Zurück   Trojaner-Board > Malware entfernen > Antiviren-, Firewall- und andere Schutzprogramme

Antiviren-, Firewall- und andere Schutzprogramme: Pande FW blockiert obwohl Programm deinstalliert

Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Antwort
Alt 02.02.2015, 09:06   #1
Snoosel
 
Pande FW blockiert obwohl Programm deinstalliert - Standard

Pande FW blockiert obwohl Programm deinstalliert



Hallo und guten Morgen,
habe heute etwas recht komisches erlebt.
Vor einigen Monaten wurde Panda installiert.
Da es mir und meinem Rechner nur Schwierigkeiten machte, ist es jetzt weg, ....dachte ich zumindest.
Beim Installieren von Phrasen Express bekam ich folgenden Hinweis.
"Sie verwenden auf Ihrem Rechner Panda Firewall, derartige Programme können...u.s.w.
Wie kann das sein?

Jetzt würde vieles einen Sinn machen.
Wir haben eine AufmaßApp auf dem Tablet, mal hat sie Kontakt zum Hauptrechner, mal nicht. Der Support sucht sich schwindelig nach Fehlern.
Schönen Gruß Ute

Alt 02.02.2015, 10:26   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Pande FW blockiert obwohl Programm deinstalliert - Standard

Pande FW blockiert obwohl Programm deinstalliert



Hi,

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 02.02.2015, 10:39   #3
Snoosel
 
Pande FW blockiert obwohl Programm deinstalliert - Standard

Pande FW blockiert obwohl Programm deinstalliert




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Ute (administrator) on FUGENTECHNIK on 02-02-2015 10:29:40
Running from C:\Users\Ute\Desktop
Loaded Profiles: Ute &  (Available profiles: Ute & admin & admin2 & Administrator & DefaultAppPool)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVM Berlin) C:\Program Files (x86)\Common Files\AVM\De_serv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(blue:solution software GmbH) C:\ProgramData\blue solution\Handwerk 5\TopAppService\TopDnsService.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Advantage 11.10\Server\ads.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.AppHost.Clr2.AnyCpu.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.AppHost.Clr4.x86.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Google Inc.) C:\Windows\Temp\40.0.2214.94_chrome_installer.exeb91e4fe
(Google Inc.) C:\Windows\Temp\CR_A0EA8.tmp\setup.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\Ute\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Bartels Media GmbH                                          ) C:\Users\Ute\Desktop\PhraseExpressSetup.exe
() C:\Users\Ute\AppData\Local\Temp\is-K2DSP.tmp\PhraseExpressSetup.tmp
(Bartels Media GmbH                                          ) C:\Users\Ute\Desktop\PhraseExpressSetup.exe
() C:\Users\Ute\AppData\Local\Temp\is-2B70N.tmp\PhraseExpressSetup.tmp
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Ute\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(blue:solution software GmbH) C:\Program Files (x86)\blue solution\Handwerk 5\Handwerk.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Run: [Amazon Music] => C:\Users\Ute\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Amazon Music] => C:\Users\Ute\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Amazon Music] => C:\Users\Ute\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Amazon Music] => C:\Users\Ute\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISDNWatch.lnk
ShortcutTarget: ISDNWatch.lnk -> C:\Program Files (x86)\FRITZ!\IWatch.exe (AVM Berlin)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\vrtoolcheckorder.exe (VR-NetWorld Software)
Startup: C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4278806244-3946690954-89611405-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
URLSearchHook: [S-1-5-21-4278806244-3946690954-89611405-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-4278806244-3946690954-89611405-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-4278806244-3946690954-89611405-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-4278806244-3946690954-89611405-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3] ATTENTION ==> Default URLSearchHook is missing.
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Cisco WebEx-Produktivitätswerkzeuge -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Cisco WebEx-Produktivitätswerkzeuge - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Tcpip\..\Interfaces\{AD715C07-FA95-41CD-8547-8CF7B99D600E}: [NameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default
FF DefaultSearchEngine: Google
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Ute\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [Not Found]
FF Extension: No Name - C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://spiele.rtl.de/cms/index.html"
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-29]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-11-13]
CHR Extension: (Google Wallet) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-29]
CHR Profile: C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Profile 1

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Advantage; C:\Program Files (x86)\Advantage 11.10\Server\ADS.EXE [3530752 2012-11-27] (iAnywhere Solutions, Inc.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 de_serv; C:\Program Files (x86)\Common Files\AVM\de_serv.exe [206128 2007-10-25] (AVM Berlin)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
R2 TopDNS; C:\ProgramData\blue solution\Handwerk 5\TopAppService\TopDnsService.exe [2779648 2013-01-30] (blue:solution software GmbH) [File not signed]
R2 UltiDev Web Server Pro; C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe [64512 2012-09-29] (UltiDev LLC) [File not signed]
R2 UWS HiPriv Services; C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe [48128 2012-09-29] (UltiDev LLC) [File not signed]
R2 UWS LoPriv Services; C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe [44032 2012-09-29] (UltiDev LLC) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-11-14] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVMCOWAN; C:\Windows\system32\DRIVERS\AVMCOWAN.sys [79872 2010-11-28] (AVM GmbH)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
S3 CYUSB3; C:\Windows\System32\Drivers\CYUSB3.sys [62712 2014-03-21] (Cypress Semiconductor)
R3 FUS2BASE; C:\Windows\system32\DRIVERS\fus2base.sys [696832 2010-11-28] (AVM Berlin)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [40392 2012-07-25] (Microsoft Corporation)
S3 csravrcp; \SystemRoot\System32\drivers\csravrcp.sys [X]
S3 CsrBtPort; \SystemRoot\system32\DRIVERS\CsrBtPort.sys [X]
S3 csrpan; \SystemRoot\system32\DRIVERS\csrpan.sys [X]
S3 csrserial; \SystemRoot\system32\DRIVERS\csrserial.sys [X]
S3 csrusb; \SystemRoot\System32\Drivers\csrusb.sys [X]
S3 csr_bthav; \SystemRoot\system32\drivers\csrbthav.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 10:29 - 2015-02-02 10:32 - 00029661 _____ () C:\Users\Ute\Desktop\FRST.txt
2015-02-02 10:28 - 2015-02-02 10:28 - 02131456 _____ (Farbar) C:\Users\Ute\Desktop\FRST64.exe
2015-02-02 10:06 - 2015-02-02 10:06 - 00000000 ____D () C:\Users\Ute\Desktop\Programme
2015-02-02 09:30 - 2015-02-02 10:07 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\AllDup
2015-02-02 09:30 - 2015-02-02 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllDup
2015-02-02 09:30 - 2015-02-02 09:30 - 00000000 ____D () C:\ProgramData\AllDup
2015-02-02 09:30 - 2015-02-02 09:30 - 00000000 ____D () C:\Program Files (x86)\AllDup
2015-02-02 09:30 - 2010-10-13 06:42 - 02369456 _____ (Codejock Software) C:\WINDOWS\SysWOW64\Codejock.CommandBars.v13.4.2.ocx
2015-02-02 09:30 - 2010-08-20 21:53 - 00086016 _____ (Michael Thummerer Software Design) C:\WINDOWS\SysWOW64\mtSplitter.ocx
2015-02-02 09:30 - 2010-06-11 10:50 - 00089888 _____ (Michael Thummerer Software Design) C:\WINDOWS\SysWOW64\mtFrame.ocx
2015-02-02 09:30 - 2010-06-01 14:45 - 01005088 _____ (Bennet-Tec Information Systems, Inc) C:\WINDOWS\SysWOW64\TList8.ocx
2015-02-02 09:30 - 2010-03-25 10:33 - 00171752 _____ (Michael Thummerer Software Design) C:\WINDOWS\SysWOW64\mtRTF2.ocx
2015-02-02 09:30 - 2009-10-13 00:02 - 00044736 _____ (Michael Thummerer Software Design) C:\WINDOWS\SysWOW64\mtSubclass.dll
2015-02-02 09:30 - 2009-10-13 00:01 - 00077504 _____ (Michael Thummerer Software Design) C:\WINDOWS\SysWOW64\mtScrollContainer.ocx
2015-02-02 09:30 - 2008-01-29 07:57 - 00450560 _____ (LogicNP Software (hxxp://www.ssware.com)) C:\WINDOWS\SysWOW64\fldrvw90.ocx
2015-02-02 08:37 - 2015-02-02 08:37 - 14129048 _____ (Bartels Media GmbH ) C:\Users\Ute\Desktop\PhraseExpressSetup.exe
2015-02-01 18:24 - 2015-02-01 18:24 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-30 23:01 - 2015-02-02 09:09 - 00000000 ___RD () C:\Users\Ute\Dropbox
2015-01-29 13:10 - 2015-01-29 13:10 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-01-28 20:57 - 2015-01-28 20:57 - 02194432 _____ () C:\Users\Ute\Desktop\AdwCleaner_4.109.exe
2015-01-25 18:22 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-25 18:22 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-14 08:02 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 08:02 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 08:02 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 08:02 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 08:02 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 08:02 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 08:02 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 08:02 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 08:02 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 08:02 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 08:02 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 08:02 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 08:02 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 08:02 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 08:02 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-09 14:45 - 2015-01-09 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advantage Database Server 11.10
2015-01-09 14:45 - 2015-01-09 14:45 - 00000000 ____D () C:\Program Files (x86)\Advantage 11.10
2015-01-09 14:32 - 2015-01-09 14:32 - 00000000 ____D () C:\Program Files\UltiDev
2015-01-09 14:31 - 2015-01-09 14:31 - 00002218 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\UltiDev Web App Explorer.lnk
2015-01-09 14:31 - 2015-01-09 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltiDev
2015-01-09 14:31 - 2015-01-09 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuWin32
2015-01-09 14:31 - 2015-01-09 14:31 - 00000000 ____D () C:\Program Files (x86)\GnuWin32
2015-01-09 14:30 - 2015-01-09 14:31 - 00026265 _____ () C:\WINDOWS\unins000.dat
2015-01-09 14:30 - 2015-01-09 14:30 - 01083233 _____ () C:\WINDOWS\unins000.exe
2015-01-09 14:04 - 2015-01-09 14:04 - 03999272 _____ (TeamViewer) C:\Users\Ute\Desktop\bss_support.exe
2015-01-07 16:43 - 2015-01-07 16:43 - 00000020 ___SH () C:\Users\DefaultAppPool.IIS APPPOOL\ntuser.ini
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Vorlagen
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Startmenü
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Netzwerkumgebung
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Lokale Einstellungen
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Eigene Dateien
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Druckumgebung
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Documents\Eigene Musik
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Documents\Eigene Bilder
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Verlauf
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Anwendungsdaten
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Anwendungsdaten
2015-01-07 16:43 - 2014-06-30 09:07 - 00000000 ____D () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Microsoft Help
2015-01-07 16:43 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-01-07 16:43 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-01-07 16:42 - 2015-01-07 16:43 - 00000000 ____D () C:\Users\DefaultAppPool.IIS APPPOOL
2015-01-07 16:42 - 2015-01-01 23:25 - 00000000 ___RD () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-07 16:42 - 2015-01-01 23:25 - 00000000 ___RD () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-07 16:42 - 2015-01-01 23:25 - 00000000 ___RD () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-07 16:42 - 2013-12-24 08:47 - 00000000 ____D () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Macromedia
2015-01-07 16:42 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-04 23:02 - 2015-01-04 23:02 - 00517413 _____ () C:\Users\Ute\Downloads\quickfolders_tabbed_folders-3.14.1-sm+tb.xpi
2015-01-04 22:47 - 2015-01-04 22:47 - 00321623 _____ () C:\Users\Ute\Downloads\sun_cult-1.3.20120620-fn+sm+fx+tb(1).xpi
2015-01-04 22:42 - 2015-01-04 22:42 - 00321623 _____ () C:\Users\Ute\Downloads\sun_cult-1.3.20120620-fn+sm+fx+tb.xpi
2015-01-04 18:04 - 2015-01-30 07:37 - 00000000 ____D () C:\Users\Ute\Desktop\Telekom   Kundencenter_files

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 10:29 - 2014-09-07 17:19 - 00000000 ____D () C:\FRST
2015-02-02 10:26 - 2014-10-29 12:15 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 10:11 - 2014-10-10 11:05 - 00000576 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001.job
2015-02-02 10:09 - 2013-12-18 18:39 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\ClassicShell
2015-02-02 10:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-02 09:36 - 2014-04-07 08:14 - 01570510 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-02 09:36 - 2013-12-16 20:08 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4278806244-3946690954-89611405-1001
2015-02-02 09:34 - 2014-10-26 22:14 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 09:09 - 2013-12-20 13:14 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Dropbox
2015-02-02 08:26 - 2014-10-29 12:15 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 08:24 - 2014-09-24 16:48 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7191AC2D-2327-4099-A4A5-525ACFAC0F38}
2015-02-01 20:29 - 2014-10-17 10:57 - 00000000 ____D () C:\WINDOWS\uninstall
2015-02-01 19:18 - 2013-12-24 10:15 - 07521792 ___SH () C:\Users\Ute\Desktop\Thumbs.db
2015-02-01 07:54 - 2014-07-05 22:41 - 00000000 ____D () C:\Users\Ute\AppData\Local\CrashDumps
2015-01-31 20:25 - 2013-12-18 13:52 - 00000000 ___RD () C:\Users\Ute\Desktop\Stundenzettel
2015-01-31 14:38 - 2014-10-29 12:16 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-31 00:00 - 2013-12-18 13:50 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\PhotoScape
2015-01-30 23:28 - 2014-02-01 15:31 - 00027648 ____H () C:\Users\Ute\Desktop\photothumb.db
2015-01-30 23:28 - 2013-12-18 13:52 - 00000000 ____D () C:\Users\Ute\Desktop\BAM
2015-01-30 23:06 - 2013-12-20 13:15 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-30 23:01 - 2013-12-24 08:44 - 00000000 ____D () C:\Users\Ute
2015-01-30 22:02 - 2014-12-23 12:53 - 00000000 ____D () C:\AdwCleaner
2015-01-30 15:42 - 2014-03-25 18:38 - 00000000 ___RD () C:\Users\Ute\Desktop\Bendik
2015-01-30 07:42 - 2013-12-18 13:57 - 00000000 ____D () C:\Users\Ute\Documents\Dokumente
2015-01-30 07:31 - 2014-12-13 18:03 - 00000000 ____D () C:\Users\Ute\Desktop\Projekte-Angebote
2015-01-30 07:26 - 2013-11-14 08:27 - 01860582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-30 07:26 - 2013-11-14 08:11 - 00799978 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-30 07:26 - 2013-11-14 08:11 - 00168714 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-29 19:42 - 2014-04-30 07:16 - 00013180 _____ () C:\WINDOWS\setupact.log
2015-01-29 13:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-29 09:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-29 08:32 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-28 21:19 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-28 21:14 - 2014-09-04 14:11 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-28 19:57 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-28 12:39 - 2014-06-23 11:52 - 00193623 _____ () C:\ads_err.adt
2015-01-28 12:39 - 2014-06-23 11:52 - 00012844 _____ () C:\ads_err.adm
2015-01-28 12:39 - 2014-06-23 11:52 - 00006144 _____ () C:\ads_err.adi
2015-01-27 17:53 - 2013-12-16 18:35 - 00000000 ____D () C:\Users\Ute\AppData\Local\FRITZ!
2015-01-26 15:51 - 2014-10-10 11:05 - 00003580 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001
2015-01-24 21:20 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 20:53 - 2013-12-18 13:52 - 00000000 ___RD () C:\Users\Ute\Desktop\Verbrauchskalkulator
2015-01-22 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-18 14:12 - 2013-12-17 03:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-18 14:09 - 2013-12-17 03:17 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-15 21:07 - 2013-12-16 17:42 - 00000000 ____D () C:\Users\Ute\AppData\Local\VirtualStore
2015-01-15 18:13 - 2014-01-09 18:01 - 00000000 ____D () C:\ProgramData\WebEx
2015-01-15 08:29 - 2014-04-10 07:11 - 00935100 _____ () C:\WINDOWS\PFRO.log
2015-01-15 08:29 - 2013-12-18 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-14 23:34 - 2014-02-04 21:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-09 14:44 - 2014-06-23 11:48 - 00000000 ____D () C:\ADVANTAGE
2015-01-09 14:33 - 2014-12-02 14:19 - 00001024 _____ () C:\.rnd
2015-01-08 21:09 - 2014-01-09 18:02 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\webex
2015-01-05 18:57 - 2013-12-18 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-05 18:54 - 2013-12-20 14:51 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======

2013-12-18 14:03 - 2013-12-18 14:13 - 0000600 _____ () C:\Users\Ute\AppData\Roaming\winscp.rnd
2013-12-18 13:53 - 2013-12-18 13:56 - 0000600 _____ () C:\Users\Ute\AppData\Local\PUTTY.RND
2013-10-18 11:03 - 2013-10-18 11:03 - 0000198 ____H () C:\ProgramData\Lenovo-25838.vbs

Files to move or delete:
====================
C:\ProgramData\Lenovo-25838.vbs


Some content of TEMP:
====================
C:\Users\Ute\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprzvn6m.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-28 06:51

==================== End Of Log ============================
         
--- --- ---
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Ute at 2015-02-02 10:34:14
Running from C:\Users\Ute\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.34 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advantage Database Server for Windows v11.10 (HKLM-x32\...\{8F7F5EAD-7785-4246-83F0-C6A9204AF971}) (Version: 11.10.0001 - Sybase, Inc.)
AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
Amazon Cloud Player (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden
Assessment and Deployment Kit (HKLM-x32\...\{fc46d1b2-9557-4c1f-baac-04af4d2db7e4}) (Version: 8.59.25584 - Microsoft Corporation)
Assessments on Client (x32 Version: 8.59.25584 - Microsoft) Hidden
AVM FRITZ! (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
AVM ISDN CAPI Port (HKLM-x32\...\AVM ISDN CAPI Port) (Version:  - )
BUHL-Lizenzmanagement-Software (x32 Version: 1.01.0000 - Buhl Data Service GmbH) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Cisco WebEx-Produktivitätswerkzeuge (HKLM-x32\...\{EC4A8038-085D-4FB7-BF70-338296E33FE5}) (Version: 11.1.30800 - Cisco WebEx LLC)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Fotostory 3 für Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.15 - Microsoft Corporation)
GnuWin32: OpenSSL-0.9.8h-1 (HKLM-x32\...\OpenSSL-0.9.8h-1_is1) (Version: 0.9.8h-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
IIS 7.5 Express (HKLM-x32\...\{433E2032-D3E0-46FF-BAA4-0976F333C1E4}) (Version: 7.5.1070 - Microsoft Corporation)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Snagit 11 (HKLM-x32\...\{A7E2223E-4AE4-45C8-9B6C-1C893EDF11BD}) (Version: 11.4.0 - TechSmith Corporation)
Toolkit Documentation (x32 Version: 8.59.25584 - Microsoft) Hidden
TopApps Service (HKLM-x32\...\{B2BB7D05-F646-41C7-9CE4-CE77469C0899}_is1) (Version: 2.5.1 - )
TopKontor Handwerk Version 5 (HKLM-x32\...\{640A92A1-9B8B-4C80-B412-9595460EBC53}_is1) (Version: 5 - )
UltiDev Web Server Pro (x32 Version: 2.0.18 - UltiDev LLC) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
User State Migration Tool (x32 Version: 8.59.25584 - Microsoft) Hidden
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )
WPT Redistributables (x32 Version: 8.59.25584 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.25584 - Microsoft) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

17-01-2015 18:59:36 Windows Update
23-01-2015 08:59:16 Windows Update
28-01-2015 07:15:43 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10C464AB-F818-496E-9743-F105C3A2E2C0} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {28CD7355-CB57-4CC9-BDA7-6351E804957A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {2EC50909-A5B8-4061-900F-7FBAF516F26A} - System32\Tasks\Lenovo\Lenovo-25838 => C:\ProgramData\Lenovo-25838.vbs [2013-10-18] ()
Task: {3864244B-592B-4F61-8F7E-F61734C03B58} - System32\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001 => C:\Users\Ute\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-26] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4927924C-A5E3-47FF-B9E9-B80557B576DE} - System32\Tasks\{4DFDCA33-7855-42CE-A167-53B2FA91D197} => pcalua.exe -a "C:\Users\Ute\AppData\Roaming\1H1Q1V1N1N1O1R\PDF Creator Packages\uninstaller.exe" -c /Uninstall /NM="PDF Creator Packages" /AN="1H1Q1V1N1N1O1R" /MBN="PDF Creator Packages"
Task: {51A427BB-2B0C-4F4B-B3BE-A9A2FAD1E4DF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {57799BD6-455E-4C11-B681-1B5A10F1C796} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2013-10-04] (TechSmith Corporation)
Task: {76F82560-6DA7-4132-8EEA-034B4CEF1C14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {7A0A46B6-48C9-4E98-B0E1-58A92FC05B98} - System32\Tasks\{C0A3453F-F59B-41F6-AF5C-A7BF3415AF66} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Task: {7E83B592-067F-4486-9D07-E9250B9FCC71} - System32\Tasks\{8DC9A3B1-9955-4D2E-8E23-E1AD9817AA96} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {8D39BC23-CB47-408E-BE53-D89D35E46A7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {97F77BDD-D8DB-4943-BA5F-5338F7E8A21E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-18] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001.job => C:\Users\Ute\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-20 13:57 - 2006-02-23 11:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll
2013-12-20 13:57 - 2006-02-22 10:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll
2013-10-18 10:59 - 2011-08-16 19:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2013-10-18 11:15 - 2013-05-14 19:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-01-09 14:35 - 2015-01-09 14:35 - 00010752 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\07504d0b\fa6973ba\App_Web_a0d7vllk.dll
2015-01-09 14:35 - 2015-01-09 14:35 - 00049152 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\07504d0b\fa6973ba\App_Web_r9q6hagu.dll
2014-01-25 02:22 - 2014-10-03 17:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-01-31 15:13 - 2014-12-08 07:27 - 06277952 _____ () C:\Users\Ute\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-02-02 08:37 - 2015-02-02 08:37 - 00793088 _____ () C:\Users\Ute\AppData\Local\Temp\is-K2DSP.tmp\PhraseExpressSetup.tmp
2015-02-02 08:37 - 2015-02-02 08:37 - 00793088 _____ () C:\Users\Ute\AppData\Local\Temp\is-2B70N.tmp\PhraseExpressSetup.tmp
2015-01-30 14:34 - 2013-11-26 10:52 - 02698240 _____ () C:\ProgramData\blue solution\Handwerk 5\ServiceProcs069DBDC7.aep
2013-12-16 19:57 - 2013-01-23 08:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-02-04 21:20 - 2015-01-14 23:34 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-02-04 21:20 - 2015-01-14 23:34 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-02-04 21:20 - 2015-01-14 23:34 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-01-31 14:37 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-31 14:37 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-01-31 14:37 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2015-02-02 08:37 - 2015-02-02 08:37 - 00013312 _____ () C:\Users\Ute\AppData\Local\Temp\is-U8BFN.tmp\_isetup\_isdecmp.dll
2015-01-08 21:44 - 2015-01-08 21:44 - 00750080 _____ () C:\Users\Ute\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-02 09:09 - 2015-02-02 09:09 - 00043008 _____ () c:\users\ute\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprzvn6m.dll
2015-01-08 21:44 - 2015-01-08 21:44 - 00047616 _____ () C:\Users\Ute\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-01-08 21:44 - 2015-01-08 21:44 - 00863744 _____ () C:\Users\Ute\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-01-08 21:44 - 2015-01-08 21:44 - 00200704 _____ () C:\Users\Ute\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Ute\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Ute\Desktop\Ihr Gutschein für druckerzubehoer.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\Ute\Desktop\Ihr Jochen Schweizer Beleg.eml:OECustomProperty
AlternateDataStreams: C:\Users\Ute\Desktop\[Ticket#10297215] Ihre Buchung bei Jochen Schweizer Erlebnisse.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "ISDNWatch.lnk"
HKLM\...\StartupApproved\StartupFolder: => "VR-NetWorld Auftragsprüfung.lnk"
HKLM\...\StartupApproved\Run: => "vksts"
HKLM\...\StartupApproved\Run: => "TrayApplication"
HKLM\...\StartupApproved\Run: => "CsrAudioguiCtrl"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LVT"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "BrMfcWnd"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "PPort11reminder"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PSUAMain"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\Run: => "PTOneClick"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "PTOneClick"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "PTOneClick"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\Run: => "PTOneClick"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\StartupApproved\Run: => "PTOneClick"

========================= Accounts: ==========================

admin (S-1-5-21-4278806244-3946690954-89611405-1005 - Administrator - Enabled) => C:\Users\admin
admin2 (S-1-5-21-4278806244-3946690954-89611405-1006 - Limited - Enabled) => C:\Users\admin2
Administrator (S-1-5-21-4278806244-3946690954-89611405-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-4278806244-3946690954-89611405-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4278806244-3946690954-89611405-1004 - Limited - Enabled)
Ute (S-1-5-21-4278806244-3946690954-89611405-1001 - Administrator - Enabled) => C:\Users\Ute

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2015 10:08:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1234

Startzeit: 01d03eb8d0528f9b

Endzeit: 0

Anwendungspfad: C:\WINDOWS\Explorer.EXE

Berichts-ID: dc484586-aaba-11e4-bf23-7427eae5d5e4

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/02/2015 09:09:45 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (02/01/2015 07:21:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm PhotoStory3.exe, Version 3.0.1115.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c94

Startzeit: 01d03e4b130d61c2

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\Photo Story 3 for Windows\PhotoStory3.exe

Berichts-ID: 008922a7-aa3f-11e4-bf23-7427eae5d5e4

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/01/2015 06:24:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (02/01/2015 06:24:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (02/01/2015 06:24:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (02/01/2015 06:24:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (02/01/2015 06:24:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (02/01/2015 07:54:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x64928b76
ID des fehlerhaften Prozesses: 0x2c8
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5

Error: (01/31/2015 08:50:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1a84
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5


System errors:
=============
Error: (02/01/2015 11:59:59 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/01/2015 11:59:59 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/01/2015 11:59:59 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/01/2015 11:59:59 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/01/2015 10:07:42 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/01/2015 10:07:12 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/01/2015 11:55:59 AM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/01/2015 11:55:29 AM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/01/2015 09:24:00 AM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/01/2015 09:23:30 AM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-02 08:56:07.806
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-02 08:56:07.697
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-02 08:56:07.588
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-02 08:56:04.149
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-02 08:56:04.040
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-02 08:56:03.024
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-01 22:22:12.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-01 22:22:12.131
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-01 22:22:11.959
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-01 22:22:11.771
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 66%
Total physical RAM: 4010.35 MB
Available physical RAM: 1332.11 MB
Total Pagefile: 5444.11 MB
Available Pagefile: 1709.58 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:439.16 GB) (Free:366.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A5C61E19)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 02.02.2015, 11:22   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Pande FW blockiert obwohl Programm deinstalliert - Standard

Pande FW blockiert obwohl Programm deinstalliert



Von Panda ist da nix mehr. Poste mal einen Screenshot von der Meldung.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.02.2015, 11:53   #5
Snoosel
 
Pande FW blockiert obwohl Programm deinstalliert - Standard

Pande FW blockiert obwohl Programm deinstalliert



Code:
ATTFilter
https://www.dropbox.com/sh/zs6g3939wwcmd33/AABESJ8fF_MMMSTCUne0yqjfa?dl=0
         
https://www.dropbox.com/sh/zs6g3939wwcmd33/AABESJ8fF_MMMSTCUne0yqjfa?dl=0


Alt 02.02.2015, 12:20   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Pande FW blockiert obwohl Programm deinstalliert - Standard

Pande FW blockiert obwohl Programm deinstalliert



Das ist keine Fehlermeldung sondern nur ein Hinweis. Und das ist auch irrelevant weil Panda nicht mehr aktiv bzw garnicht mehr installiert ist. Vermutlich sieht die Software noch irgendwelche übriggebliebenden Registyeinträge von Panda, die warum auch immer nicht gelöscht wurden.

Wo ist da jetzt das Problem?
__________________
--> Pande FW blockiert obwohl Programm deinstalliert

Alt 02.02.2015, 12:42   #7
Snoosel
 
Pande FW blockiert obwohl Programm deinstalliert - Standard

Pande FW blockiert obwohl Programm deinstalliert



Kein Problem, ich dachte es gäbe eins.

Danke, überwiesen wird die Spende heute noch.
Gruß Ute

Alt 02.02.2015, 13:13   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Pande FW blockiert obwohl Programm deinstalliert - Standard

Pande FW blockiert obwohl Programm deinstalliert



ok...

Zitat:
Wir haben eine AufmaßApp auf dem Tablet, mal hat sie Kontakt zum Hauptrechner, mal nicht. Der Support sucht sich schwindelig nach Fehlern.
Was meinste denn damit, in welchem Zusammenhang steht das?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.02.2015, 15:09   #9
Kronos60
 
Pande FW blockiert obwohl Programm deinstalliert - Standard

Pande FW blockiert obwohl Programm deinstalliert



Soviel ich weiß gibt es die Panda-Firewall in der Free-Version gar nicht.
Aber ich habe hier einen Panda-Uninstaller gefunden jage den einmal drüber vielleicht sind dann alle Reste weg:
http://www.netzwelt.de/download/13484-panda-uninstaller.html

Alt 02.02.2015, 17:55   #10
Snoosel
 
Pande FW blockiert obwohl Programm deinstalliert - Standard

Pande FW blockiert obwohl Programm deinstalliert




jetzt klappts. Nichts wird mehr angezeigt und der Download startet.
Tschüß Cosino

Ups,
nix Cosino.
Danke Kronos60

Alt 02.02.2015, 21:47   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Pande FW blockiert obwohl Programm deinstalliert - Standard

Pande FW blockiert obwohl Programm deinstalliert



stimmt, nix cosino, denn ich heiße cosinus

Schön, dass der Uninstaller geholfen hat, aber unschön ist es, wenn die eigene Uninstallroutine nicht weiß, was sie alles löschen muss
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.02.2015, 22:43   #12
Snoosel
 
Pande FW blockiert obwohl Programm deinstalliert - Standard

Pande FW blockiert obwohl Programm deinstalliert



Tja, die Datei hat eben nur das Wissen, mit dem sie programmiert wird.

Und keine Ahnung warum ich immer so´n Sch... habe. Vielleicht weils gut ist immer alles zu wissen? Bin ja schon Stammkunde hier.
Vielleicht meint das Schicksal ich soll hier ne Ausbildung machen,

So dann mal gurts Nächtle.
Tschüssie
Ute

Alt 02.02.2015, 22:54   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Pande FW blockiert obwohl Programm deinstalliert - Standard

Pande FW blockiert obwohl Programm deinstalliert



Nö, du kannst da nix für...das Problem liegt z.T. auch an Windows...
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Pande FW blockiert obwohl Programm deinstalliert
blockiert, deinstalliert, express, fehler, firewall, folge, folgende, folgenden, guten, heute, installieren, komisches, kontakt, monate, morgen, panda, pandafirewall, programm, programme, rechner, recht, sucht, support, tablet, verwenden, vieles, würde



Ähnliche Themen: Pande FW blockiert obwohl Programm deinstalliert


  1. Kriege ein Programm nicht deinstalliert
    Alles rund um Windows - 01.09.2015 (3)
  2. Avira : unerwünschtes Programm `TR/ATRAPS.Gen` wurde Blockiert
    Plagegeister aller Art und deren Bekämpfung - 14.12.2014 (14)
  3. Programm durch Gruppenrichtlinien blockiert
    Plagegeister aller Art und deren Bekämpfung - 10.12.2014 (23)
  4. Radio Canyon in der Symbolleiste obwohl deinstalliert
    Plagegeister aller Art und deren Bekämpfung - 07.11.2014 (23)
  5. Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 25.09.2014 (7)
  6. AVG - Programm wurde durch eine Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 05.09.2014 (7)
  7. Malwarebytes blockiert ein benötigtes Programm
    Antiviren-, Firewall- und andere Schutzprogramme - 02.09.2014 (12)
  8. Dieses Programm wurde durch Gruppenrechtlinien blockiert.....
    Plagegeister aller Art und deren Bekämpfung - 26.08.2014 (5)
  9. Irgendwas blockiert ein einzelnes Programm
    Antiviren-, Firewall- und andere Schutzprogramme - 16.05.2013 (6)
  10. Google, FB startet nicht, Delta Search vor einer Woche bereits deinstalliert, ungewollte Werbeeinblendungen ebenfalls bereits deinstalliert
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (7)
  11. Firewall blockiert Programm obwohl es Netzwerkzugang hat
    Log-Analyse und Auswertung - 17.10.2012 (20)
  12. Screen durch unbekanntes Programm blockiert; Taskmgr und Regedit blockiert.
    Plagegeister aller Art und deren Bekämpfung - 25.12.2011 (14)
  13. Screen durch unbekanntes Programm blockiert; Taskmgr und Regedit blockiert.
    Plagegeister aller Art und deren Bekämpfung - 23.12.2011 (2)
  14. Ominöses Programm blockiert Rettungsversuche
    Plagegeister aller Art und deren Bekämpfung - 01.11.2011 (9)
  15. Es läuft Musik obwohl kein Programm geöffnet ist und Internet explorer öffnet sich von selbst
    Log-Analyse und Auswertung - 16.02.2011 (21)
  16. PANDA deinstalliert, keine Namensauflösung mehr... Port blockiert?
    Antiviren-, Firewall- und andere Schutzprogramme - 15.10.2007 (7)
  17. Internetverbindung blockiert, obwohl Router online
    Plagegeister aller Art und deren Bekämpfung - 02.01.2006 (2)

Zum Thema Pande FW blockiert obwohl Programm deinstalliert - Hallo und guten Morgen, habe heute etwas recht komisches erlebt. Vor einigen Monaten wurde Panda installiert. Da es mir und meinem Rechner nur Schwierigkeiten machte, ist es jetzt weg, ....dachte - Pande FW blockiert obwohl Programm deinstalliert...
Archiv
Du betrachtest: Pande FW blockiert obwohl Programm deinstalliert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.