Guten Abend,
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=77f7ebda67c6c147bb255f93538dc2b1
# engine=22150
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-26 04:58:21
# local_time=2015-01-26 05:58:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 100 100 1135160 172953997 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 24027878 173921351 0 0
# scanned=215352
# found=5
# cleaned=0
# scan_time=8402
sh=936D11B1591C5C6E89DFB2879E55FF431CDE335D ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcncaoffbiidiffcekjjdkkejjlmajn\1\51532c2095f442.93992819.js.vir"
sh=66B8931499961ADAB2ADD4681899C9037A917521 ft=1 fh=dbe6cb6584177c41 vn="Variante von Win32/InstallBrain.X evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Uninstall Information\Ib\97\3867\ib_uninstall.exe"
sh=0A081843E0C13FFE78CE8EF191DECD715F555D43 ft=1 fh=f0ffcfbe79f9b060 vn="Variante von Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{A788D49B-91AD-4FAC-AD47-D98F7C6BF66D}\Custom.dll"
sh=0A081843E0C13FFE78CE8EF191DECD715F555D43 ft=1 fh=f0ffcfbe79f9b060 vn="Variante von Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{A788D49B-91AD-4FAC-AD47-D98F7C6BF66D}\Custom.dll"
sh=76699E5F910F23AB6FB164481C904E9156A90F65 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\614a6516-1ac363f1"
ich schicke das schon mal ab. Danach kommen die anderen beiden.
Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Norton 360
WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.10004)
Java 8 Update 31
Java version 32-bit out of Date!
Adobe Reader XI
Mozilla Firefox (35.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Claudia (administrator) on SCHNECKE123 on 26-01-2015 18:09:18
Running from C:\Users\Claudia\Downloads
Loaded Profiles: Claudia (Available profiles: Claudia & Erwin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\Claudia\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Claudia\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11619432 2010-11-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2185832 2010-11-26] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1025616 2010-12-09] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-10-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2010-12-09] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-10-13] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3594590940-844603111-975035037-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3594590940-844603111-975035037-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3594590940-844603111-975035037-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2011-11-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 2620 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 2620 series.lnk -> C:\Program Files\HP\HP Officejet 2620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.3.1.22
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.3.1.22
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.3.1.22
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.3.1.22
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-3594590940-844603111-975035037-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
HKU\S-1-5-21-3594590940-844603111-975035037-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-3594590940-844603111-975035037-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3594590940-844603111-975035037-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3594590940-844603111-975035037-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\ktfjeqoh.default
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\coFFPlgn [2015-01-26]
Chrome:
=======
CHR Profile: C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Identity Protection) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-04-22]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 Browser7Maintenance; "C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\IPSDefs\20150123.001\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20150125.032\ENG64.SYS [129752 2015-01-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20150125.032\EX64.SYS [2137304 2015-01-21] (Symantec Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-26 18:09 - 2015-01-26 18:09 - 02129920 _____ (Farbar) C:\Users\Claudia\Downloads\FRST64(1).exe
2015-01-26 18:04 - 2015-01-26 18:04 - 00852504 _____ () C:\Users\Claudia\Downloads\SecurityCheck.exe
2015-01-26 15:34 - 2015-01-26 15:34 - 02347384 _____ (ESET) C:\Users\Claudia\Downloads\esetsmartinstaller_deu.exe
2015-01-25 14:57 - 2015-01-25 14:58 - 02129920 _____ (Farbar) C:\Users\Claudia\Downloads\FRST64.exe
2015-01-25 14:51 - 2015-01-25 14:51 - 00000000 ____D () C:\Windows\ERUNT
2015-01-25 14:50 - 2015-01-25 14:50 - 01707939 _____ (Thisisu) C:\Users\Claudia\Downloads\JRT.exe
2015-01-25 14:40 - 2015-01-25 14:43 - 00000000 ____D () C:\AdwCleaner
2015-01-25 14:39 - 2015-01-25 14:40 - 02194432 _____ () C:\Users\Claudia\Downloads\AdwCleaner_4.109.exe
2015-01-25 13:53 - 2015-01-26 16:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 13:53 - 2015-01-25 13:53 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-25 13:53 - 2015-01-25 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-25 13:53 - 2015-01-25 13:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-25 13:53 - 2015-01-25 13:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-25 13:53 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-25 13:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-25 13:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-25 13:51 - 2015-01-25 13:52 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Claudia\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-25 13:45 - 2015-01-25 13:45 - 00001268 _____ () C:\Users\Claudia\Desktop\Revo Uninstaller.lnk
2015-01-25 13:45 - 2015-01-25 13:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-25 13:43 - 2015-01-25 13:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Claudia\Downloads\revosetup95.exe
2015-01-24 18:36 - 2015-01-24 18:36 - 00000000 ____D () C:\Users\Public\Documents\sun
2015-01-24 18:30 - 2015-01-24 18:30 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-24 18:30 - 2015-01-24 18:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-24 18:30 - 2015-01-24 18:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-24 18:30 - 2015-01-24 18:30 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-24 18:30 - 2015-01-24 18:30 - 00000000 ____D () C:\Program Files\Java
2015-01-24 18:01 - 2015-01-24 18:01 - 00000964 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-01-24 18:01 - 2015-01-24 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-01-24 17:03 - 2015-01-24 17:03 - 00000000 ____D () C:\Users\Claudia\AppData\Local\calibre-cache
2015-01-24 16:58 - 2015-01-24 16:59 - 63836160 _____ () C:\Users\Claudia\Downloads\calibre-2.17.0.msi
2015-01-24 16:31 - 2015-01-24 16:34 - 00028676 _____ () C:\Users\Claudia\Downloads\Addition.txt
2015-01-24 16:30 - 2015-01-26 18:09 - 00024887 _____ () C:\Users\Claudia\Downloads\FRST.txt
2015-01-24 16:23 - 2015-01-24 16:24 - 00000000 ____D () C:\Users\Claudia\AppData\Local\Mozilla
2015-01-23 21:18 - 2015-01-23 21:18 - 00001468 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2015-01-23 21:18 - 2015-01-23 21:18 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2015-01-23 21:16 - 2015-01-23 21:18 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2015-01-23 21:14 - 2015-01-23 21:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Apple Computer
2015-01-23 21:14 - 2015-01-23 21:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Apple Computer
2015-01-23 21:08 - 2015-01-24 18:49 - 00021652 _____ () C:\Windows\SecuniaPackage.log
2015-01-23 20:58 - 2015-01-23 20:57 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-23 20:57 - 2015-01-23 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-23 20:57 - 2015-01-23 21:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-23 20:55 - 2015-01-23 20:55 - 00639912 _____ (Oracle Corporation) C:\Users\Erwin\Downloads\jxpiinstall.exe
2015-01-23 20:30 - 2015-01-23 20:30 - 00001849 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-01-23 20:30 - 2015-01-23 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-23 20:30 - 2015-01-23 20:30 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-23 20:28 - 2015-01-23 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-23 20:28 - 2015-01-23 20:28 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-23 20:27 - 2015-01-23 20:28 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-23 20:27 - 2015-01-23 20:28 - 00000000 ____D () C:\Program Files\iTunes
2015-01-23 20:27 - 2015-01-23 20:28 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-23 20:27 - 2015-01-23 20:27 - 00000000 ____D () C:\Program Files\iPod
2015-01-23 19:26 - 2015-01-23 19:26 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-01-23 19:26 - 2015-01-23 19:26 - 00000000 ____D () C:\Users\Claudia\AppData\Local\Secunia PSI
2015-01-23 19:26 - 2015-01-23 19:26 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-01-23 19:25 - 2015-01-23 19:25 - 05490752 _____ (Secunia) C:\Users\Erwin\Downloads\PSISetup10004.exe
2015-01-23 18:55 - 2015-01-23 18:56 - 00243728 _____ () C:\Users\Erwin\Downloads\Firefox Setup Stub 35.0.exe
2015-01-22 19:12 - 2015-01-22 19:14 - 00024304 _____ () C:\Users\Erwin\Downloads\Addition.txt
2015-01-22 19:11 - 2015-01-22 19:20 - 00027646 _____ () C:\Users\Erwin\Downloads\FRST.txt
2015-01-22 19:10 - 2015-01-26 18:09 - 00000000 ____D () C:\FRST
2015-01-22 19:04 - 2015-01-22 19:05 - 02126848 _____ (Farbar) C:\Users\Erwin\Downloads\FRST64.exe
2015-01-14 17:52 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 17:52 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 17:52 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 17:52 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 17:52 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 17:52 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 17:51 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 17:51 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 17:51 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 17:51 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 17:51 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 17:51 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 17:51 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-12-29 16:23 - 2014-12-29 16:23 - 00001162 _____ () C:\Users\Claudia\Downloads\Leather_Des-Teufels-Plan_9783641112271.acsm
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-26 15:33 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 15:33 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 15:30 - 2011-05-17 09:55 - 01925652 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 15:26 - 2011-07-03 19:23 - 00000000 ____D () C:\ProgramData\clear.fi
2015-01-26 15:26 - 2010-12-10 20:09 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-26 15:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 15:25 - 2009-07-14 05:51 - 00150723 _____ () C:\Windows\setupact.log
2015-01-25 14:45 - 2011-05-17 09:51 - 01295952 _____ () C:\Windows\PFRO.log
2015-01-25 13:40 - 2013-03-20 20:42 - 00000095 _____ () C:\Users\Erwin\.accessibility.properties
2015-01-25 13:40 - 2011-07-03 12:12 - 00000000 ____D () C:\Users\Erwin
2015-01-24 19:07 - 2013-05-05 08:12 - 00000000 ____D () C:\Users\Claudia\AppData\Local\NPE
2015-01-24 19:04 - 2012-01-05 19:05 - 00000000 ____D () C:\Users\Erwin\Documents\My Digital Editions
2015-01-24 18:53 - 2011-12-27 17:27 - 00000000 ____D () C:\Users\Claudia\Documents\My Digital Editions
2015-01-24 18:52 - 2010-12-10 20:23 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-24 18:08 - 2011-05-17 19:45 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-01-24 18:08 - 2011-05-17 19:45 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-01-24 18:08 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-24 18:07 - 2013-03-27 16:54 - 00000000 ____D () C:\Users\Claudia\Documents\Calibre Bibliothek
2015-01-24 18:01 - 2013-03-27 16:53 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2015-01-24 17:32 - 2011-07-03 12:12 - 00125696 _____ () C:\Users\Erwin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-24 16:55 - 2011-07-04 18:09 - 00000000 ___RD () C:\Users\Claudia\Desktop\Diverses
2015-01-24 16:23 - 2011-07-03 19:17 - 00125696 _____ () C:\Users\Claudia\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-24 16:22 - 2009-07-14 05:45 - 00468392 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-23 21:27 - 2011-07-11 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-23 21:27 - 2011-07-03 12:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-23 21:05 - 2014-12-15 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-23 20:57 - 2013-01-28 18:55 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-23 20:47 - 2013-03-15 15:51 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4.0
2015-01-23 20:27 - 2014-06-06 14:39 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-23 20:27 - 2011-08-06 14:00 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-23 18:58 - 2014-12-15 19:00 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-23 18:58 - 2014-12-15 19:00 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-23 18:58 - 2013-03-27 18:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-22 18:59 - 2011-08-06 17:12 - 00000000 ____D () C:\Users\Erwin\Documents\Ausgaben_Haus
2015-01-19 18:38 - 2011-07-03 12:56 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 19:00 - 2013-08-18 13:39 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 18:15 - 2011-11-22 20:18 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-09 18:39 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-05 17:45 - 2010-12-10 20:04 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
2015-01-03 01:08 - 2012-03-09 23:11 - 00000000 ____D () C:\Users\Erwin\AppData\Local\CrashDumps
2014-12-29 16:47 - 2010-12-10 20:22 - 00000000 ____D () C:\Program Files (x86)\EgisTec IPS
==================== Files in the root of some directories =======
2012-04-04 11:01 - 2012-04-04 11:01 - 0013734 _____ () C:\Users\Claudia\AppData\Roaming\UserTile.png
2013-03-15 16:30 - 2013-03-15 16:30 - 0007667 _____ () C:\Users\Claudia\AppData\Local\Resmon.ResmonCfg
2014-03-11 15:27 - 2014-03-11 15:27 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-05-17 10:20 - 2011-05-17 10:25 - 0016243 _____ () C:\ProgramData\ArcadeDeluxe5.log
2010-12-10 20:09 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2011-07-26 13:12 - 2014-03-11 15:21 - 0009094 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Claudia\AppData\Local\Temp\Quarantine.exe
C:\Users\Claudia\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-07 14:21
==================== End Of Log ============================
--- --- ---
--- --- ---
So, lieber schrauber, alles fertig.
:bussi: