Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 27.01.2015, 20:25   #1
mayer
 
Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste - Standard

Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste



Hallo

ich brauche mal wieder Euren fachmännischen Rat und evtl. Eure geschätzte Hilfe:

Mein PC stürzte heute mehrfach ab mit Bluescreen "Driver equal...".
Systemwiederherstellung brachte nicht die gewünschte Wiederherstellung.
Auffällig ist seitdem:
+ eine hohe CPU-Tätigkeit ohne dass eigentlich gearbeitet wird (30-50%), ebenso eine Auslastung des Arbeitsspeichers von fast 6GB ohne großartige Tätigkeit
+ verantwortlich dafür zig Explorer.exe-Prozesse teils in GB-Größe ebenso viele svhost-Dienste/Prozesse
+ dann wollte ich Malwarebytes laufen lassen: keine Reaktion. Programm startet nicht mehr, Deinstallation, dann lässt es sich zwar downloaden, aber nicht mehr installieren (ohne Fehlermeldung); ebenso Euer MBAM Clean Tool, lässt sich nicht installieren.

"IRGENDWAS" scheint das System zu blocken und zu missbrauchen.
Kennt Ihr die Symptome und gibt´s eine Lösung?

Herzlichen Dank für etwaige Tipps.


Nachfolgend schon mal FRST Log

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by michl (administrator) on MICHL-PC on 27-01-2015 20:12:18
Running from F:\FIX SCHUTZ
Loaded Profiles: michl (Available profiles: michl)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rps.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() D:\radio streams\Tobit Radio.fx\Server\rfx-server.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360sd.exe
(Tobit.Software) D:\radio streams\Tobit Radio.fx\Client\rfx-tray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(LG Electronics) C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rp.exe
() C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe
(TODO: <Company name>) C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\SmartHookTestApp.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [377640 2009-05-15] (Acronis)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2774936 2014-05-13] (Crawler.com)
HKLM\...\Run: [360sd] => C:\PROGRAM FILES\360\360 INTERNET SECURITY\360sdrun.exe [287560 2014-04-16] (Qihu 360 Software Co., Ltd.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4393112 2009-05-15] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [962640 2009-05-15] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [rfxsrvtray] => d:\Radio Streams\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\MountPoints2: E - E:\setup.exe /AUTORUN
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\MountPoints2: {73b8dbca-35ab-11e1-b6f0-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dual Package.lnk
ShortcutTarget: Dual Package.lnk -> C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe (LG Electronics)
Startup: C:\Users\michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files\360\360 Internet Security\safemon\safemon64.dll (Qihu 360 Software Co., Ltd.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} ->  No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2836387523-2242442364-2255310912-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Avira Browser Safety - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\abs@avira.com [2014-11-05]
FF Extension: Snap.Do  - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{444cfd05-5764-4bc4-8e89-417723e7621f} [2013-07-11]
FF Extension: DownloadHelper - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-06-12]
FF Extension: Flash and Video Download - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-08-05]
FF Extension: printpdf - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\printpdf@pavlov.net.xpi [2014-03-10]
FF Extension: DownThemAll! - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-09-01]
FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com
FF Extension: No Name - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com [Not Found]

Chrome: 
=======
CHR Profile: C:\Users\michl\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 360rp; C:\PROGRAM FILES\360\360 INTERNET SECURITY\360rps.exe [310352 2014-04-16] (Qihu 360 Software Co., Ltd.)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations) [File not signed]
R2 ClickToRunSvc; C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\OFFICECLICKTORUN.EXE [2449592 2014-11-12] (Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 Radio.fx; d:\Radio Streams\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\RpcAgentSrv.exe [71832 2008-10-02] (SiSoftware) [File not signed]
S3 scan; C:\PROGRAM FILES\360\360 INTERNET SECURITY\scan.dll [420424 2014-04-25] (S.C. BitDefender S.R.L)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1146304 2014-05-13] (Crawler.com)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZhuDongFangYu; C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe [236360 2014-04-23] (Qihu 360 Software Co., Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [97872 2014-04-21] (Qihu 360 Software Co., Ltd.)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [67664 2014-04-23] (Qihu 360 Software Co., Ltd.)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305744 2014-04-29] (Qihu 360 Software Co., Ltd.)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [41552 2014-04-29] (Qihu 360 Software Co., Ltd.)
R1 360fsflt; C:\Windows\System32\DRIVERS\360FsFlt.sys [304208 2014-05-07] (Qihu 360 Software Co., Ltd.)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-01] (Wondershare)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2014-04-18] (Qihu 360 Software Co., Ltd.)
S3 LGDDCDevice; C:\Windows\SysWOW64\LGI2CDriver.sys [16384 2010-08-04] (LG Soft India) [File not signed]
S3 LGII2CDevice; C:\Windows\SysWOW64\LGPII2CDriver.sys [19968 2011-02-11] () [File not signed]
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-02-04] (Windows (R) Win 7 DDK provider)
R0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [1462304 2012-01-18] (Acronis)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-09-03] (Wondershare)
S3 SANDRA; \??\C:\PROGRAM FILES\SISOFTWARE\SISOFTWARE SANDRA LITE 2013.SP4\WNT500X64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 19:34 - 2015-01-27 19:41 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-01-27 19:34 - 2015-01-27 19:34 - 00000000 ____D () C:\Users\michl\AppData\Local\SecTaskMan
2015-01-27 17:49 - 2015-01-27 17:49 - 01233116 _____ () C:\Windows\system32\CFG1825226089
2015-01-27 15:03 - 2015-01-27 19:12 - 00000000 ____D () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-01-27 13:04 - 2015-01-27 13:04 - 00000000 ____D () C:\Users\michl\AppData\Local\{1EC9D653-8571-4EFF-B1BB-065BC6A64CCA}
2015-01-27 01:04 - 2015-01-27 01:04 - 00000000 ____D () C:\Users\michl\AppData\Local\{76574F3D-BA67-4C0A-A757-3ACB490F3E46}
2015-01-26 13:03 - 2015-01-26 13:03 - 00000000 ____D () C:\Users\michl\AppData\Local\{B4D20EAA-6BE4-40A9-9E00-1097DE3C4364}
2015-01-25 23:52 - 2015-01-25 23:52 - 00000000 ____D () C:\Users\michl\Documents\OneNote-Notizbücher
2015-01-25 15:27 - 2015-01-25 15:27 - 00000000 ____D () C:\Users\michl\AppData\Local\{C5286E2C-C3DD-48DC-ABF5-753E83D0E805}
2015-01-24 18:47 - 2015-01-24 18:47 - 00000000 ____D () C:\Users\michl\AppData\Local\{89C399CC-7CD0-47FF-B074-B40CED9DB21F}
2015-01-23 13:12 - 2015-01-23 13:12 - 00000000 ____D () C:\Users\michl\AppData\Local\{78F7CAC5-C179-437C-A0C8-7E258217521F}
2015-01-23 00:40 - 2015-01-23 00:40 - 00000000 ____D () C:\Users\michl\AppData\Local\{79214486-8019-4526-ADD4-C8D41BB7C0E6}
2015-01-22 10:01 - 2015-01-22 10:01 - 00000000 ____D () C:\Users\michl\AppData\Local\{7AA8571B-66CE-459E-B3CF-8547D3F5C038}
2015-01-21 14:10 - 2015-01-21 14:10 - 00000000 ____D () C:\Users\michl\AppData\Local\{72682D33-30DE-45CB-95F0-3F0A6206D74C}
2015-01-21 02:09 - 2015-01-21 02:09 - 00000000 ____D () C:\Users\michl\AppData\Local\{B06864F7-55BD-46C4-8269-0E8759CCC81B}
2015-01-20 14:08 - 2015-01-20 14:09 - 00000000 ____D () C:\Users\michl\AppData\Local\{DB2480CB-2EFB-42F6-8335-E4392EC42861}
2015-01-20 02:08 - 2015-01-20 02:08 - 00000000 ____D () C:\Users\michl\AppData\Local\{F50EBD7C-6D98-4C70-A381-59DE45BEDB7F}
2015-01-19 14:07 - 2015-01-19 14:07 - 00000000 ____D () C:\Users\michl\AppData\Local\{52ADD48E-C094-4E89-A3C0-6EFCF151B3DB}
2015-01-18 22:37 - 2015-01-18 22:38 - 00000000 ____D () C:\Users\michl\AppData\Local\{3E6A9985-7C11-4789-88E5-F7EA8C379E3A}
2015-01-17 02:58 - 2015-01-17 02:58 - 00000000 ____D () C:\Users\michl\AppData\Local\{EB2A09AA-271A-41E5-9688-7264EB638E9D}
2015-01-17 01:32 - 2015-01-17 01:32 - 01186995 _____ () C:\Users\michl\Downloads\retro-frames.zip
2015-01-16 14:17 - 2015-01-16 14:17 - 00000000 ____D () C:\Users\michl\AppData\Local\{461EA139-1C80-4D58-B8D4-FFA8133EFCE1}
2015-01-16 00:11 - 2015-01-16 00:11 - 00000000 ____D () C:\Users\michl\AppData\Local\{201EA74E-289A-4779-9EAC-42D25811D08A}
2015-01-15 12:10 - 2015-01-15 12:10 - 00000000 ____D () C:\Users\michl\AppData\Local\{ADFA7D86-C977-4AE4-8006-5647BEE1DA90}
2015-01-15 00:09 - 2015-01-15 00:10 - 00000000 ____D () C:\Users\michl\AppData\Local\{1251B94C-785E-4A8E-8EB0-8C20479E64AD}
2015-01-14 12:13 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:13 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:13 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:13 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:13 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:13 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:13 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:13 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:13 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:13 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:13 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:13 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:13 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 12:09 - 2015-01-14 12:09 - 00000000 ____D () C:\Users\michl\AppData\Local\{70685963-37C2-4A4B-86DD-8F1B98812DA9}
2015-01-13 15:50 - 2015-01-13 15:50 - 00000000 ____D () C:\Users\michl\AppData\Local\{C73287A1-9827-4439-BEB9-3CABF49EEF1B}
2015-01-13 13:25 - 2015-01-13 13:25 - 00000356 _____ () C:\Users\michl\Desktop\Startpage Web Suchen.website
2015-01-13 13:25 - 2015-01-13 13:25 - 00000350 _____ () C:\Users\michl\Desktop\Qwant.website
2015-01-12 11:40 - 2015-01-12 11:40 - 00000000 ____D () C:\Users\michl\AppData\Local\{DEF0A906-DCF2-4A93-A23D-D05AC41D3CA0}
2015-01-11 13:40 - 2015-01-11 13:40 - 00000000 ____D () C:\Users\michl\AppData\Local\{C2D5863C-A276-4C58-B2F6-42BDF5221744}
2015-01-10 16:46 - 2015-01-10 16:46 - 00000000 ____D () C:\Users\michl\AppData\Local\{999CF59E-732B-4C10-B096-E1BAE4D2CDD9}
2015-01-09 16:23 - 2015-01-09 16:23 - 00000000 ____D () C:\Users\michl\AppData\Local\{18ACD4CE-745B-4574-B47A-4B3B9D97F592}
2015-01-08 11:16 - 2015-01-08 11:16 - 00000000 ____D () C:\Users\michl\AppData\Local\{3908BE42-B47E-4B78-A29E-F93481B528D8}
2015-01-07 12:27 - 2015-01-07 12:27 - 00000000 ____D () C:\Users\michl\AppData\Local\{D8317690-0E4B-4CB2-989A-7FE2762B6F41}
2015-01-06 14:35 - 2015-01-06 14:36 - 00000000 ____D () C:\Users\michl\AppData\Local\{43F1DC67-E07F-4DD1-B40C-4A46CFD25A1B}
2015-01-05 13:41 - 2015-01-05 13:41 - 00000000 ____D () C:\Users\michl\AppData\Local\{549E4629-4375-4B25-9F66-617A9F221D5A}
2015-01-04 13:28 - 2015-01-04 13:28 - 00000000 ____D () C:\Users\michl\AppData\Local\{920D33C0-A2BF-4C05-9999-278302552EA9}
2015-01-03 15:21 - 2015-01-03 15:21 - 00000000 ____D () C:\Neuer Ordner 1
2015-01-03 15:17 - 2015-01-03 15:17 - 00000000 ____D () C:\ProgramData\LAUNCHER
2015-01-03 15:11 - 2015-01-03 15:11 - 00000000 ____D () C:\ProgramData\RMBWIZARD
2015-01-03 15:09 - 2015-01-03 15:09 - 00002507 _____ () C:\Users\michl\Desktop\Paragon Backup and Recovery™ 2014 Free.lnk
2015-01-03 15:09 - 2015-01-03 15:09 - 00002339 _____ () C:\Users\michl\Desktop\Paragon Recovery Media Builder™.lnk
2015-01-03 15:09 - 2015-01-03 15:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf
2015-01-03 15:09 - 2015-01-03 15:09 - 00000000 ____D () C:\Users\michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 2014 Free
2015-01-03 15:08 - 2015-01-03 15:08 - 00000000 ____D () C:\Program Files\Paragon Software
2015-01-03 15:06 - 2015-01-03 15:06 - 00000000 ____D () C:\ProgramData\explauncher
2015-01-03 13:29 - 2015-01-03 13:29 - 00000000 ____D () C:\Users\michl\AppData\Roaming\zebNet
2015-01-03 13:28 - 2015-01-03 13:28 - 00001239 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\zebNet® Backup for Live Mail Free Edition.lnk
2015-01-03 13:28 - 2015-01-03 13:28 - 00001227 _____ () C:\Users\Public\Desktop\zebNet® Backup for Live Mail Free Edition.lnk
2015-01-03 13:28 - 2015-01-03 13:28 - 00000000 ____D () C:\Program Files\zebNet
2015-01-03 13:27 - 2015-01-27 19:23 - 00000000 __SHD () C:\360Rec
2015-01-03 13:00 - 2015-01-03 13:01 - 00000000 ____D () C:\Users\michl\AppData\Local\{9CBA7F02-D074-45BA-81E2-6BFF11CA0AE0}
2015-01-02 19:31 - 2015-01-03 14:50 - 00000586 _____ () C:\Users\michl\Desktop\Paragon Backup & Recovery 2014 Free Edition - Download - COMPUTER BILD.website
2015-01-02 19:31 - 2015-01-03 14:47 - 00000754 _____ () C:\Users\michl\Desktop\Übersicht Die beste Backup-Freeware - NETZWELT.website
2015-01-02 19:30 - 2015-01-02 19:30 - 00000452 _____ () C:\Users\michl\Desktop\FreeFileSync Verzeichnisse synchronisieren - NETZWELT.website
2015-01-02 15:16 - 2015-01-02 15:16 - 00000000 ____D () C:\Users\michl\AppData\Local\{F4F21EF0-3F5E-4707-865D-FDB485F51FA0}
2015-01-01 16:55 - 2015-01-01 16:55 - 00000000 ____D () C:\Users\michl\AppData\Local\{1729C4BB-B0C7-4B34-B766-1DA6A21EF08B}
2014-12-31 16:03 - 2014-12-31 16:03 - 00000000 ____D () C:\Users\michl\AppData\Local\{B060A75E-C08D-4273-9D5B-17C8F61D67E5}
2014-12-30 23:47 - 2014-12-30 23:47 - 00000863 _____ () C:\Users\michl\Desktop\MediathekView - Download TV-Sender.lnk
2014-12-30 16:59 - 2014-12-30 16:59 - 00000000 ____D () C:\Users\michl\AppData\Local\{AFBB72BB-93DA-4B0A-924B-B2542CC79861}
2014-12-30 01:48 - 2014-12-30 01:48 - 00000000 ____D () C:\Users\michl\AppData\Local\{89D58324-68FF-448C-BACA-03B537E04DFC}
2014-12-29 10:50 - 2014-12-29 10:50 - 00000000 ____D () C:\Users\michl\AppData\Local\{B77BD829-0130-4039-966C-8AFB364B651A}
2014-12-28 13:09 - 2014-12-28 13:09 - 00000000 ____D () C:\Users\michl\AppData\Local\{A0EAEFA9-A40F-499D-ABDA-73A7C26506E8}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 20:12 - 2014-10-27 14:50 - 00000000 ____D () C:\FRST
2015-01-27 19:51 - 2014-11-14 17:38 - 00000000 ____D () C:\Users\michl\AppData\Roaming\360safe
2015-01-27 19:48 - 2012-01-18 13:44 - 00007680 _____ () C:\Users\michl\AppData\Local\resmon.resmoncfg
2015-01-27 19:42 - 2014-04-16 00:58 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-27 19:25 - 2013-03-14 11:50 - 00000000 ____D () C:\Windows\Minidump
2015-01-27 19:18 - 2014-11-14 17:34 - 01779773 ____N () C:\Windows\WindowsUpdate.log
2015-01-27 18:17 - 2013-06-25 07:14 - 00000863 _____ () C:\Users\michl\Desktop\Abendzeitung München.website
2015-01-27 17:01 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 17:01 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 16:58 - 2011-04-12 08:43 - 00717444 _____ () C:\Windows\system32\perfh007.dat
2015-01-27 16:58 - 2011-04-12 08:43 - 00155004 _____ () C:\Windows\system32\perfc007.dat
2015-01-27 16:58 - 2009-07-14 06:13 - 01656676 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 16:54 - 2014-04-16 00:58 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 16:54 - 2013-02-04 02:04 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2015-01-27 16:54 - 2012-01-18 15:55 - 00000000 ____D () C:\Users\michl\AppData\Roaming\vlc
2015-01-27 16:54 - 2012-01-18 14:33 - 00000000 ____D () C:\Users\michl\AppData\Roaming\Winamp
2015-01-27 16:54 - 2012-01-03 02:52 - 00000000 ____D () C:\Users\michl
2015-01-27 16:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 16:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-27 16:53 - 2014-07-23 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-27 16:53 - 2014-07-23 12:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-27 16:53 - 2014-05-22 22:36 - 00000000 ____D () C:\ProgramData\Protexis64
2015-01-27 16:53 - 2013-02-04 02:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-27 16:53 - 2012-01-13 23:18 - 00000000 ____D () C:\ProgramData\InstallShield
2015-01-27 16:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-27 16:06 - 2013-10-17 22:30 - 14028800 _____ () C:\Users\michl\AppData\Roaming\Sandra.mdb
2015-01-27 15:25 - 2014-11-17 11:31 - 00000684 _____ () C:\Users\michl\Desktop\Anti-Botnet-Beratungszentrum Säubern.website
2015-01-27 15:08 - 2014-10-26 01:06 - 00000000 ___HD () C:\Users\michl\AppData\Roaming\1A828502
2015-01-27 09:50 - 2013-05-22 23:24 - 00000000 ____D () C:\Users\michl\Documents\Benutzerdefinierte Office-Vorlagen
2015-01-27 09:50 - 2013-02-04 14:31 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-01-27 00:37 - 2013-02-07 14:09 - 00000493 _____ () C:\Users\michl\Desktop\Wortschatz.website
2015-01-26 15:51 - 2012-01-16 17:19 - 00097004 _____ () C:\Users\michl\Desktop\offene2+++.txt
2015-01-26 14:18 - 2013-03-08 17:28 - 00000000 ____D () C:\Users\michl\AppData\Local\CrashDumps
2015-01-26 02:00 - 2014-11-14 17:38 - 00000000 ____D () C:\ProgramData\360SD
2015-01-26 01:06 - 2014-08-24 17:11 - 00000559 _____ () C:\Users\michl\Desktop\freisteller  clipping Magic 
2015-01-25 16:24 - 2013-02-04 15:11 - 00000000 ____D () C:\Users\michl\AppData\Roaming\Media Player Classic
2015-01-25 16:23 - 2013-11-11 23:52 - 00000514 _____ () C:\Users\michl\Desktop\Zattoo -webTV.website
2015-01-23 16:15 - 2014-12-02 01:22 - 00000547 _____ () C:\Users\michl\Desktop\Polizeiruf Rostock - Bukow 02 (2010) - Aquarius (312) - YouTube.website
2015-01-21 16:10 - 2014-11-12 07:32 - 00005136 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for michl-PC-michl michl-PC
2015-01-21 15:00 - 2013-02-04 18:15 - 00000186 _____ () C:\Users\michl\Desktop\Übersetzungen.url
2015-01-21 14:01 - 2009-07-14 05:45 - 07993328 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-21 02:26 - 2013-02-14 01:18 - 00460440 _____ () C:\Windows\FontData.fdb
2015-01-21 02:26 - 2012-01-03 03:14 - 00835400 _____ () C:\Users\michl\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-21 01:36 - 2014-11-25 02:40 - 00000595 _____ () C:\Users\michl\Desktop\CorelDRAW X6 Praxis - Falzprospekt  Corel-Tutorials.de.website
2015-01-18 11:37 - 2014-02-15 10:43 - 00000000 ____D () C:\Users\michl\.mediathek3
2015-01-16 15:25 - 2012-01-18 14:12 - 00000000 ____D () C:\Users\michl\AppData\Roaming\FileZilla
2015-01-15 14:02 - 2009-07-14 03:34 - 00000448 _____ () C:\Windows\win.ini
2015-01-14 13:02 - 2013-07-24 00:30 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 13:00 - 2013-02-05 19:19 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 14:05 - 2014-07-23 12:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 15:07 - 2014-05-27 10:34 - 00000000 ____D () C:\Users\michl\AppData\Local\Downloaded Installations
2015-01-03 14:45 - 2014-12-16 18:25 - 00000677 _____ () C:\Users\michl\Desktop\SALE Reduzierte Produkte aus allen DaWanda-Kategorien - 212.093 einzigartige Produkte bei DaWanda online kaufen.website
2015-01-03 14:40 - 2014-10-08 20:58 - 00000941 _____ () C:\Users\michl\Desktop\Website des Jahres 2014.website
2015-01-03 14:40 - 2014-08-17 12:54 - 00000000 ____D () C:\Users\michl\Desktop\reise 2014
2015-01-03 13:28 - 2014-11-16 03:01 - 00000000 ____D () C:\ProgramData\InstallMate
2015-01-03 13:15 - 2014-11-20 13:08 - 00000966 _____ () C:\Users\michl\Desktop\Video Downloader Clipfish, Bild.de.website
2015-01-03 11:37 - 2014-04-23 15:18 - 00000000 ____D () C:\Users\michl\Downloads\musik down

==================== Files in the root of some directories =======

2013-04-21 16:41 - 2007-12-01 16:22 - 0315392 _____ () C:\Program Files (x86)\GMLMatting.8bf
2013-04-21 16:41 - 2013-04-21 16:41 - 0000053 _____ () C:\Program Files (x86)\GMLMatting.ini
2013-07-06 00:57 - 2013-07-07 23:26 - 0004509 _____ () C:\Users\michl\AppData\Roaming\CamStudio.cfg
2013-04-21 16:40 - 2014-12-22 01:54 - 0000270 _____ () C:\Users\michl\AppData\Roaming\FotoSketcher.ini
2013-10-17 22:30 - 2015-01-27 16:06 - 14028800 _____ () C:\Users\michl\AppData\Roaming\Sandra.mdb
2012-01-18 13:44 - 2015-01-27 19:48 - 0007680 _____ () C:\Users\michl\AppData\Local\resmon.resmoncfg
2012-01-13 23:06 - 2012-01-13 23:07 - 0000000 _____ () C:\Users\michl\AppData\Local\{3D1C37FE-3ED0-4FD6-B2AF-A2725ABC9B82}
2012-01-13 23:07 - 2012-01-13 23:07 - 0000000 _____ () C:\Users\michl\AppData\Local\{86518487-0454-4710-9F1D-1F507D40ED99}
2014-01-30 17:04 - 2014-01-30 17:04 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-04-30 13:59 - 2013-04-30 19:33 - 0000000 _____ () C:\ProgramData\as98213.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-25 16:41

==================== End Of Log ============================
         

Alt 27.01.2015, 20:26   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste - Standard

Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste



hi,

bitte noch die Addition.txt posten
__________________

__________________

Alt 27.01.2015, 20:26   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste - Standard

Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste



Hi,

Addition.txt fehlt, bitte nachreichen, außerdem:

Zukünftig bitte beachten:
Zitat:
Running from F:\FIX SCHUTZ
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.
__________________
__________________

Alt 27.01.2015, 20:37   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste - Standard

Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste



zu langsam Arne
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.01.2015, 20:39   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste - Standard

Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste



Ist ja schon gut, ich verzieh mich

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.01.2015, 21:25   #6
mayer
 
Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste - Standard

Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste



Hallo

ah, Addition hab ich vergessen, hier nochmal beide, gezogen aus dem abgesicherten Modus heraus.

Info: das mit dem Desktop und den Tools habe ich nicht verstanden.

Beim Hochfahren stürzt der PC jetzt immer einmal ab mit Bluescreen und startet dann neu. Fehlermeldung: 6.1.7601.2.1.0.768.3 System-Service-Exception

FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by michl (administrator) on MICHL-PC on 27-01-2015 21:14:29
Running from F:\fix schutz
Loaded Profiles: michl (Available profiles: michl)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [377640 2009-05-15] (Acronis)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2774936 2014-05-13] (Crawler.com)
HKLM\...\Run: [360sd] => C:\PROGRAM FILES\360\360 INTERNET SECURITY\360sdrun.exe [287560 2014-04-16] (Qihu 360 Software Co., Ltd.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4393112 2009-05-15] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [962640 2009-05-15] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [rfxsrvtray] => d:\Radio Streams\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\MountPoints2: E - E:\setup.exe /AUTORUN
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\MountPoints2: {73b8dbca-35ab-11e1-b6f0-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dual Package.lnk
ShortcutTarget: Dual Package.lnk -> C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe (LG Electronics)
Startup: C:\Users\michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files\360\360 Internet Security\safemon\safemon64.dll (Qihu 360 Software Co., Ltd.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} ->  No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2836387523-2242442364-2255310912-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Avira Browser Safety - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\abs@avira.com [2014-11-05]
FF Extension: Snap.Do  - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{444cfd05-5764-4bc4-8e89-417723e7621f} [2013-07-11]
FF Extension: DownloadHelper - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-06-12]
FF Extension: Flash and Video Download - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-08-05]
FF Extension: printpdf - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\printpdf@pavlov.net.xpi [2014-03-10]
FF Extension: DownThemAll! - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-09-01]
FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com
FF Extension: No Name - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com [Not Found]

Chrome: 
=======
CHR Profile: C:\Users\michl\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 360rp; C:\PROGRAM FILES\360\360 INTERNET SECURITY\360rps.exe [310352 2014-04-16] (Qihu 360 Software Co., Ltd.)
S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations) [File not signed]
S2 ClickToRunSvc; C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\OFFICECLICKTORUN.EXE [2449592 2014-11-12] (Microsoft Corporation)
S2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S2 Radio.fx; d:\Radio Streams\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\RpcAgentSrv.exe [71832 2008-10-02] (SiSoftware) [File not signed]
S3 scan; C:\PROGRAM FILES\360\360 INTERNET SECURITY\scan.dll [420424 2014-04-25] (S.C. BitDefender S.R.L)
S2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1146304 2014-05-13] (Crawler.com)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZhuDongFangYu; C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe [236360 2014-04-23] (Qihu 360 Software Co., Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [97872 2014-04-21] (Qihu 360 Software Co., Ltd.)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [67664 2014-04-23] (Qihu 360 Software Co., Ltd.)
S1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305744 2014-04-29] (Qihu 360 Software Co., Ltd.)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [41552 2014-04-29] (Qihu 360 Software Co., Ltd.)
S1 360fsflt; C:\Windows\System32\DRIVERS\360FsFlt.sys [304208 2014-05-07] (Qihu 360 Software Co., Ltd.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-01] (Wondershare)
S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2014-04-18] (Qihu 360 Software Co., Ltd.)
S3 LGDDCDevice; C:\Windows\SysWOW64\LGI2CDriver.sys [16384 2010-08-04] (LG Soft India) [File not signed]
S3 LGII2CDevice; C:\Windows\SysWOW64\LGPII2CDriver.sys [19968 2011-02-11] () [File not signed]
S2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-02-04] (Windows (R) Win 7 DDK provider)
R0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [1462304 2012-01-18] (Acronis)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-09-03] (Wondershare)
S3 SANDRA; \??\C:\PROGRAM FILES\SISOFTWARE\SISOFTWARE SANDRA LITE 2013.SP4\WNT500X64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 21:13 - 2015-01-27 21:13 - 00276704 _____ () C:\Windows\Minidump\012715-18033-01.dmp
2015-01-27 21:11 - 2015-01-27 21:11 - 00002462 _____ () C:\Windows\PFRO.log
2015-01-27 21:11 - 2015-01-27 21:11 - 00000056 _____ () C:\Windows\setupact.log
2015-01-27 21:11 - 2015-01-27 21:11 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-27 19:34 - 2015-01-27 19:41 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-01-27 19:34 - 2015-01-27 19:34 - 00000000 ____D () C:\Users\michl\AppData\Local\SecTaskMan
2015-01-27 17:49 - 2015-01-27 17:49 - 01233116 _____ () C:\Windows\system32\CFG1825226089
2015-01-27 15:03 - 2015-01-27 21:13 - 00000000 ____D () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-01-27 13:04 - 2015-01-27 13:04 - 00000000 ____D () C:\Users\michl\AppData\Local\{1EC9D653-8571-4EFF-B1BB-065BC6A64CCA}
2015-01-27 01:04 - 2015-01-27 01:04 - 00000000 ____D () C:\Users\michl\AppData\Local\{76574F3D-BA67-4C0A-A757-3ACB490F3E46}
2015-01-26 13:03 - 2015-01-26 13:03 - 00000000 ____D () C:\Users\michl\AppData\Local\{B4D20EAA-6BE4-40A9-9E00-1097DE3C4364}
2015-01-25 23:52 - 2015-01-25 23:52 - 00000000 ____D () C:\Users\michl\Documents\OneNote-Notizbücher
2015-01-25 15:27 - 2015-01-25 15:27 - 00000000 ____D () C:\Users\michl\AppData\Local\{C5286E2C-C3DD-48DC-ABF5-753E83D0E805}
2015-01-24 18:47 - 2015-01-24 18:47 - 00000000 ____D () C:\Users\michl\AppData\Local\{89C399CC-7CD0-47FF-B074-B40CED9DB21F}
2015-01-23 13:12 - 2015-01-23 13:12 - 00000000 ____D () C:\Users\michl\AppData\Local\{78F7CAC5-C179-437C-A0C8-7E258217521F}
2015-01-23 00:40 - 2015-01-23 00:40 - 00000000 ____D () C:\Users\michl\AppData\Local\{79214486-8019-4526-ADD4-C8D41BB7C0E6}
2015-01-22 10:01 - 2015-01-22 10:01 - 00000000 ____D () C:\Users\michl\AppData\Local\{7AA8571B-66CE-459E-B3CF-8547D3F5C038}
2015-01-21 14:10 - 2015-01-21 14:10 - 00000000 ____D () C:\Users\michl\AppData\Local\{72682D33-30DE-45CB-95F0-3F0A6206D74C}
2015-01-21 02:09 - 2015-01-21 02:09 - 00000000 ____D () C:\Users\michl\AppData\Local\{B06864F7-55BD-46C4-8269-0E8759CCC81B}
2015-01-20 14:08 - 2015-01-20 14:09 - 00000000 ____D () C:\Users\michl\AppData\Local\{DB2480CB-2EFB-42F6-8335-E4392EC42861}
2015-01-20 02:08 - 2015-01-20 02:08 - 00000000 ____D () C:\Users\michl\AppData\Local\{F50EBD7C-6D98-4C70-A381-59DE45BEDB7F}
2015-01-19 14:07 - 2015-01-19 14:07 - 00000000 ____D () C:\Users\michl\AppData\Local\{52ADD48E-C094-4E89-A3C0-6EFCF151B3DB}
2015-01-18 22:37 - 2015-01-18 22:38 - 00000000 ____D () C:\Users\michl\AppData\Local\{3E6A9985-7C11-4789-88E5-F7EA8C379E3A}
2015-01-17 02:58 - 2015-01-17 02:58 - 00000000 ____D () C:\Users\michl\AppData\Local\{EB2A09AA-271A-41E5-9688-7264EB638E9D}
2015-01-17 01:32 - 2015-01-17 01:32 - 01186995 _____ () C:\Users\michl\Downloads\retro-frames.zip
2015-01-16 14:17 - 2015-01-16 14:17 - 00000000 ____D () C:\Users\michl\AppData\Local\{461EA139-1C80-4D58-B8D4-FFA8133EFCE1}
2015-01-16 00:11 - 2015-01-16 00:11 - 00000000 ____D () C:\Users\michl\AppData\Local\{201EA74E-289A-4779-9EAC-42D25811D08A}
2015-01-15 12:10 - 2015-01-15 12:10 - 00000000 ____D () C:\Users\michl\AppData\Local\{ADFA7D86-C977-4AE4-8006-5647BEE1DA90}
2015-01-15 00:09 - 2015-01-15 00:10 - 00000000 ____D () C:\Users\michl\AppData\Local\{1251B94C-785E-4A8E-8EB0-8C20479E64AD}
2015-01-14 12:13 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:13 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:13 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:13 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:13 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:13 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:13 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:13 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:13 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:13 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:13 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:13 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:13 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 12:09 - 2015-01-14 12:09 - 00000000 ____D () C:\Users\michl\AppData\Local\{70685963-37C2-4A4B-86DD-8F1B98812DA9}
2015-01-13 15:50 - 2015-01-13 15:50 - 00000000 ____D () C:\Users\michl\AppData\Local\{C73287A1-9827-4439-BEB9-3CABF49EEF1B}
2015-01-13 13:25 - 2015-01-13 13:25 - 00000356 _____ () C:\Users\michl\Desktop\Startpage Web Suchen.website
2015-01-13 13:25 - 2015-01-13 13:25 - 00000350 _____ () C:\Users\michl\Desktop\Qwant.website
2015-01-12 11:40 - 2015-01-12 11:40 - 00000000 ____D () C:\Users\michl\AppData\Local\{DEF0A906-DCF2-4A93-A23D-D05AC41D3CA0}
2015-01-11 13:40 - 2015-01-11 13:40 - 00000000 ____D () C:\Users\michl\AppData\Local\{C2D5863C-A276-4C58-B2F6-42BDF5221744}
2015-01-10 16:46 - 2015-01-10 16:46 - 00000000 ____D () C:\Users\michl\AppData\Local\{999CF59E-732B-4C10-B096-E1BAE4D2CDD9}
2015-01-09 16:23 - 2015-01-09 16:23 - 00000000 ____D () C:\Users\michl\AppData\Local\{18ACD4CE-745B-4574-B47A-4B3B9D97F592}
2015-01-08 11:16 - 2015-01-08 11:16 - 00000000 ____D () C:\Users\michl\AppData\Local\{3908BE42-B47E-4B78-A29E-F93481B528D8}
2015-01-07 12:27 - 2015-01-07 12:27 - 00000000 ____D () C:\Users\michl\AppData\Local\{D8317690-0E4B-4CB2-989A-7FE2762B6F41}
2015-01-06 14:35 - 2015-01-06 14:36 - 00000000 ____D () C:\Users\michl\AppData\Local\{43F1DC67-E07F-4DD1-B40C-4A46CFD25A1B}
2015-01-05 13:41 - 2015-01-05 13:41 - 00000000 ____D () C:\Users\michl\AppData\Local\{549E4629-4375-4B25-9F66-617A9F221D5A}
2015-01-04 13:28 - 2015-01-04 13:28 - 00000000 ____D () C:\Users\michl\AppData\Local\{920D33C0-A2BF-4C05-9999-278302552EA9}
2015-01-03 15:21 - 2015-01-03 15:21 - 00000000 ____D () C:\Neuer Ordner 1
2015-01-03 15:17 - 2015-01-03 15:17 - 00000000 ____D () C:\ProgramData\LAUNCHER
2015-01-03 15:11 - 2015-01-03 15:11 - 00000000 ____D () C:\ProgramData\RMBWIZARD
2015-01-03 15:09 - 2015-01-03 15:09 - 00002507 _____ () C:\Users\michl\Desktop\Paragon Backup and Recovery™ 2014 Free.lnk
2015-01-03 15:09 - 2015-01-03 15:09 - 00002339 _____ () C:\Users\michl\Desktop\Paragon Recovery Media Builder™.lnk
2015-01-03 15:09 - 2015-01-03 15:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf
2015-01-03 15:09 - 2015-01-03 15:09 - 00000000 ____D () C:\Users\michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 2014 Free
2015-01-03 15:08 - 2015-01-03 15:08 - 00000000 ____D () C:\Program Files\Paragon Software
2015-01-03 15:06 - 2015-01-03 15:06 - 00000000 ____D () C:\ProgramData\explauncher
2015-01-03 13:29 - 2015-01-03 13:29 - 00000000 ____D () C:\Users\michl\AppData\Roaming\zebNet
2015-01-03 13:28 - 2015-01-03 13:28 - 00001239 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\zebNet® Backup for Live Mail Free Edition.lnk
2015-01-03 13:28 - 2015-01-03 13:28 - 00001227 _____ () C:\Users\Public\Desktop\zebNet® Backup for Live Mail Free Edition.lnk
2015-01-03 13:28 - 2015-01-03 13:28 - 00000000 ____D () C:\Program Files\zebNet
2015-01-03 13:27 - 2015-01-27 19:23 - 00000000 __SHD () C:\360Rec
2015-01-03 13:00 - 2015-01-03 13:01 - 00000000 ____D () C:\Users\michl\AppData\Local\{9CBA7F02-D074-45BA-81E2-6BFF11CA0AE0}
2015-01-02 19:31 - 2015-01-03 14:50 - 00000586 _____ () C:\Users\michl\Desktop\Paragon Backup & Recovery 2014 Free Edition - Download - COMPUTER BILD.website
2015-01-02 19:31 - 2015-01-03 14:47 - 00000754 _____ () C:\Users\michl\Desktop\Übersicht Die beste Backup-Freeware - NETZWELT.website
2015-01-02 19:30 - 2015-01-02 19:30 - 00000452 _____ () C:\Users\michl\Desktop\FreeFileSync Verzeichnisse synchronisieren - NETZWELT.website
2015-01-02 15:16 - 2015-01-02 15:16 - 00000000 ____D () C:\Users\michl\AppData\Local\{F4F21EF0-3F5E-4707-865D-FDB485F51FA0}
2015-01-01 16:55 - 2015-01-01 16:55 - 00000000 ____D () C:\Users\michl\AppData\Local\{1729C4BB-B0C7-4B34-B766-1DA6A21EF08B}
2014-12-31 16:03 - 2014-12-31 16:03 - 00000000 ____D () C:\Users\michl\AppData\Local\{B060A75E-C08D-4273-9D5B-17C8F61D67E5}
2014-12-30 23:47 - 2014-12-30 23:47 - 00000863 _____ () C:\Users\michl\Desktop\MediathekView - Download TV-Sender.lnk
2014-12-30 16:59 - 2014-12-30 16:59 - 00000000 ____D () C:\Users\michl\AppData\Local\{AFBB72BB-93DA-4B0A-924B-B2542CC79861}
2014-12-30 01:48 - 2014-12-30 01:48 - 00000000 ____D () C:\Users\michl\AppData\Local\{89D58324-68FF-448C-BACA-03B537E04DFC}
2014-12-29 10:50 - 2014-12-29 10:50 - 00000000 ____D () C:\Users\michl\AppData\Local\{B77BD829-0130-4039-966C-8AFB364B651A}
2014-12-28 13:09 - 2014-12-28 13:09 - 00000000 ____D () C:\Users\michl\AppData\Local\{A0EAEFA9-A40F-499D-ABDA-73A7C26506E8}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 21:14 - 2014-10-27 14:50 - 00000000 ____D () C:\FRST
2015-01-27 21:13 - 2013-03-14 11:50 - 00000000 ____D () C:\Windows\Minidump
2015-01-27 21:12 - 2014-04-16 00:58 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 21:12 - 2013-02-04 02:04 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2015-01-27 21:11 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 20:26 - 2014-11-14 17:34 - 01780406 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 20:25 - 2012-01-18 13:44 - 00007672 _____ () C:\Users\michl\AppData\Local\resmon.resmoncfg
2015-01-27 19:51 - 2014-11-14 17:38 - 00000000 ____D () C:\Users\michl\AppData\Roaming\360safe
2015-01-27 19:42 - 2014-04-16 00:58 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-27 18:17 - 2013-06-25 07:14 - 00000863 _____ () C:\Users\michl\Desktop\Abendzeitung München.website
2015-01-27 17:01 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 17:01 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 16:58 - 2011-04-12 08:43 - 00717444 _____ () C:\Windows\system32\perfh007.dat
2015-01-27 16:58 - 2011-04-12 08:43 - 00155004 _____ () C:\Windows\system32\perfc007.dat
2015-01-27 16:58 - 2009-07-14 06:13 - 01656676 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 16:54 - 2012-01-18 15:55 - 00000000 ____D () C:\Users\michl\AppData\Roaming\vlc
2015-01-27 16:54 - 2012-01-18 14:33 - 00000000 ____D () C:\Users\michl\AppData\Roaming\Winamp
2015-01-27 16:54 - 2012-01-03 02:52 - 00000000 ____D () C:\Users\michl
2015-01-27 16:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-27 16:53 - 2014-07-23 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-27 16:53 - 2014-07-23 12:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-27 16:53 - 2014-05-22 22:36 - 00000000 ____D () C:\ProgramData\Protexis64
2015-01-27 16:53 - 2013-02-04 02:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-27 16:53 - 2012-01-13 23:18 - 00000000 ____D () C:\ProgramData\InstallShield
2015-01-27 16:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-27 16:06 - 2013-10-17 22:30 - 14028800 _____ () C:\Users\michl\AppData\Roaming\Sandra.mdb
2015-01-27 15:25 - 2014-11-17 11:31 - 00000684 _____ () C:\Users\michl\Desktop\Anti-Botnet-Beratungszentrum Säubern.website
2015-01-27 15:08 - 2014-10-26 01:06 - 00000000 ___HD () C:\Users\michl\AppData\Roaming\1A828502
2015-01-27 09:50 - 2013-05-22 23:24 - 00000000 ____D () C:\Users\michl\Documents\Benutzerdefinierte Office-Vorlagen
2015-01-27 09:50 - 2013-02-04 14:31 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-01-27 00:37 - 2013-02-07 14:09 - 00000493 _____ () C:\Users\michl\Desktop\Wortschatz.website
2015-01-26 15:51 - 2012-01-16 17:19 - 00097004 _____ () C:\Users\michl\Desktop\offene2+++.txt
2015-01-26 14:18 - 2013-03-08 17:28 - 00000000 ____D () C:\Users\michl\AppData\Local\CrashDumps
2015-01-26 02:00 - 2014-11-14 17:38 - 00000000 ____D () C:\ProgramData\360SD
2015-01-26 01:06 - 2014-08-24 17:11 - 00000559 _____ () C:\Users\michl\Desktop\freisteller  clipping Magic 
2015-01-25 16:24 - 2013-02-04 15:11 - 00000000 ____D () C:\Users\michl\AppData\Roaming\Media Player Classic
2015-01-25 16:23 - 2013-11-11 23:52 - 00000514 _____ () C:\Users\michl\Desktop\Zattoo -webTV.website
2015-01-23 16:15 - 2014-12-02 01:22 - 00000547 _____ () C:\Users\michl\Desktop\Polizeiruf Rostock - Bukow 02 (2010) - Aquarius (312) - YouTube.website
2015-01-21 16:10 - 2014-11-12 07:32 - 00005136 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for michl-PC-michl michl-PC
2015-01-21 15:00 - 2013-02-04 18:15 - 00000186 _____ () C:\Users\michl\Desktop\Übersetzungen.url
2015-01-21 14:01 - 2009-07-14 05:45 - 07993328 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-21 02:26 - 2013-02-14 01:18 - 00460440 _____ () C:\Windows\FontData.fdb
2015-01-21 02:26 - 2012-01-03 03:14 - 00835400 _____ () C:\Users\michl\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-21 01:36 - 2014-11-25 02:40 - 00000595 _____ () C:\Users\michl\Desktop\CorelDRAW X6 Praxis - Falzprospekt  Corel-Tutorials.de.website
2015-01-18 11:37 - 2014-02-15 10:43 - 00000000 ____D () C:\Users\michl\.mediathek3
2015-01-16 15:25 - 2012-01-18 14:12 - 00000000 ____D () C:\Users\michl\AppData\Roaming\FileZilla
2015-01-15 14:02 - 2009-07-14 03:34 - 00000448 _____ () C:\Windows\win.ini
2015-01-14 13:02 - 2013-07-24 00:30 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 13:00 - 2013-02-05 19:19 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 14:05 - 2014-07-23 12:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 15:07 - 2014-05-27 10:34 - 00000000 ____D () C:\Users\michl\AppData\Local\Downloaded Installations
2015-01-03 14:45 - 2014-12-16 18:25 - 00000677 _____ () C:\Users\michl\Desktop\SALE Reduzierte Produkte aus allen DaWanda-Kategorien - 212.093 einzigartige Produkte bei DaWanda online kaufen.website
2015-01-03 14:40 - 2014-10-08 20:58 - 00000941 _____ () C:\Users\michl\Desktop\Website des Jahres 2014.website
2015-01-03 14:40 - 2014-08-17 12:54 - 00000000 ____D () C:\Users\michl\Desktop\reise 2014
2015-01-03 13:28 - 2014-11-16 03:01 - 00000000 ____D () C:\ProgramData\InstallMate
2015-01-03 13:15 - 2014-11-20 13:08 - 00000966 _____ () C:\Users\michl\Desktop\Video Downloader Clipfish, Bild.de.website
2015-01-03 11:37 - 2014-04-23 15:18 - 00000000 ____D () C:\Users\michl\Downloads\musik down

==================== Files in the root of some directories =======

2013-04-21 16:41 - 2007-12-01 16:22 - 0315392 _____ () C:\Program Files (x86)\GMLMatting.8bf
2013-04-21 16:41 - 2013-04-21 16:41 - 0000053 _____ () C:\Program Files (x86)\GMLMatting.ini
2013-07-06 00:57 - 2013-07-07 23:26 - 0004509 _____ () C:\Users\michl\AppData\Roaming\CamStudio.cfg
2013-04-21 16:40 - 2014-12-22 01:54 - 0000270 _____ () C:\Users\michl\AppData\Roaming\FotoSketcher.ini
2013-10-17 22:30 - 2015-01-27 16:06 - 14028800 _____ () C:\Users\michl\AppData\Roaming\Sandra.mdb
2012-01-18 13:44 - 2015-01-27 20:25 - 0007672 _____ () C:\Users\michl\AppData\Local\resmon.resmoncfg
2012-01-13 23:06 - 2012-01-13 23:07 - 0000000 _____ () C:\Users\michl\AppData\Local\{3D1C37FE-3ED0-4FD6-B2AF-A2725ABC9B82}
2012-01-13 23:07 - 2012-01-13 23:07 - 0000000 _____ () C:\Users\michl\AppData\Local\{86518487-0454-4710-9F1D-1F507D40ED99}
2014-01-30 17:04 - 2014-01-30 17:04 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-04-30 13:59 - 2013-04-30 19:33 - 0000000 _____ () C:\ProgramData\as98213.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-25 16:41

==================== End Of Log ============================
         
--- --- ---


[/CODE]


ADDITION
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by michl at 2015-01-27 21:14:48
Running from F:\fix schutz
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Internet Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Internet Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Internet Security (HKLM-x32\...\360 Internet Security) (Version: 4.9.0.4902 - Qihu 360 Software Co., Ltd.)
4Free Video Converter 2 (HKLM-x32\...\{7061301A-0D44-432F-859D-AF705DA2C81F}_is1) (Version:  - 4Free Studio)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis*True*Image*Home (HKLM-x32\...\{D1E0E859-F46D-4708-A41D-ED90C0C1822A}) (Version: 12.0.9769.15 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin 64-bit (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader 64-bit fixes (HKLM\...\{6D80AAE7-FF65-4950-B1CA-3A7EA4995574}_is1) (Version:  - Leo Davidson / Pretentious Name)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{1701BD02-09B9-B25B-8290-C7D6A33C5A75}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apowersoft Free Screen Recorder V1.1.5 (HKLM-x32\...\{4EFA42DB-E4EC-4537-9DF3-5158D08A9785}_is1) (Version: 1.1.5 - Apowersoft)
ArcSoft Portrait+ 3 (HKLM-x32\...\{C42CE1B5-A119-4AF3-B0EB-4E739192B584}) (Version: 3.0.0.369 - ArcSoft)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
Auto FX Free (HKLM\...\{2F46CB46-5E2B-414D-882C-F8F51FF30C01}) (Version: 1.00.0000 - Auto FX Software)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.40 - Atheros Communications)
calibre 64bit (HKLM\...\{4B1D5077-539A-44BA-BDB8-A2A46B5EE038}) (Version: 0.9.24 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4746 - CDBurnerXP)
CGS17_Setup_x64 (Version: 17.2 - Corel Corporation) Hidden
ChrisPC Free VideoTube Downloader 7.30 (HKLM-x32\...\{6006089C-84B5-4F18-8113-1234567890DE}_is1) (Version:  - Chris P.C. srl)
ClipGrab 3.2.0.10 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Corel Graphics - Windows Shell Extension (HKLM\...\_{78FFFA60-B301-4897-8054-D5D0CD5A6AE0}) (Version: 17.2.0.688 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.2.688 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.2.688 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Capture (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Extra Content (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - DE (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.2 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.2.0.688 - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Extra Content (HKLM-x32\...\_{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}) (Version:  - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 (HKLM-x32\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version:  - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dual Package (HKLM-x32\...\{37365259-9D37-4FBE-9204-08B4034623B6}) (Version: 2.8 - LG Soft India Pvt Ltd)
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Filter Forge Freepack 1 - Metals 2.013 (HKLM-x32\...\Filter Forge Freepack 1 - Metals_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 2 - Photo Effects 2.013 (HKLM-x32\...\Filter Forge Freepack 2 - Photo Effects_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 3 - Frames 2.013 (HKLM-x32\...\Filter Forge Freepack 3 - Frames_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 4 - Distortions 2.013 (HKLM-x32\...\Filter Forge Freepack 4 - Distortions_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 5 - Hearts 2.013 (HKLM-x32\...\Filter Forge Freepack 5 - Hearts_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 6 - Patterns 2.013 (HKLM-x32\...\Filter Forge Freepack 6 - Patterns_is1) (Version:  - Filter Forge, Inc.)
FotoSketcher 2.42 (HKLM-x32\...\{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1) (Version:  - David THOIRON)
Free Video Dub version 2.0.21.827 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.827 - DVDVideoSoft Ltd.)
Free Video Editor version 1.4.4.904 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.4.904 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
FreeOCR v4.2 (HKLM-x32\...\freeocr_is1) (Version:  - )
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
GML Matting 0.3 (HKLM-x32\...\GML Matting_is1) (Version: 0.3 - GML Computer Vision Group)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HDR Darkroom 6 Windows Version v1.0.0 (HKLM-x32\...\HDR Darkroom 6) (Version: Windows Version v1.0.0 - HengTu, Inc.)
HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{B16F9E6E-1388-472C-98C3-F32D397EF85D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Hilfe (HKLM-x32\...\{72EDA2AC-2908-4BB3-97E5-4F9DDEBF9731}) (Version: 6.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.210.0 - Advanced Micro Devices, Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 2 (HKLM-x32\...\0630-0716-3135-7887) (Version: 2 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.7.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.7.0 - )
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1051 - Marvell)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Moffsoft FreeCalc (HKLM-x32\...\MoffFreeCalc_is1) (Version: 1.1 - Moffsoft)
Mozilla Firefox 12.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetObjects Fusion 11.0 (HKLM-x32\...\{A4D8369D-F5C6-403F-933C-53CA34062C2A}) (Version: 11 German - )
NetObjects Fusion 12.0 (HKLM-x32\...\{3A6E58D0-765B-4820-A01F-D7055B8CA9DA}) (Version: 12 German - NetObjects)
NetObjects Fusion 12.0 (x32 Version: 12.00.5000.5041 - NetObjects) Hidden
NetObjects Fusion 7 (HKLM-x32\...\NetObjects Fusion 7) (Version:  - )
NexusFont 2.5 (ver 2.5.7.1562) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version:  - xiles)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.8 - Google)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PC Inspector smart recovery (HKLM-x32\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
PDF Editor 4 (HKLM-x32\...\PDF Editor 4) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Perfect Effects 4.0.1 (HKLM-x32\...\{385E6A4D-A440-43E2-9BAF-A012FB5FC2E2}) (Version: 4.0.1 - onOne Software)
Photomatix Pro version 4.2.6 (HKLM\...\PhotomatixPro42x64_is1) (Version: 4.2.6 - HDRsoft Ltd)
Radio.fx (HKLM-x32\...\Tobit Radio.fx Server) (Version:  - Tobit.Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
SiSoftware Sandra Lite 2013.SP6 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 19.66.2013.10 - SiSoftware)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spyware Terminator 2012 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.82 - Crawler, LLC)
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TreeSize Free V2.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.5 - JAM Software)
Ulead GIF Animator 5 Test (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - )
virtualPhotographer 1.5.6 (HKLM-x32\...\virtualPhotographer_is1) (Version:  - optikVerve Labs)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinMorph™ 3.01 (HKLM-x32\...\WinMorph_is1) (Version:  - Satish Kumar)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.2-3 - BitNami)
zebNet® Backup for Live Mail Free Edition 1.0.1.0 (HKLM\...\{50AC790A-5392-4AAB-A5F7-03CD7F6D4D72}) (Version: 1.0.1.0 - zebNet® Ltd)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2836387523-2242442364-2255310912-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\p2pcollab.dll (Microsoft Corporation)

==================== Restore Points  =========================

21-01-2015 16:10:31 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {011CB3C5-0EB5-4C2B-81F0-99DE317936CC} - System32\Tasks\{E7BA02F4-598F-4A34-B17F-94DA10B72D95} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {0A7DD206-1DCE-482D-AA7C-ADB8F0E1CAF6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {145E6EF3-5AF5-4F53-BC26-B2248E50B69F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {1B1FC399-020B-4C6F-A642-5F27B996A69E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {23EAF774-EB76-4B6D-8261-3C29593A21F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {52173030-3E6D-4671-A024-37E9CB707A13} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-16] (Google Inc.)
Task: {5E9522E0-31C4-42D4-B1F6-DE43455C8642} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {76312683-E6BC-4760-8B56-F0CC3CB258BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {9249DFC4-E957-468E-85A7-3519398650D3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for michl-PC-michl michl-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {970D6B3F-C05F-416D-A83E-523222E93C62} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-16] (Google Inc.)
Task: {A38AEFC2-308D-4779-8502-82F410CA3638} - System32\Tasks\{91AC36FA-D15E-4462-8744-DCDE953597B9} => pcalua.exe -a C:\Users\michl\AppData\Local\Temp\Temp1_AsusUpdt_V71304.zip\Setup.exe
Task: {B0A60F5B-3E37-4E8D-B432-655B907522A5} - System32\Tasks\{7E2F1987-2367-4F16-A282-446F302A63BB} => pcalua.exe -a "C:\Program Files\asus\Setup.exe" -d "C:\Program Files\asus"
Task: {B74FD4E3-934E-4319-A9C6-9D346C2D9574} - System32\Tasks\{8F5E8836-2361-4C26-8A43-DAFB4443B76D} => pcalua.exe -a "F:\downloads\downloads ab jan12\corel draw\CGSX4SP2.exe" -d "F:\downloads\downloads ab jan12\corel draw"
Task: {E681292B-3BC4-47B3-BAD6-26B243C6303C} - System32\Tasks\{E6AF3107-78B1-4731-B15D-A4299307ED7E} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:054B9966
AlternateDataStreams: C:\Users\michl\Documents\Herzkugel mit Ihrem Foto geschenkt zum Valentinstag.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48306945.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\60065519.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48306945.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\60065519.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^michl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^sdbinst.lnk => C:\Windows\pss\sdbinst.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2836387523-2242442364-2255310912-500 - Administrator - Disabled)
Gast (S-1-5-21-2836387523-2242442364-2255310912-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2836387523-2242442364-2255310912-1002 - Limited - Enabled)
michl (S-1-5-21-2836387523-2242442364-2255310912-1000 - Administrator - Enabled) => C:\Users\michl

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2015 04:56:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 04:55:00 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/27/2015 04:55:00 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/27/2015 04:55:00 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/27/2015 04:55:00 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/27/2015 04:55:00 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (01/27/2015 04:55:00 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/27/2015 04:55:00 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexserver kann wegen eines Datenbankfehlers keine Daten aktualisieren oder auf sie zugreifen. Beenden Sie den Suchdienst, und starten Sie ihn erneut. Wenn das Problem weiterhin besteht, setzen Sie den Inhaltsindex zurück, und crawlen Sie ihn erneut. In manchen Fällen muss der Inhaltsindex möglicherweise gelöscht und erneut erstellt werden.  (HRESULT : 0x8004117f) (0x8004117f)

Error: (01/27/2015 04:55:00 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=1100} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/27/2015 04:55:00 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0x8004117f - Der Inhaltsindexserver kann wegen eines Datenbankfehlers keine Daten aktualisieren oder auf sie zugreifen. Beenden Sie den Suchdienst, und starten Sie ihn erneut. Wenn das Problem weiterhin besteht, setzen Sie den Inhaltsindex zurück, und crawlen Sie ihn erneut. In manchen Fällen muss der Inhaltsindex möglicherweise gelöscht und erneut erstellt werden.  (HRESULT : 0x8004117f))


System errors:
=============
Error: (01/27/2015 09:13:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/27/2015 09:13:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/27/2015 09:13:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/27/2015 09:13:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/27/2015 09:13:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/27/2015 09:13:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/27/2015 09:13:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/27/2015 09:13:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/27/2015 09:13:20 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/27/2015 09:13:20 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}


Microsoft Office Sessions:
=========================
Error: (01/27/2015 04:56:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 04:55:00 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (01/27/2015 04:55:00 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/27/2015 04:55:00 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/27/2015 04:55:00 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/27/2015 04:55:00 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (01/27/2015 04:55:00 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (01/27/2015 04:55:00 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexserver kann wegen eines Datenbankfehlers keine Daten aktualisieren oder auf sie zugreifen. Beenden Sie den Suchdienst, und starten Sie ihn erneut. Wenn das Problem weiterhin besteht, setzen Sie den Inhaltsindex zurück, und crawlen Sie ihn erneut. In manchen Fällen muss der Inhaltsindex möglicherweise gelöscht und erneut erstellt werden.  (HRESULT : 0x8004117f) (0x8004117f)

Error: (01/27/2015 04:55:00 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
1100

Error: (01/27/2015 04:55:00 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: 
Details:
	0x%08x (0x8004117f - Der Inhaltsindexserver kann wegen eines Datenbankfehlers keine Daten aktualisieren oder auf sie zugreifen. Beenden Sie den Suchdienst, und starten Sie ihn erneut. Wenn das Problem weiterhin besteht, setzen Sie den Inhaltsindex zurück, und crawlen Sie ihn erneut. In manchen Fällen muss der Inhaltsindex möglicherweise gelöscht und erneut erstellt werden.  (HRESULT : 0x8004117f))


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 8%
Total physical RAM: 16360.76 MB
Available physical RAM: 15038.22 MB
Total Pagefile: 32721.52 MB
Available Pagefile: 31263.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:13.71 GB) NTFS
Drive d: (Bilder) (Fixed) (Total:465.88 GB) (Free:174.51 GB) NTFS
Drive f: (Geschäft) (Fixed) (Total:298.83 GB) (Free:19.87 GB) NTFS
Drive g: (sicherung) (Fixed) (Total:97.66 GB) (Free:17.42 GB) NTFS
Drive h: (Volume) (Fixed) (Total:69.14 GB) (Free:10.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 25836908)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B0400252)
Partition 1: (Active) - (Size=465.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=69.1 GB) - (Type=OF Extended)

==================== End Of Log ============================
         

Alt 28.01.2015, 08:29   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste - Standard

Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste



Bitte mal einen Bericht mit Bluescreenview machen:

Windows Bluescreen Absturz analysieren und beheben - so geht's - Anleitungen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.01.2015, 12:51   #8
mayer
 
Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste - Standard

Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste



Hallo

anbei Bluescreenview, wie gewünscht.

Vorher noch die aktuellen Auffälligkeiten:
+ hohe CPU-Tätigkeit ohne zu arbeiten
+ Explorer.exe arbeitet teils mit 2-4 GB! (Resourcenmonitor)
+ Malwareprogramme wie Malwarebytes etc. starten nicht mehr bzw. lassen sich nicht neu installieren, andere Programme wie Bluescreenview schon



Code:
ATTFilter
==================================================
Dump File         : 012815-31309-01.dmp
Crash Time        : 28.01.2015 01:38:09
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff8a0`1a16d000
Parameter 2       : 00000000`00000000
Parameter 3       : fffff800`03ce85aa
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+76e80
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18700 (win7sp1_gdr.141211-1742)
Processor         : x64
Crash Address     : ntoskrnl.exe+76e80
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\012815-31309-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 276.704
Dump File Time    : 28.01.2015 01:39:50
==================================================

==================================================
Dump File         : 012815-30435-01.dmp
Crash Time        : 28.01.2015 01:05:34
Bug Check String  : SYSTEM_SERVICE_EXCEPTION
Bug Check Code    : 0x0000003b
Parameter 1       : 00000000`c0000005
Parameter 2       : fffff800`03cdcce3
Parameter 3       : fffff880`0b2a6f70
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+76e80
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18700 (win7sp1_gdr.141211-1742)
Processor         : x64
Crash Address     : ntoskrnl.exe+76e80
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\012815-30435-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 276.704
Dump File Time    : 28.01.2015 01:07:11
==================================================
         
Danke fürs Drüerschauen

Alt 28.01.2015, 17:14   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste - Standard

Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste



Teste mal den Arbeitsspeicher mit Memtest86+
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste
administrator, auslastung, bluescreen, computer, downloader, explorer exe malwarebytes, fehlercode 0x80070490, fehlercode 24, fehlercode windows, fehlermeldung, officejet, page_fault_in_nonpaged_area 0x00000050, programm, programm startet nicht, registry, safer networking, security, services.exe, software, svchost.exe, system_service_exception 0x0000003b, winlogon.exe



Ähnliche Themen: Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste


  1. Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten
    Plagegeister aller Art und deren Bekämpfung - 23.06.2015 (15)
  2. Firewall lässt sich nicht mehr starten
    Alles rund um Windows - 30.03.2015 (15)
  3. Malwarebytes lässt sich nicht starten
    Log-Analyse und Auswertung - 04.09.2014 (5)
  4. Windows Vista: Anti-Vir lässt sich nicht mehr starten - geblockt durch Gruppenrichtlinie
    Log-Analyse und Auswertung - 22.08.2014 (11)
  5. ADWcleaner lässt sich nicht mehr starten.
    Plagegeister aller Art und deren Bekämpfung - 05.07.2014 (27)
  6. TaskMgr,Windows Sicherheitsdient, Firewall lassen sich nicht starten und hohe CPU-Auslastung.
    Log-Analyse und Auswertung - 28.03.2014 (36)
  7. Computer lässt sich nicht mehr starten.
    Plagegeister aller Art und deren Bekämpfung - 15.11.2013 (7)
  8. Lässt sich nicht mehr starten!
    Plagegeister aller Art und deren Bekämpfung - 11.09.2012 (3)
  9. Ransomware - Dienste lassen sich nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (2)
  10. WinXP lässt sich nicht mehr starten
    Log-Analyse und Auswertung - 06.07.2012 (1)
  11. Windows 7 lässt sich nicht mehr starten
    Alles rund um Windows - 24.03.2012 (8)
  12. Personal Shield Pro - Anti-Malware beendet sich und lässt sich nicht mehr starten-auch nicht mit OTH
    Log-Analyse und Auswertung - 18.08.2011 (1)
  13. ynl.exe - firefox lässt sich nicht mehr starten
    Log-Analyse und Auswertung - 23.05.2011 (1)
  14. Skype lässt sich nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 24.11.2010 (28)
  15. Probleme mit Google (Weiterleitung), diversen Webseiten und Malwarebytes lässt sich nicht starten
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (12)
  16. Kaspersky 7 lässt sich nicht mehr starten
    Antiviren-, Firewall- und andere Schutzprogramme - 17.07.2009 (9)
  17. IE lässt sich nicht mehr starten
    Alles rund um Windows - 20.02.2007 (27)

Zum Thema Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste - Hallo ich brauche mal wieder Euren fachmännischen Rat und evtl. Eure geschätzte Hilfe: Mein PC stürzte heute mehrfach ab mit Bluescreen "Driver equal...". Systemwiederherstellung brachte nicht die gewünschte Wiederherstellung. Auffällig - Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste...
Archiv
Du betrachtest: Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.