:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-09-09 09:53 - 2015-08-15 08:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-09-09 09:53 - 2015-08-15 08:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-09-09 09:53 - 2015-08-15 08:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-09-09 09:53 - 2015-08-15 08:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-09-09 09:53 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-09-09 09:53 - 2015-08-15 08:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-09-09 09:53 - 2015-08-15 08:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-09-09 09:53 - 2015-08-15 08:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-09-09 09:53 - 2015-08-15 08:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-09-09 09:53 - 2015-08-15 08:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-09-09 09:53 - 2015-08-15 08:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-09-09 09:53 - 2015-08-15 07:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-09-09 09:53 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-09-09 09:53 - 2015-08-15 07:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-09-09 09:53 - 2015-08-15 07:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-09-09 09:53 - 2015-08-15 07:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-09-09 09:53 - 2015-08-15 07:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-09-09 09:53 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-09-09 09:53 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-09-09 09:53 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-09-09 09:53 - 2015-08-15 07:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-09-09 09:53 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-09-09 09:53 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-09-09 09:53 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-09-09 09:53 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-09-09 09:53 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-09-09 09:53 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-09-09 09:53 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-09-09 09:53 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-09-09 09:53 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-09-09 09:53 - 2015-08-15 07:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-09-09 09:53 - 2015-08-15 07:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-09-09 09:53 - 2015-08-15 07:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-09-09 09:53 - 2015-08-15 07:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-09-09 09:53 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-09-09 09:53 - 2015-08-15 07:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-09-09 09:53 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-09-09 09:53 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-09-09 09:53 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-09-09 09:53 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-09-09 09:53 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-09-09 09:53 - 2015-08-15 07:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-09-09 09:53 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-09-09 09:53 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-09-09 09:53 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-09-09 09:53 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-09-09 09:53 - 2015-08-15 06:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-09-09 09:53 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-09-09 09:53 - 2015-08-15 06:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-09-09 09:53 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-09-09 09:53 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-09-09 09:50 - 2015-09-02 05:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-09-09 09:50 - 2015-09-02 05:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-09-09 09:50 - 2015-09-02 05:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-09-09 09:50 - 2015-09-02 05:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-09-09 09:50 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2015-09-09 09:50 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-09-09 09:50 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2015-09-09 09:50 - 2015-09-02 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2015-09-09 09:50 - 2015-09-02 03:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-09-09 09:50 - 2015-09-02 03:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-09-09 09:50 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-09-09 09:50 - 2015-08-27 20:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2015-09-09 09:50 - 2015-08-27 20:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-09-09 09:50 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2015-09-09 09:50 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2015-09-09 09:50 - 2015-08-27 19:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2015-09-09 09:50 - 2015-08-27 19:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2015-09-09 09:50 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll

2015-09-09 09:50 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-09-09 09:50 - 2015-08-26 20:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-09-09 09:50 - 2015-08-26 20:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-09-09 09:50 - 2015-08-26 20:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-09-09 09:50 - 2015-08-26 20:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-09-09 09:50 - 2015-08-26 20:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-09-09 09:50 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-09-09 09:50 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-09-09 09:50 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-09-09 09:50 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-09-09 09:50 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-09-09 09:50 - 2015-08-04 20:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2015-09-09 09:50 - 2015-08-04 20:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2015-09-09 09:50 - 2015-08-04 19:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-09-09 09:50 - 2015-08-04 19:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-09-09 09:50 - 2015-08-04 19:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-09-09 09:50 - 2015-08-04 19:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-09-09 09:50 - 2015-08-04 19:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-09-09 09:50 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2015-09-09 09:50 - 2015-08-04 18:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-09-09 09:50 - 2015-07-23 02:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-09-09 09:50 - 2015-07-23 02:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-09-09 09:50 - 2015-07-23 02:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-09-09 09:50 - 2015-07-23 02:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-09-09 09:50 - 2015-07-23 02:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-09-09 09:50 - 2015-07-23 02:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-09-09 09:50 - 2015-07-23 02:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-09-09 09:50 - 2015-07-23 02:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-09-09 09:50 - 2015-07-23 02:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-09-09 09:50 - 2015-07-23 02:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-09-09 09:50 - 2015-07-23 02:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-09-09 09:50 - 2015-07-23 02:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-09-09 09:50 - 2015-07-23 02:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-09-09 09:50 - 2015-07-23 02:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-09-09 09:50 - 2015-07-23 01:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-09-09 09:50 - 2015-07-23 01:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-09-09 09:50 - 2015-07-23 01:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-09-09 09:50 - 2015-07-22 19:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-09-09 09:50 - 2015-07-22 19:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-09-09 09:50 - 2015-07-22 19:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-09-09 09:50 - 2015-07-22 19:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-09-09 09:50 - 2015-07-22 19:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-09-09 09:50 - 2015-07-22 19:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-09-09 09:50 - 2015-07-22 19:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-09-09 09:50 - 2015-07-22 19:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-09-09 09:50 - 2015-07-22 19:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 18:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll

2015-09-09 09:50 - 2015-07-22 18:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2015-09-09 09:50 - 2015-07-22 18:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2015-09-09 09:50 - 2015-07-22 18:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2015-09-09 09:50 - 2015-07-22 18:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-09-09 09:50 - 2015-07-22 18:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-09-09 09:50 - 2015-07-22 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-09-09 09:50 - 2015-07-22 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-09-09 09:50 - 2015-06-25 12:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2015-09-09 09:50 - 2015-06-25 12:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2015-09-09 09:50 - 2015-06-25 12:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2015-09-09 09:50 - 2015-06-25 11:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2015-09-04 17:34 - 2015-09-04 17:44 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\RavensburgerTipToi

2015-09-04 17:34 - 2015-09-04 17:34 - 00001072 _____ C:\Users\Thorsten\Desktop\tiptoi.lnk

2015-09-04 17:34 - 2015-09-04 17:34 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager

2015-09-04 17:34 - 2015-09-04 17:34 - 00000000 ____D C:\ProgramData\RavensburgerTipToi

2015-09-04 17:34 - 2015-09-04 17:34 - 00000000 ____D C:\Program Files (x86)\Ravensburger tiptoi
 

==================== Ein Monat: Geänderte Dateien und Ordner ========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 

2015-10-03 15:09 - 2009-07-14 06:45 - 00031872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-10-03 15:09 - 2009-07-14 06:45 - 00031872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-10-03 14:58 - 2012-04-29 22:04 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-10-03 14:58 - 2011-04-12 09:43 - 00702116 _____ C:\Windows\system32\perfh007.dat

2015-10-03 14:58 - 2011-04-12 09:43 - 00150782 _____ C:\Windows\system32\perfc007.dat

2015-10-03 14:58 - 2009-07-14 07:13 - 01628866 _____ C:\Windows\system32\PerfStringBackup.INI

2015-10-03 14:57 - 2012-04-27 23:43 - 01979740 _____ C:\Windows\WindowsUpdate.log

2015-10-03 14:54 - 2014-12-26 11:33 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\Steganos VPN

2015-10-03 14:54 - 2014-09-08 08:05 - 00038421 _____ C:\Windows\setupact.log

2015-10-03 14:54 - 2014-09-08 08:05 - 00016118 _____ C:\Windows\PFRO.log

2015-10-03 14:54 - 2012-07-14 21:35 - 00000000 ____D C:\ProgramData\VMware

2015-10-03 14:54 - 2012-04-29 22:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-10-03 14:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-10-03 14:13 - 2015-08-25 21:47 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\gnupg

2015-10-03 09:45 - 2012-05-02 18:02 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\gSyncit

2015-10-03 09:13 - 2015-01-08 23:07 - 00004215 _____ C:\nospam.log

2015-10-03 09:13 - 2013-02-03 00:21 - 00000000 ____D C:\Users\Thorsten\AppData\Local\2CC90263-1882-4F5C-8A1C-98D4D2B885D0.aplzod

2015-10-03 07:55 - 2014-10-24 07:10 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-10-03 07:55 - 2013-10-18 12:56 - 00000000 ____D C:\ProgramData\Oracle

2015-10-03 07:55 - 2013-10-18 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-10-03 07:54 - 2012-05-13 21:04 - 00000000 ____D C:\Program Files (x86)\Java

2015-09-29 23:08 - 2014-10-28 22:24 - 00000000 ____D C:\AdwCleaner

2015-09-28 23:07 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini

2015-09-28 22:40 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default

2015-09-28 22:05 - 2012-05-05 13:31 - 00000000 ____D C:\ProgramData\Temp

2015-09-28 10:27 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2015-09-28 09:59 - 2014-10-04 00:45 - 00000034 _____ C:\Windows\SysWOW64\BD8860DN.DAT

2015-09-28 09:59 - 2012-04-29 21:36 - 00000432 _____ C:\Windows\BRWMARK.INI

2015-09-27 22:32 - 2012-04-27 23:43 - 00000000 ____D C:\Users\Thorsten

2015-09-27 21:30 - 2013-12-11 16:45 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\IObit

2015-09-27 09:44 - 2012-06-24 21:39 - 00000000 ____D C:\Windows\Downloaded Installations

2015-09-25 22:58 - 2015-01-15 23:34 - 00000000 ____D C:\Users\Thorsten\AppData\Local\Wunderlist

2015-09-24 13:32 - 2012-04-29 00:28 - 00000000 ____D C:\Users\Thorsten\AppData\Local\Google

2015-09-23 23:28 - 2012-05-17 22:32 - 00019456 _____ C:\Users\Thorsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-09-21 22:58 - 2012-04-29 21:49 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-09-21 22:58 - 2012-04-29 21:49 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-09-21 22:27 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-09-20 21:27 - 2014-03-04 09:41 - 00000000 ____D C:\Users\Thorsten\AppData\Local\FRITZ!

2015-09-18 21:12 - 2015-02-09 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom

2015-09-18 21:12 - 2014-12-26 11:33 - 00000000 ____D C:\Program Files (x86)\OkayFreedom

2015-09-18 08:46 - 2012-05-11 22:37 - 00000000 ____D C:\Program Files\Common Files\Apple

2015-09-18 08:44 - 2014-01-24 23:49 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2015-09-17 23:45 - 2012-06-25 23:32 - 00000000 ____D C:\Users\Thorsten\.gimp-2.8

2015-09-15 08:22 - 2012-04-29 21:36 - 00000804 _____ C:\Windows\Brpfx04a.ini

2015-09-15 07:53 - 2012-04-29 22:04 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-09-15 07:53 - 2012-04-29 22:04 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-09-09 18:47 - 2009-07-14 06:45 - 00426288 _____ C:\Windows\system32\FNTCACHE.DAT

2015-09-09 18:46 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal

2015-09-09 18:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2015-09-09 10:29 - 2013-08-14 19:36 - 00000000 ____D C:\Windows\system32\MRT

2015-09-09 10:29 - 2012-04-29 09:11 - 00000000 ____D C:\ProgramData\Microsoft Help
 

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
 

2014-08-08 22:09 - 2014-08-08 22:09 - 0000000 _____ () C:\Users\Thorsten\AppData\Roaming\gdfw.log

2014-08-08 22:09 - 2014-08-08 22:09 - 0000779 _____ () C:\Users\Thorsten\AppData\Roaming\gdscan.log

2015-06-20 01:14 - 2015-06-23 22:49 - 0000154 _____ () C:\Users\Thorsten\AppData\Roaming\Rim.Desktop.Exception.log

2015-06-20 01:13 - 2015-06-20 01:13 - 0001153 _____ () C:\Users\Thorsten\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

2015-06-20 01:14 - 2015-06-23 22:49 - 0000154 _____ () C:\Users\Thorsten\AppData\Roaming\Rim.DesktopHelper.Exception.log

2012-05-17 22:32 - 2015-09-23 23:28 - 0019456 _____ () C:\Users\Thorsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-09-17 23:44 - 2015-09-17 23:44 - 0002596 _____ () C:\Users\Thorsten\AppData\Local\recently-used.xbel

2012-05-05 13:48 - 2012-05-05 13:48 - 0007666 _____ () C:\Users\Thorsten\AppData\Local\Resmon.ResmonCfg
 

Einige Dateien in TEMP:

====================

C:\Users\Thorsten\AppData\Local\Temp\NOSEventMessages.dll
 
 

==================== Bamital & volsnap =================
 

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
 

C:\Windows\system32\winlogon.exe => Datei ist digital signiert

C:\Windows\system32\wininit.exe => Datei ist digital signiert

C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert

C:\Windows\explorer.exe => Datei ist digital signiert

C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert

C:\Windows\system32\svchost.exe => Datei ist digital signiert

C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert

C:\Windows\system32\services.exe => Datei ist digital signiert

C:\Windows\system32\User32.dll => Datei ist digital signiert

C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert

C:\Windows\system32\userinit.exe => Datei ist digital signiert

C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert

C:\Windows\system32\rpcss.dll => Datei ist digital signiert

C:\Windows\system32\dnsapi.dll => Datei ist digital signiert

C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert

C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
 
 

LastRegBack: 2015-10-01 08:12
 

==================== Ende von FRST.txt ============================

Thorsten_

03.10.2015 14:33

...und die Addition:

Code:

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:03-10-2015

durchgeführt von Thorsten (2015-10-03 15:23:11)

Gestartet von C:\Users\Thorsten\Desktop

Windows 7 Professional Service Pack 1 (X64) (2012-04-27 21:43:28)

Start-Modus: Normal

==========================================================
 
 

==================== Konten: =============================
 

Administrator (S-1-5-21-1553145624-146524218-4249679610-500 - Administrator - Disabled)

Gast (S-1-5-21-1553145624-146524218-4249679610-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1553145624-146524218-4249679610-1002 - Limited - Enabled)

Thorsten (S-1-5-21-1553145624-146524218-4249679610-1001 - Administrator - Enabled) => C:\Users\Thorsten
 

==================== Sicherheits-Center ========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
 

AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}

AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: G*DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
 

==================== Installierte Programme ======================
 

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)

AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)

AM-DeadLink 4.6 (HKLM-x32\...\aignesamdeadlink_is1) (Version: 4.6 - www.aignes.com)

Angry Birds (HKLM-x32\...\{910D3FB9-E341-4DD9-B52A-3B3C0C340AF6}) (Version: 1.5.3 - Rovio)

Ankh (HKLM-x32\...\Ankh) (Version:  - )

Apple Application Support (32-Bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)

Apple Application Support (64-Bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

Areca (HKLM-x32\...\Areca) (Version:  - )

Art Effects for PDR10 (HKLM\...\NewBlue Art Effects for PDR10) (Version: 2.0 - NewBlue)

Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)

AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )

AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)

AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)

BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)

BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Brother MFL-Pro Suite MFC-8860DN (HKLM-x32\...\{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}) (Version: 1.0.0.0 - Brother Industries, Ltd.)

Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)

Bullzip PDF Printer 8.2.0.1406 (HKLM\...\Bullzip PDF Printer_is1) (Version: 8.2.0.1406 - Bullzip)

Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )

CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)

Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)

Canon iP4700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series) (Version:  - )

Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.3.0.14 - Canon Inc.)

Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.1.0.18 - Canon Inc.)

Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.2.0.34 - Canon Inc.)

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )

Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)

Canon Utilities Digital Photo Professional 3.6 (HKLM-x32\...\DPP) (Version: 3.6.0.0 - Canon Inc.)

Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)

Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)

Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)

Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.5.0.0 - Canon Inc.)

Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)

Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.3.1.8 - Canon Inc.)

Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.2.11 - Canon Inc.)

CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)

CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )

Configo (HKLM-x32\...\{9DDF445F-D818-4280-B182-41FAC10DB715}) (Version: 2.1.7.0 - Philips)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2231 - CyberLink Corp.)

CyberLink PowerDirector 10 (Version: 10.0.0.2231 - CyberLink Corp.) Hidden

CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.3320 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)

Documents To Go Desktop für iOS (HKLM-x32\...\DTGDesktop) (Version: 4.0001.010 - DataViz, Inc.)

DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )

DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)

elmeg Phone WIN-Tools V7.63 Beta 2 (HKLM-x32\...\InstallShield_{7CE806D5-C3E4-43C0-94B9-A6C88E7CA28A}) (Version: 7.63.0002 - Funkwerk Enterprise Communications GmbH)

elmeg Phone WIN-Tools V7.63 Beta 2 (Version: 7.63.0002 - Funkwerk Enterprise Communications GmbH) Hidden

ffdshow v1.3.4500 [2013-01-06] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4500.0 - )

Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)

Free Video Editor version 1.4.0.530 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.0.530 - DVDVideoSoft Ltd.)

FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)

FreeFileSync 6.8 (HKLM-x32\...\FreeFileSync) (Version: 6.8 - Zenju)

FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version:  - )

funkwerk WINUSB Driver V1.01 (HKLM\...\{BB649458-6732-4EE6-A7CC-A303677968FD}) (Version: 1.01.0000 - Funkwerk Enterprise Communications GmbH)

G DATA INTERNET SECURITY (HKLM-x32\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.8 - G DATA Software AG)

GetFoldersize 2.5.24 (HKLM-x32\...\GetFoldersize_is1) (Version: 2.5.24 - Michael Thummerer Software Design)

Gigaset QuickSync (HKLM\...\{b49e8cfb-f094-4467-925a-97c23972cb50}) (Version: 8.3.0868.3 - Gigaset Communications GmbH)

GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)

Gpg4win (2.2.5) (HKLM-x32\...\GPG4Win) (Version: 2.2.5 - The Gpg4win Project)

Grundschule Lernspass mit Hexe Lilli Deutsch Klasse 3+4 (HKLM-x32\...\Grundschule Lernspass mit Hexe Lilli Deutsch Klasse 3+4) (Version:  - )

Grundschule Lernspass mit Hexe Lilli Mathematik Klasse 3+4 (HKLM-x32\...\Grundschule Lernspass mit Hexe Lilli Mathematik Klasse 3+4) (Version:  - )

gSyncit (HKLM-x32\...\{97812291-FDA2-4654-BADE-60891483B4EF}) (Version: 4.1.40 - Fieldston Software)

Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )

HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )

HDR Projects platin (64-Bit) (HKLM\...\HDR Projects platin_is1) (Version: 1.23 - Franzis Verlag GmbH)

iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)

ImageMate 6 in 1 Read/Writer (HKLM-x32\...\{59719F49-219A-4C02-904A-BF18E1956419}) (Version:  - )

iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)

Japanese Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)

Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)

Joe (HKLM-x32\...\{2F8C3308-46DC-4431-B1C0-5C579A5CADBE}) (Version: 3.08.0100 - Wirth IT Design)

Kaminfeuer Comprehensive Edition 1080 (HKLM-x32\...\ST5UNST #1) (Version:  - )

KeePass Password Safe 2.25 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)

Lidl-Fotos (HKLM-x32\...\Lidl-Fotos_is1) (Version:  - )

MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)

MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{4745C004-7D5D-42BB-816A-79BF29C3A65C}) (Version: 4.3.2.0 - MAGIX Software GmbH)

MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX Software GmbH) Hidden

MAGIX Music Maker 2013 (HKLM-x32\...\MX.{E7F7CA64-C0FC-4499-BC4D-C764E24CA67B}) (Version: 19.0.7.67 - MAGIX Software GmbH)

MAGIX Music Maker 2013 (Version: 19.0.7.67 - MAGIX Software GmbH) Hidden

MAGIX Music Maker 2013 Trial Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden

Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)

Mediaport (HKLM-x32\...\Mediaport) (Version:  - )

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden

MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden

MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden

MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MyDriveConnect 4.0.4.2260 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.4.2260 - TomTom)

NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)

Nokia Connectivity Cable Driver (HKLM-x32\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)

Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)

Nokia Suite (x32 Version: 3.7.22.0 - Nokia) Hidden

OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.6.2 - Steganos Software GmbH)

OpenVPN 2.3.2-I003  (HKLM\...\OpenVPN) (Version: 2.3.2-I003 - )

PaperPort (HKLM-x32\...\{71C97545-E547-4A8B-B0C8-61FF853270AC}) (Version: 9.02.0827 - ScanSoft, Inc.)

PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)

PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)

PowerDirector (Version: 10.00.0000 - CyberLink Corp.) Hidden

QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)

Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )

Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)

Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)

Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden

Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.1.0.11112_41 - Samsung Electronics Co., Ltd.)

Samsung Kies (x32 Version: 2.1.0.11112_41 - Samsung Electronics Co., Ltd.) Hidden

Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)

Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)

Security Task Manager 1.8d (HKLM-x32\...\Security Task Manager) (Version: 1.8d - Neuber Software)

Shutdown7 Version 2.1.2 (HKLM-x32\...\{37D95233-83D5-4511-8FFA-E6110FBB1F3E}_is1) (Version: 2.1.2 - Marius Lutz)

Siggi Blitz Vorschule 1 (HKLM-x32\...\Siggi Blitz Vorschule 1_is1) (Version:  - Paletti)

SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)

SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden

STRATO HiDrive (remove only) (HKLM-x32\...\STRATO HiDrive) (Version:  - STRATO AG)

TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )

Task Coach 1.3.38 (HKLM-x32\...\Task Coach_is1) (Version:  - Frank Niessink, Jerome Laheurte, and Aaron Wolf)

TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)

Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)

TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)

VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden

VMware Player (HKLM-x32\...\VMware_Player) (Version: 4.0.4.30409 - VMware, Inc)

VMware Player (x32 Version: 4.0.4.30409 - VMware, Inc.) Hidden

WD Drive Utilities (HKLM-x32\...\{2F540611-6560-470F-924A-5F52EFA9156F}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)

WD Quick View (HKLM-x32\...\{948427A9-EC32-47A3-AA32-3C9EBA7C7E5D}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)

WD Security (HKLM-x32\...\{8A7B24E8-864E-4794-95C4-17644D0991AA}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows-Treiberpaket - Funkwerk (WinUSB) MyDeviceClass  (11/15/2010 1.0.0.2) (HKLM\...\71B1F586AD0C9816250D297A4E45C51B92B20C83) (Version: 11/15/2010 1.0.0.2 - Funkwerk)

Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)

WISO Steuer-Sparbuch 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)

WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)

WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{7A619227-116C-4B0F-97CE-B34E53D4E0BB}) (Version: 21.00.8480 - Buhl Data Service GmbH)

WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{FFF441EC-44A8-48D0-8B02-731FC7175305}) (Version: 22.00.8811 - Buhl Data Service GmbH)

Wunderlist - Wunderlist (HKLM-x32\...\Wunderlist Wunderlist) (Version: 3.4.3 - Wunderlist)

XMedia Recode Version 3.2.3.3 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.3.3 - XMedia Recode)
 

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 

==================== Wiederherstellungspunkte =========================
 

03-10-2015 07:45:52 Windows Update

03-10-2015 08:32:34 JavaFX 2.1.1 wird entfernt
 

==================== Hosts Inhalt: ===============================
 

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
 

2009-07-14 04:34 - 2015-09-28 22:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

Task: {03601431-604F-42C6-8511-403DC502EA31} - System32\Tasks\Areca Backup monatlich => F:\Eigene Dateien\Thorsten\Andere Benutzer\Thorsten\IT und TK\Backup\97364814_every_28_days.bat [2014-10-23] ()

Task: {0F0A1301-B3E1-429C-921E-0D0B45DA8A80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {18280E33-486C-487B-8869-52A111BE1376} - System32\Tasks\Areca Backup täglich => F:\Eigene Dateien\Thorsten\Andere Benutzer\Thorsten\IT und TK\Backup\97364814_every_1_days.bat [2014-10-23] ()

Task: {25136AB6-61B4-4D76-9FA6-6F7502B2F20D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

Task: {3E74C2A3-0542-4279-BDA3-59BEF5E05108} - System32\Tasks\Areca Backup wöchentlich => F:\Eigene Dateien\Thorsten\Andere Benutzer\Thorsten\IT und TK\Backup\97364814_every_7_days.bat [2014-10-23] ()

Task: {4A2486D8-4B77-412A-9E92-205E7C3FE7DB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {4C12C8F9-55FF-4AB7-8CC7-83769ECA3F07} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

Task: {62871875-F7AE-4774-A475-098B90B397C3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

Task: {7184E9AE-B01E-4582-8E63-5C9110F168C2} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {82DE5D07-9962-401D-9866-53F04A1CC62B} - System32\Tasks\{FCF98728-23EA-47B7-85E4-20F7C0F4D4E9} => C:\Program Files (x86)\Elaborate Bytes\CloneCD\CloneCD.exe

Task: {86EED966-CA97-4FA3-AD8A-1D465CEE2194} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {ADD511ED-2FC4-4900-AB0F-B172B6800413} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {AF20CA7C-EF74-497D-9EA2-8BF47C51EA59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {B6659BDA-0AA0-4CF2-B3A0-BAB83669679E} - System32\Tasks\{9051820C-5BAA-4C92-B9AB-339E430CB551} => pcalua.exe -a "C:\Program Files (x86)\ScanSoft\PaperPort\ptdntins.exe"

Task: {EDBC1990-8CD7-4D9D-8170-CEFFDE262409} - System32\Tasks\{C155EAD2-073D-46A6-834A-C74306E538F2} => pcalua.exe -a "C:\Users\Thorsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0OV4JJIY\AudibleDM_iTunesSetup.exe" -d C:\Users\Thorsten\Desktop

Task: {F5A58AA2-9B47-46A4-86B8-44C3D1F7E8A5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
 

2014-03-04 09:37 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll

2014-03-04 09:37 - 2006-02-22 11:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2015-07-10 12:11 - 2015-07-10 12:11 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

2012-05-17 11:18 - 2012-04-24 18:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe

2012-04-29 21:35 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll

2015-06-16 11:17 - 2015-06-16 11:17 - 00382584 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll

2011-07-31 18:39 - 2011-07-12 10:01 - 00307200 _____ () F:\Eigene Dateien\Thorsten\Install\Tools\Passwortverwaltung\KeePass-2.16\KeePass.XmlSerializers.dll

2013-11-25 18:12 - 2014-07-02 10:13 - 01427736 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe

2015-07-10 11:57 - 2015-07-10 11:57 - 00221696 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll

2015-07-10 11:51 - 2015-07-10 11:51 - 00087040 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll

2015-07-10 11:43 - 2015-07-10 11:43 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll

2015-07-10 11:57 - 2015-07-10 11:57 - 00070656 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll

2015-07-10 11:59 - 2015-07-10 11:59 - 00744448 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll

2012-06-09 02:36 - 2012-06-09 02:36 - 01229464 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll

2015-09-15 14:25 - 2015-09-15 14:25 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 08507384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 02354168 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 01014776 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00364536 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 02481144 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 01347064 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00206328 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 02653176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00033272 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00035832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00207352 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 11166712 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00276984 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll

2012-12-21 16:29 - 2012-12-21 16:29 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll

2012-12-21 16:29 - 2012-12-21 16:29 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll

2012-12-21 18:56 - 2012-12-21 18:56 - 00438264 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00446456 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00520696 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00720888 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll

2012-12-21 18:56 - 2012-12-21 18:56 - 00606200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll

2012-12-21 18:57 - 2012-12-21 18:57 - 00093176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll

2012-12-21 16:29 - 2012-12-21 16:29 - 00110080 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll

2015-07-23 10:59 - 2015-07-23 10:59 - 00140288 _____ () C:\Program Files (x86)\MyDrive Connect\quazip.dll

2014-09-11 17:06 - 2014-09-11 17:06 - 00878592 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00032256 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00027648 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00381952 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00204800 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00218112 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll

2014-09-11 17:08 - 2014-09-11 17:08 - 00015872 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00015360 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll

2014-09-11 17:15 - 2014-09-11 17:15 - 00307712 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll

2014-09-11 17:15 - 2014-09-11 17:15 - 00014848 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll

2014-09-11 17:15 - 2014-09-11 17:15 - 00252928 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00036352 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll

2014-09-11 17:06 - 2014-09-11 17:06 - 00038912 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll

2015-05-30 22:34 - 2011-04-18 09:46 - 00285696 _____ () C:\Program Files (x86)\Shutdown7\WPFToolkit.Extended.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 00088064 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\QtSolutions_SingleApplication-2.6.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 00011362 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\mingwm10.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 00043008 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\libgcc_s_dw2-1.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 02411520 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\QtCore4.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 09489920 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\QtGui4.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 01135616 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\QtNetwork4.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 00398336 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\QtXml4.dll

2011-06-14 14:12 - 2011-06-14 14:12 - 00179712 _____ () C:\Program Files (x86)\Philips\Configo\2.1.7.0\QtSolutions_SOAP-2.7.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 09789208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll

2013-11-25 18:10 - 2014-07-02 10:14 - 03880216 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 02738456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 02116376 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01932568 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 04326168 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll

2013-11-25 18:10 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll

2013-11-25 18:10 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll

2013-11-25 18:10 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01564952 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 05291288 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01698584 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01809688 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01627928 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01341208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01309464 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 07340824 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01286936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll

2013-11-25 18:10 - 2014-07-02 10:13 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
 

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
 
 

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
 
 

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
 
 

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
 

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com

IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com

IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com

IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info

IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com

IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net

IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net

IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com

IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com

IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com

IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com

IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com

IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz

IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net

IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com
 

Da befinden sich 4788 mehr eingeschränkte Seiten.
 

==================== Andere Bereiche ============================
 

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 

HKU\S-1-5-21-1553145624-146524218-4249679610-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Thorsten\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.178.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall ist deaktiviert.
 

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
 

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 
 

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{786F2C49-A09E-4BAA-A02F-F42E53A75627}] => (Allow) C:\Program Files (x86)\Brother\Brmfl05c\FAXRX.exe

FirewallRules: [{229E1F92-A8DC-4B5C-AAD4-A22584BA912F}] => (Allow) C:\Program Files (x86)\Brother\Brmfl05c\FAXRX.exe

FirewallRules: [{F64B86A4-C359-480A-BA9E-4707C54FBCB6}] => (Allow) LPort=54925

FirewallRules: [{4F20E569-DBBE-4CD8-A83C-A54F9145C325}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

FirewallRules: [{5B2ACB7F-D6A7-4424-875C-B6525136ED84}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

FirewallRules: [{D0E87458-DCC1-4CE8-80BD-45C240AE9525}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

FirewallRules: [{10A8E631-2B29-4EC5-898E-7754962699C4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

FirewallRules: [TCP Query User{785794A0-0720-4EFA-B2A0-47810EB921D7}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe

FirewallRules: [UDP Query User{193D045D-0530-48DA-BEA3-566EA6EC3663}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe

FirewallRules: [{26055A18-230C-4873-98EC-C081614A16A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{8172ECB3-D45B-4A53-8B37-E77ABC8EA2BB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{1DAB8DFD-332A-4277-9F11-EF8297343F04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{8B36766C-B8EB-4D5A-94EC-3B3F4F21F6F3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{BB41935E-6C0D-4F1B-9216-57B9D09E30E4}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE

FirewallRules: [{93EAE340-B1B9-4297-ADEB-16BA6C4E5889}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{C95642E6-5E90-41D3-9BAC-EC48F5BDEC3E}] => (Allow) LPort=2869

FirewallRules: [{9165F8DE-2173-43ED-8D05-A9DF9A50DB1A}] => (Allow) LPort=1900

FirewallRules: [{B048EA78-B549-42B0-81CD-6A3353025963}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

FirewallRules: [{A5C401FD-3144-46A8-9334-123FDF22CB44}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

FirewallRules: [{62E850E4-4077-4186-BD3E-02DA13B94D37}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe

FirewallRules: [{8F4321AE-EB5C-42DF-9C9A-F50A4B1EAC21}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe

FirewallRules: [{95F629B1-67CE-473A-B276-5DC56B9FB10B}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe

FirewallRules: [{39DEFA3C-C433-47FE-8117-16ECC040ABD2}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe

FirewallRules: [{94847366-37EA-44A1-B1A0-0785A1E13CCD}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{1C003368-3A32-432E-92C2-AC283616F176}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [TCP Query User{02DF6646-4F32-4FDB-8B41-E112952F2C3B}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe

FirewallRules: [UDP Query User{21041C26-C6B7-4419-88D6-32097132D404}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe

FirewallRules: [{B45459F5-71E6-41F2-92C5-5B19E265D008}] => (Block) C:\program files\openvpn\bin\openvpn.exe

FirewallRules: [{8B276753-F802-4D1A-A285-E4375C5F9FE8}] => (Block) C:\program files\openvpn\bin\openvpn.exe

FirewallRules: [TCP Query User{789C4396-8391-4A54-9938-AFF152DEDA91}C:\users\thorsten\appdata\local\temp\_istmp2.dir\_ins5576._mp] => (Allow) C:\users\thorsten\appdata\local\temp\_istmp2.dir\_ins5576._mp

FirewallRules: [UDP Query User{70A7036D-C223-4AAA-9E81-58DFCAF7CC9D}C:\users\thorsten\appdata\local\temp\_istmp2.dir\_ins5576._mp] => (Allow) C:\users\thorsten\appdata\local\temp\_istmp2.dir\_ins5576._mp

FirewallRules: [{5D8B56C0-E491-4F98-9697-269CC000A430}] => (Block) C:\users\thorsten\appdata\local\temp\_istmp2.dir\_ins5576._mp

FirewallRules: [{5DFB3188-9CB0-4A3B-A2F8-BA3DAD4444C2}] => (Block) C:\users\thorsten\appdata\local\temp\_istmp2.dir\_ins5576._mp

FirewallRules: [TCP Query User{AB63F857-1C8A-466E-8F65-F748914163E7}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe

FirewallRules: [UDP Query User{EC91B8B9-919D-4E49-A088-7FA4FEA51DE3}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe

FirewallRules: [{FC39D6BA-19A0-4B88-8402-EFE560075D54}] => (Block) C:\program files (x86)\fritz!\frifax32.exe

FirewallRules: [{9FD9E172-F7BC-4615-A637-373F54A32693}] => (Block) C:\program files (x86)\fritz!\frifax32.exe

FirewallRules: [{0617755E-D8C4-4F4C-9597-8F537E595433}] => (Allow) C:\Program Files (x86)\Brother\Brmfl05c\FAXRX.exe

FirewallRules: [{96B08EAB-1B54-4EC7-9D1A-9D8B999EE81B}] => (Allow) C:\Program Files (x86)\Brother\Brmfl05c\FAXRX.exe

FirewallRules: [{F5B095D5-77FA-4965-B18A-BF35E17D87A3}] => (Allow) LPort=54925

FirewallRules: [{5D290E12-D126-42FC-B2CD-848554077966}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{301B9949-41DE-490E-9ED3-4BAC1DD2C744}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{AB25209A-63BB-4DFA-A968-EB68D9A7B44C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{78758E49-E6E2-417A-BCCC-E6A353D4679D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{FF6900D8-79A4-419A-9BA7-C75EA0F0F502}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

FirewallRules: [{3B8BA473-E80B-4FD4-A3B7-B413E50B5E21}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

FirewallRules: [{C6233F94-1062-430F-895A-5CA18DEEF678}] => (Allow) LPort=4481

FirewallRules: [{570512E3-84BB-4508-B778-E1505D2F065C}] => (Allow) LPort=4481

FirewallRules: [{EDBB8581-F206-4A42-9904-F58A0AC486F8}] => (Allow) LPort=4482

FirewallRules: [{6ABF50B2-08F5-4E67-B061-177A41E77D26}] => (Allow) LPort=4482

FirewallRules: [{0157406D-42A6-4909-875D-AA6CB4DE38A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{D7324AEC-24F1-4651-8DA7-DA138E370187}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{5A32BF07-57E0-4A22-9F1C-D646B5A6A322}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{F001E7B5-A5A1-4257-AFDF-1B731C467881}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{B8FE8193-13D4-490C-ABA2-65C67B4712D8}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{8F5FB7E4-0FD2-4156-839C-DF4CDCE7D2C1}] => (Allow) C:\Users\Thorsten\AppData\Roaming\Steganos\OkayFreedom\Proxy\node.exe
 

==================== Fehlerhafte Geräte im Gerätemanager =============
 
 

==================== Fehlereinträge in der Ereignisanzeige: =========================
 

Applikationsfehler:

==================

Error: (10/03/2015 02:55:56 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/03/2015 11:35:44 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80004005
 

Error: (10/03/2015 10:05:53 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80004005
 

Error: (10/03/2015 08:07:54 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80004005
 

Error: (10/03/2015 07:42:51 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/02/2015 07:57:37 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 

Error: (10/02/2015 07:51:50 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 

Error: (10/01/2015 10:03:52 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 

Error: (10/01/2015 10:01:57 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 

Error: (10/01/2015 10:01:57 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
 

Systemfehler:

=============

Error: (10/03/2015 02:54:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "LiveUpdate" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (10/03/2015 02:54:10 PM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.
 

Error: (10/03/2015 02:54:05 PM) (Source: amdkmdag) (EventID: 10270) (User: )

Description: EDID contain an error in the RangeLimit field
 

Error: (10/03/2015 07:41:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "LiveUpdate" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (10/03/2015 07:41:05 AM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.
 

Error: (10/03/2015 07:41:00 AM) (Source: amdkmdag) (EventID: 10270) (User: )

Description: EDID contain an error in the RangeLimit field
 

Error: (10/01/2015 10:18:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 

Error: (10/01/2015 10:18:01 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Thorsten\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 

Error: (10/01/2015 10:18:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 

Error: (10/01/2015 10:18:00 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Thorsten\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 
 

CodeIntegrity:

===================================

  Date: 2015-09-28 22:35:10.318

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-09-28 22:35:10.245

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-09-28 10:27:47.959

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-28 09:59:26.688

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-24 18:47:54.759

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-24 17:53:42.967

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-24 17:41:33.107

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-24 13:28:05.872

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-18 22:16:02.085

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-09-18 13:26:08.216

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Speicherinformationen =========================== 
 

Prozessor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz

Prozentuale Nutzung des RAM: 32%

Installierter physikalischer RAM: 8190.49 MB

Verfügbarer physikalischer RAM: 5530.79 MB

Summe virtueller Speicher: 16379.19 MB

Verfügbarer virtueller Speicher: 13196.75 MB
 

==================== Laufwerke ================================
 

Drive c: () (Fixed) (Total:111.69 GB) (Free:11.18 GB) NTFS

Drive e: (Daten01) (Fixed) (Total:2794.39 GB) (Free:1814.89 GB) NTFS

Drive f: (Daten02) (Fixed) (Total:931.51 GB) (Free:703.12 GB) NTFS

Drive g: () (Removable) (Total:3.76 GB) (Free:0.53 GB) FAT32

Drive r: (USB3-2TB) (Fixed) (Total:1863.01 GB) (Free:1046.65 GB) NTFS
 

==================== MBR & Partitionstabelle ==================
 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0DF7472A)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)
 

Partition: GPT.
 

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: A22EF57C)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 

========================================================

Disk: 3 (Size: 3.8 GB) (Disk ID: 009AD014)

Partition 1: (Active) - (Size=3.8 GB) - (Type=0C)
 

========================================================

Disk: 4 (Size: 1863 GB) (Disk ID: 004534CC)

Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 

==================== Ende von Addition.txt ============================

Gruß,
Thorsten

schrauber

04.10.2015 07:08

Merkwürdig.....

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

CloseProcesses:

AutoConfigURL: [S-1-5-21-1553145624-146524218-4249679610-1001] => hxxp://127.0.0.1:8445/okf.pac

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Frisches FRST log bitte.

Alle Zeitangaben in WEZ +1. Es ist jetzt 11:23 Uhr.

Seite 1 von 2

100 Beiträge dieses Themas auf einer Seite anzeigen

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20