Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ich habe Probleme mit right coupon und anderem!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.04.2015, 12:41   #1
ChrisGi
 
Ich habe Probleme mit right coupon und anderem! - Standard

Ich habe Probleme mit right coupon und anderem!



Hallo,
und zwar habe ich wie im Header angegeben, dass ich mit right coupon Probleme habe!
Ich hab versucht es unter Programme deinstallieren ging leider nicht!
Auch im internet hab ich dazu nichts wirkungsvolles gefunden!

Desweiteren hab ich Probleme mit "hyperlinks" ->browser hijacker?
Sind meist grün oder blau doppelt unterstrichene wörter die verlinkt sind!
Ist auch ziehmlich nervig...
Hierbei hatte ich auch schon etliche male versucht das zu beheben aber ohne erfolg!

Bitte um Hilfe,
bin im Moment so verzweifelt, dass ich am liebsten den PC neu aufsetzen würde!
(das ich aber zu vermeiden versuche)

Hier der Auszug aus der FRST.txt!
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Christian (administrator) on CHRIS on 12-04-2015 13:48:05
Running from C:\Users\Christian\Downloads
Loaded Profiles: Christian &  (Available profiles: Christian)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Bohemia Interactive) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
() C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM\...\Run: [PocketCloud Location] => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe [883104 2012-05-11] (Wyse Technology Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2014-03-12] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [9797416 2015-02-25] (Visicom Media Inc.)
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001\...\Policies\system: [NoDispCPL] 0
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [9797416 2015-02-25] (Visicom Media Inc.)
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispCPL] 0
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [9797416 2015-02-25] (Visicom Media Inc.)
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [NoDispCPL] 0
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3726084679-4115828952-4147541340-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\c7l5xvuu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-14] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-15] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Extension: Avira Browser Safety - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\c7l5xvuu.default\Extensions\abs@avira.com [2015-04-01]
FF Extension: Mozilla Firefox Hotfixer - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\c7l5xvuu.default\Extensions\veggy@veggyAddon.com [2015-03-25]
FF Extension: Zoom It - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\c7l5xvuu.default\Extensions\{f442ece9-44e7-fe7e-383d-3ae2886516d9} [2015-04-11]
FF Extension: {636b874f-1c90-4a1a-b273-f9bd8d20edac} - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\c7l5xvuu.default\Extensions\{636b874f-1c90-4a1a-b273-f9bd8d20edac}.xpi [2015-02-14]
FF Extension: Video DownloadHelper - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\c7l5xvuu.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-30]
FF Extension: Adblock Plus - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\c7l5xvuu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-26]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-15] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-15] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-03-28] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-02-11] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-02-11] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [177056 2012-05-11] () [File not signed]
S2 4ef60154; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll",ENT

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-02-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-04] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49272 2014-12-29] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [40136 2015-03-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation                           )
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 13:14 - 2015-04-12 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wyse
2015-04-12 13:14 - 2015-04-12 13:14 - 00000000 ____D () C:\Program Files (x86)\Wyse
2015-04-12 12:42 - 2015-04-12 12:42 - 21178512 _____ (Wyse Technology) C:\Users\Christian\Downloads\PocketCloud Windows Companion_v2.4.19.exe
2015-04-12 12:42 - 2015-04-12 12:42 - 00000000 ____D () C:\Users\Christian\AppData\Local\Downloaded Installations
2015-04-12 12:30 - 2015-04-12 12:30 - 00000000 ____D () C:\Users\Christian\AppData\Local\PocketCloudDesktopApp
2015-04-12 12:26 - 2015-04-12 12:26 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\icons
2015-04-11 23:33 - 2015-04-11 23:33 - 00083150 _____ () C:\Users\Christian\Downloads\b19MGEx2.htm
2015-04-08 10:42 - 2015-04-08 10:42 - 00000000 ____D () C:\ProgramData\TightVNC
2015-04-08 10:42 - 2015-04-08 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2015-04-08 10:42 - 2015-04-08 10:42 - 00000000 ____D () C:\Program Files\TightVNC
2015-04-08 10:41 - 2015-04-08 10:41 - 02367488 _____ () C:\Users\Christian\Downloads\tightvnc-2.7.10-setup-64bit.msi
2015-04-08 10:39 - 2015-04-08 10:46 - 00000000 ____D () C:\Program Files\RealVNC
2015-04-08 10:39 - 2015-04-08 10:45 - 00000000 ____D () C:\Users\Christian\AppData\Local\RealVNC
2015-04-08 10:39 - 2015-04-08 10:39 - 12702888 _____ (RealVNC Ltd ) C:\Users\Christian\Downloads\VNC-5.2.3-Windows.exe
2015-04-08 10:39 - 2015-04-08 10:39 - 00000000 ____D () C:\ProgramData\RealVNC-Service
2015-04-06 17:40 - 2015-04-06 17:48 - 1652134629 _____ (Igor Pavlov) C:\Users\Christian\Downloads\RLP.exe
2015-04-06 17:33 - 2015-04-06 17:33 - 00000000 _____ () C:\autoexec.bat
2015-04-06 17:32 - 2015-04-06 17:49 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-04-06 17:32 - 2015-04-06 17:32 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-06 17:30 - 2015-04-06 17:31 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Christian\Downloads\SpyHunter-installer.exe
2015-04-06 13:11 - 2015-04-06 13:11 - 00000000 ____D () C:\Users\Christian\Desktop\Bandicam
2015-04-05 21:45 - 2015-04-05 21:46 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 21:45 - 2015-04-05 21:45 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-01 22:29 - 2015-04-01 22:29 - 00001265 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-04-01 22:29 - 2015-04-01 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-04-01 22:28 - 2015-04-01 22:29 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-04-01 22:28 - 2015-04-01 22:28 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-04-01 22:27 - 2015-04-01 22:29 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\DVDVideoSoft
2015-04-01 22:27 - 2015-04-01 22:27 - 64578440 _____ (DVDVideoSoft Ltd. ) C:\Users\Christian\Downloads\FreeStudio.exe
2015-03-30 23:00 - 2015-03-30 23:00 - 00000000 ____D () C:\ProgramData\Samsung
2015-03-30 22:59 - 2015-03-30 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2015-03-30 22:59 - 2015-03-30 22:59 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2015-03-30 22:58 - 2015-03-30 22:59 - 00000000 ____D () C:\Users\Christian\Documents\SelfMV
2015-03-30 22:58 - 2015-03-30 22:58 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2015-03-30 22:57 - 2015-03-30 23:00 - 00000000 ____D () C:\Users\Christian\Documents\samsung
2015-03-30 22:57 - 2015-03-30 22:58 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Samsung
2015-03-30 22:57 - 2015-03-30 22:57 - 42543488 _____ (Samsung Electronics Co., Ltd.) C:\Users\Christian\Downloads\Kies3Setup.exe
2015-03-30 22:57 - 2015-03-30 22:57 - 00001993 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2015-03-30 22:57 - 2015-03-30 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-03-30 22:57 - 2015-03-30 22:57 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-03-30 22:57 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2015-03-30 22:34 - 2015-03-30 22:34 - 00000000 ____D () C:\Users\Christian\dwhelper
2015-03-30 21:14 - 2015-03-30 21:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-03-28 13:30 - 2015-03-28 13:30 - 00002081 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-03-28 13:26 - 2015-03-13 17:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-28 13:24 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-28 13:24 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 00833680 _____ () C:\Windows\system32\nvmcumd.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-03-28 13:24 - 2015-03-13 21:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 00101576 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-03-28 13:24 - 2015-03-13 21:41 - 00040136 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-03-28 13:24 - 2015-03-13 21:41 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-03-28 13:21 - 2015-04-03 12:23 - 00001401 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-03-28 13:21 - 2015-03-28 13:21 - 34603752 _____ (NVIDIA Corporation) C:\Users\Christian\Downloads\GeForce_Experience_v2.2.2.0.exe
2015-03-28 13:21 - 2015-03-28 13:21 - 00000000 ____D () C:\Users\Christian\AppData\Local\NVIDIA Corporation
2015-03-28 13:21 - 2015-03-28 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-28 13:21 - 2015-03-28 05:44 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 13:21 - 2015-03-28 05:44 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 13:21 - 2015-03-28 05:43 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 13:21 - 2015-03-28 05:43 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-28 13:21 - 2014-11-22 12:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-03-28 13:21 - 2014-11-22 12:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-03-28 13:21 - 2014-11-22 12:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-03-28 13:15 - 2015-04-11 15:42 - 00000000 ____D () C:\Users\Christian\AppData\Local\Arma 3 Launcher
2015-03-28 13:15 - 2015-03-28 13:15 - 00000000 ____D () C:\Users\Christian\AppData\Local\Bohemia_Interactive
2015-03-27 16:41 - 2015-03-27 16:48 - 00001661 _____ () C:\Users\Christian\Desktop\Neues Textdokument.txt
2015-03-26 18:40 - 2015-03-26 18:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-25 18:20 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 18:20 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-25 18:20 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 18:20 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 18:20 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 18:20 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 18:20 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-22 19:34 - 2015-03-22 19:34 - 00024277 _____ () C:\Users\Christian\Downloads\Addition.txt
2015-03-22 19:32 - 2015-04-12 13:48 - 00022020 _____ () C:\Users\Christian\Downloads\FRST.txt
2015-03-22 19:32 - 2015-04-12 13:48 - 00000000 ____D () C:\FRST
2015-03-22 19:32 - 2015-03-22 19:32 - 02095616 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2015-03-15 21:15 - 2015-03-15 21:18 - 00000000 ____D () C:\AdwCleaner
2015-03-15 21:15 - 2015-03-15 21:15 - 02171392 _____ () C:\Users\Christian\Downloads\adwcleaner_4.112.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 13:47 - 2015-03-07 14:41 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Nitro PDF
2015-04-12 13:18 - 2015-02-11 12:25 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3726084679-4115828952-4147541340-1001
2015-04-12 13:11 - 2015-02-14 03:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-12 13:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-12 12:49 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-12 12:36 - 2014-10-21 10:07 - 01453160 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 12:26 - 2015-02-11 16:24 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-12 11:52 - 2015-02-11 19:06 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-12 11:17 - 2015-02-11 12:43 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2F682299-1898-488B-AFA2-81C0F099C3E7}
2015-04-12 11:15 - 2015-02-12 17:43 - 00000000 ____D () C:\Users\Christian\AppData\Local\Arma 3
2015-04-12 11:14 - 2014-09-30 00:52 - 00000450 _____ () C:\Windows\Tasks\simplitec Service Provider.job
2015-04-09 20:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-08 10:47 - 2015-02-24 12:53 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Skype
2015-04-07 21:26 - 2015-02-11 12:19 - 00000000 ____D () C:\Users\Christian
2015-04-07 19:59 - 2015-02-14 03:06 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Avira
2015-04-07 19:59 - 2015-02-14 03:05 - 00002026 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-04-07 19:59 - 2015-02-14 03:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-07 19:59 - 2015-02-14 03:04 - 00000000 ____D () C:\ProgramData\Avira
2015-04-07 19:59 - 2014-04-28 13:38 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2015-04-07 19:59 - 2014-04-28 13:38 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2015-04-07 19:59 - 2014-03-18 17:26 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-07 19:53 - 2014-09-29 22:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-07 19:53 - 2013-08-22 16:46 - 00115425 _____ () C:\Windows\setupact.log
2015-04-07 19:53 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-07 19:52 - 2014-03-18 10:16 - 00520102 _____ () C:\Windows\PFRO.log
2015-04-07 19:52 - 2013-08-22 17:43 - 00000000 ____D () C:\Windows\DigitalLocker
2015-04-06 21:39 - 2015-02-18 16:01 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\TS3Client
2015-03-30 22:57 - 2014-04-25 09:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-28 13:26 - 2014-09-29 22:15 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-28 13:26 - 2014-09-29 22:15 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-28 13:25 - 2014-09-29 22:15 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-28 13:21 - 2015-02-11 12:20 - 00000000 ____D () C:\Users\Christian\AppData\Local\NVIDIA
2015-03-28 13:18 - 2015-02-11 13:52 - 00000000 ____D () C:\ProgramData\Origin
2015-03-28 13:17 - 2015-02-11 13:52 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-28 13:10 - 2015-02-15 15:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-28 13:10 - 2014-04-29 12:58 - 00000000 ____D () C:\Windows\sv
2015-03-28 13:08 - 2015-02-11 20:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-28 13:08 - 2015-02-11 20:53 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 18:23 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-21 14:25 - 2015-02-14 05:02 - 00001408 _____ () C:\Users\Christian\AppData\Roaming\BreakingPoint_Options.ini
2015-03-21 13:59 - 2015-02-14 05:01 - 00000302 _____ () C:\Users\Christian\AppData\Roaming\BreakingPoint_Login.ini
2015-03-17 19:20 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-03-13 21:41 - 2014-09-29 22:15 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-13 21:41 - 2014-09-29 22:15 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-13 21:41 - 2014-09-29 22:15 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 21:41 - 2014-09-29 22:15 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 21:41 - 2014-09-29 22:15 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 21:41 - 2014-09-29 22:15 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-03-13 21:41 - 2014-09-29 22:15 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-13 21:41 - 2014-09-29 22:15 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-13 21:41 - 2014-09-29 22:15 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 18:16 - 2014-09-29 22:16 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 18:16 - 2014-09-29 22:16 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 18:16 - 2014-09-29 22:16 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 18:16 - 2014-09-29 22:16 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 18:16 - 2014-09-29 22:16 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 18:16 - 2014-09-29 22:16 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

==================== Files in the root of some directories =======

2015-02-14 05:01 - 2015-03-21 13:59 - 0000302 _____ () C:\Users\Christian\AppData\Roaming\BreakingPoint_Login.ini
2015-02-14 05:02 - 2015-03-21 14:25 - 0001408 _____ () C:\Users\Christian\AppData\Roaming\BreakingPoint_Options.ini
2015-02-12 16:49 - 2015-02-12 16:49 - 0000046 _____ () C:\Users\Christian\AppData\Roaming\WB.CFG
2014-09-29 22:17 - 2014-09-29 22:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-30 00:43 - 2014-09-30 00:44 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-30 00:28 - 2014-09-30 00:29 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-30 00:43 - 2014-09-30 00:43 - 0000032 _____ () C:\ProgramData\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}.log
2014-09-30 00:42 - 2014-09-30 00:42 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-30 00:26 - 2014-09-30 00:27 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2014-09-30 00:42 - 2014-09-30 00:42 - 0000032 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log
2014-09-30 00:27 - 2014-09-30 00:28 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2014-09-30 00:29 - 2014-09-30 00:29 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\7748F927-9B3B-1CB6-CF6B-C62F6F1F287F.dll
C:\Users\Christian\AppData\Local\Temp\7748F927-9B3B-1CB6-CF6B-C62F6F1F287F.exe
C:\Users\Christian\AppData\Local\Temp\AppLauncher.exe
C:\Users\Christian\AppData\Local\Temp\avgnt.exe
C:\Users\Christian\AppData\Local\Temp\bdfilters.dll
C:\Users\Christian\AppData\Local\Temp\D60CD6E2-FE24-B932-D475-E69D71B0BD3F.exe
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe
C:\Users\Christian\AppData\Local\Temp\SHSetup.exe
C:\Users\Christian\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Christian\AppData\Local\Temp\sonarinst.exe
C:\Users\Christian\AppData\Local\Temp\SpOrder.dll
C:\Users\Christian\AppData\Local\Temp\sqlite3.dll
C:\Users\Christian\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-10 18:40

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Addition.txt
Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Christian at 2015-04-12 14:26:16
Running from C:\Users\Christian\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\Ashampoo HDD Control 2_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 4 v.4.0.1 (HKLM-x32\...\Ashampoo Music Studio 4_is1) (Version: 4.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 10 v.10.1.3 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.1.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 5 v.5.1.2 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.2 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio HD 2 v.2.0.5 (HKLM-x32\...\Ashampoo Slideshow Studio HD 2_is1) (Version: 2.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 5 v.5.1.5 (HKLM-x32\...\Ashampoo Snap 5_is1) (Version: 5.1.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Ashampoo Video Styler v.1.0.1 (HKLM-x32\...\Ashampoo Video Styler_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM-x32\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.3.757 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4430.0 - CyberLink Corp.)
CyberLink PhotoDirector 5 (Version: 5.0.4430.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2230.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2230.0 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.3019 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.3019 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.05 - NCH Software)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Studio version 6.5.0.324 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.324 - DVDVideoSoft Ltd.)
Galeria de Fotografias (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
ManyCam 4.1.1 (HKLM-x32\...\ManyCam) (Version: 4.1.1 - Visicom Media Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-3726084679-4115828952-4147541340-1001\...\MyFreeCodec) (Version: - )
MyFreeCodec (HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version: - )
MyFreeCodec (HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MyFreeCodec) (Version: - )
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
Nitro Pro 9 (HKLM\...\{199748CD-E046-4D0F-A9D1-0712EE050EFC}) (Version: 9.5.1.5 - Nitro)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
PocketCloud Windows Companion (HKLM-x32\...\{8C8C169B-D493-42C7-A975-7C1E0E4C5847}) (Version: 2.5.13 - Wyse Technology)
Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
simplifast (HKLM-x32\...\simplitec POWER SUITE_is1) (Version: 1.5.3.6 - simplitec GmbH)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Valokuvavalikoima (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Συλλογή φωτογραφιών (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

25-03-2015 18:49:16 Windows Update
30-03-2015 21:12:03 Windows Update
05-04-2015 21:45:03 Windows Update
08-04-2015 10:41:27 Installed TightVNC
12-04-2015 12:25:49 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {284A82A0-D987-48D9-8425-55864CE7BAD2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-14] (Adobe Systems Incorporated)
Task: {4035D727-9479-413A-BEFD-A5163E847261} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {7379F56C-8CBC-42B9-ABCB-599081A5B8BF} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {843B28ED-2FF1-454A-A850-BD80F684739A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {9F41FF75-44A8-46AE-9AA2-71F451322097} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {A86B678E-FDD0-462B-8C12-25149C559760} - System32\Tasks\simplitec Service Provider => C:\Program Files (x86)\simplitec\simplifast\ServiceProvider.exe
Task: {C0F8A9F4-1F1C-4B1A-803E-9C1A14E641E9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {D4E70877-0959-4E94-B8C2-57D5B72F258C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {D59C0E97-710C-4611-979D-D0A6876F56BA} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe [2014-05-27] (CyberLink Corp.)
Task: {FDA49FBD-BCDC-4761-A5D9-F4A3DA281E42} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\simplitec Service Provider.job => C:\Program Files (x86)\simplitec\simplifast\ServiceProvider.exe

==================== Loaded Modules (whitelisted) ==============

2014-09-30 00:51 - 2012-07-30 11:48 - 01518504 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-15 19:39 - 2014-05-15 19:39 - 00417800 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2015-02-11 16:47 - 2015-02-11 16:47 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-09-30 00:42 - 2012-08-08 22:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-09-29 22:16 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-28 13:21 - 2015-03-28 05:45 - 00721552 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2015-03-28 13:21 - 2015-03-28 05:45 - 00854160 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2012-11-05 15:01 - 2012-11-05 15:01 - 00191488 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
2012-11-05 15:04 - 2012-11-05 15:04 - 00071680 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\ServerNetworkInterface.dll
2012-11-05 15:04 - 2012-11-05 15:04 - 02216448 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\AetherCommLib.dll
2012-11-05 15:04 - 2012-11-05 15:04 - 00078336 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseWebServerLib.DLL
2014-09-27 02:01 - 2013-09-04 01:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-04-03 12:23 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-02-11 19:07 - 2015-03-10 08:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-02-11 19:07 - 2014-12-02 02:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-02-11 19:07 - 2015-04-09 20:38 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
2015-02-11 19:07 - 2014-12-02 02:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-02-11 19:07 - 2014-12-02 02:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-02-11 19:07 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-02-11 19:07 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-02-11 19:07 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-02-11 19:07 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-02-11 19:07 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-02-11 19:07 - 2015-04-09 20:38 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-09-30 00:29 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-02-11 19:07 - 2015-02-25 03:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3726084679-4115828952-4147541340-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\OEM\wallpaper.jpg
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\OEM\wallpaper.jpg
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\OEM\wallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3726084679-4115828952-4147541340-1001\...\StartupApproved\StartupFolder: => "ARMA.3.Crack.Only-RELOADED.lnk"
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "ARMA.3.Crack.Only-RELOADED.lnk"
HKU\S-1-5-21-3726084679-4115828952-4147541340-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\StartupFolder: => "ARMA.3.Crack.Only-RELOADED.lnk"

==================== Accounts: =============================

Administrator (S-1-5-21-3726084679-4115828952-4147541340-500 - Administrator - Disabled)
Christian (S-1-5-21-3726084679-4115828952-4147541340-1001 - Administrator - Enabled) => C:\Users\Christian
Gast (S-1-5-21-3726084679-4115828952-4147541340-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3726084679-4115828952-4147541340-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2015 00:38:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PocketCloudService.exe, Version: 2.7.18.0, Zeitstempel: 0x52810076
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54505737
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008b9c
ID des fehlerhaften Prozesses: 0x360
Startzeit der fehlerhaften Anwendung: 0xPocketCloudService.exe0
Pfad der fehlerhaften Anwendung: PocketCloudService.exe1
Pfad des fehlerhaften Moduls: PocketCloudService.exe2
Berichtskennung: PocketCloudService.exe3
Vollständiger Name des fehlerhaften Pakets: PocketCloudService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PocketCloudService.exe5

Error: (04/12/2015 00:38:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: PocketCloudService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Net.WebException
Stapel:
bei System.Net.ServicePoint.ConnectSocketCallback(System.IAsyncResult)
bei System.Net.LazyAsyncResult.Complete(IntPtr)
bei System.Net.ContextAwareResult.Complete(IntPtr)
bei System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
bei System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (04/12/2015 00:37:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PocketCloudService.exe, Version: 2.7.18.0, Zeitstempel: 0x52810076
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54505737
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008b9c
ID des fehlerhaften Prozesses: 0x2104
Startzeit der fehlerhaften Anwendung: 0xPocketCloudService.exe0
Pfad der fehlerhaften Anwendung: PocketCloudService.exe1
Pfad des fehlerhaften Moduls: PocketCloudService.exe2
Berichtskennung: PocketCloudService.exe3
Vollständiger Name des fehlerhaften Pakets: PocketCloudService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PocketCloudService.exe5

Error: (04/12/2015 00:37:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: PocketCloudService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Net.WebException
Stapel:
bei System.Net.ServicePoint.ConnectSocketCallback(System.IAsyncResult)
bei System.Net.LazyAsyncResult.Complete(IntPtr)
bei System.Net.ContextAwareResult.Complete(IntPtr)
bei System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
bei System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (04/12/2015 00:36:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PocketCloudService.exe, Version: 2.7.18.0, Zeitstempel: 0x52810076
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54505737
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008b9c
ID des fehlerhaften Prozesses: 0x618
Startzeit der fehlerhaften Anwendung: 0xPocketCloudService.exe0
Pfad der fehlerhaften Anwendung: PocketCloudService.exe1
Pfad des fehlerhaften Moduls: PocketCloudService.exe2
Berichtskennung: PocketCloudService.exe3
Vollständiger Name des fehlerhaften Pakets: PocketCloudService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PocketCloudService.exe5

Error: (04/12/2015 00:36:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: PocketCloudService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Net.WebException
Stapel:
bei System.Net.ServicePoint.ConnectSocketCallback(System.IAsyncResult)
bei System.Net.LazyAsyncResult.Complete(IntPtr)
bei System.Net.ContextAwareResult.Complete(IntPtr)
bei System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
bei System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (04/12/2015 00:36:10 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (04/12/2015 00:31:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PocketCloudService.exe, Version: 2.7.18.0, Zeitstempel: 0x52810076
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54505737
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008b9c
ID des fehlerhaften Prozesses: 0x2314
Startzeit der fehlerhaften Anwendung: 0xPocketCloudService.exe0
Pfad der fehlerhaften Anwendung: PocketCloudService.exe1
Pfad des fehlerhaften Moduls: PocketCloudService.exe2
Berichtskennung: PocketCloudService.exe3
Vollständiger Name des fehlerhaften Pakets: PocketCloudService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PocketCloudService.exe5

Error: (04/12/2015 00:31:24 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: PocketCloudService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Net.WebException
Stapel:
bei System.Net.ServicePoint.ConnectSocketCallback(System.IAsyncResult)
bei System.Net.LazyAsyncResult.Complete(IntPtr)
bei System.Net.ContextAwareResult.Complete(IntPtr)
bei System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
bei System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (04/12/2015 00:30:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PocketCloudService.exe, Version: 2.7.18.0, Zeitstempel: 0x52810076
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54505737
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008b9c
ID des fehlerhaften Prozesses: 0x2340
Startzeit der fehlerhaften Anwendung: 0xPocketCloudService.exe0
Pfad der fehlerhaften Anwendung: PocketCloudService.exe1
Pfad des fehlerhaften Moduls: PocketCloudService.exe2
Berichtskennung: PocketCloudService.exe3
Vollständiger Name des fehlerhaften Pakets: PocketCloudService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PocketCloudService.exe5


System errors:
=============
Error: (04/12/2015 01:54:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Wyse PocketCloud" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/12/2015 00:50:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Wyse PocketCloud" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/12/2015 00:38:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Wyse PocketCloud" wurde unerwartet beendet. Dies ist bereits 7 Mal passiert.

Error: (04/12/2015 00:37:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Wyse PocketCloud" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.

Error: (04/12/2015 00:36:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Wyse PocketCloud" wurde unerwartet beendet. Dies ist bereits 5 Mal passiert.

Error: (04/12/2015 00:31:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Wyse PocketCloud" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.

Error: (04/12/2015 00:31:21 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Wyse PocketCloud" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (04/12/2015 00:30:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Wyse PocketCloud" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (04/12/2015 00:30:49 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Wyse PocketCloud" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (04/12/2015 00:30:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Wyse PocketCloud" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (04/12/2015 00:38:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PocketCloudService.exe2.7.18.052810076KERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9c36001d0750cad962339C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exeC:\Windows\system32\KERNELBASE.dllfd25eb6f-e0ff-11e4-82a6-c03fd5accd4b

Error: (04/12/2015 00:38:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: PocketCloudService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Net.WebException
Stapel:
bei System.Net.ServicePoint.ConnectSocketCallback(System.IAsyncResult)
bei System.Net.LazyAsyncResult.Complete(IntPtr)
bei System.Net.ContextAwareResult.Complete(IntPtr)
bei System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
bei System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (04/12/2015 00:37:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PocketCloudService.exe2.7.18.052810076KERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9c210401d0750c9655d884C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exeC:\Windows\system32\KERNELBASE.dlle47704cb-e0ff-11e4-82a6-c03fd5accd4b

Error: (04/12/2015 00:37:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: PocketCloudService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Net.WebException
Stapel:
bei System.Net.ServicePoint.ConnectSocketCallback(System.IAsyncResult)
bei System.Net.LazyAsyncResult.Complete(IntPtr)
bei System.Net.ContextAwareResult.Complete(IntPtr)
bei System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
bei System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (04/12/2015 00:36:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PocketCloudService.exe2.7.18.052810076KERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9c61801d0750c709b2f8dC:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exeC:\Windows\system32\KERNELBASE.dllcbc33830-e0ff-11e4-82a6-c03fd5accd4b

Error: (04/12/2015 00:36:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: PocketCloudService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Net.WebException
Stapel:
bei System.Net.ServicePoint.ConnectSocketCallback(System.IAsyncResult)
bei System.Net.LazyAsyncResult.Complete(IntPtr)
bei System.Net.ContextAwareResult.Complete(IntPtr)
bei System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
bei System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (04/12/2015 00:36:10 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883

Error: (04/12/2015 00:31:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PocketCloudService.exe2.7.18.052810076KERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9c231401d0750bc351d534C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exeC:\Windows\system32\KERNELBASE.dll10d6c8f0-e0ff-11e4-82a6-c03fd5accd4b

Error: (04/12/2015 00:31:24 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: PocketCloudService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Net.WebException
Stapel:
bei System.Net.ServicePoint.ConnectSocketCallback(System.IAsyncResult)
bei System.Net.LazyAsyncResult.Complete(IntPtr)
bei System.Net.ContextAwareResult.Complete(IntPtr)
bei System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
bei System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (04/12/2015 00:30:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PocketCloudService.exe2.7.18.052810076KERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9c234001d0750bb082da24C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exeC:\Windows\system32\KERNELBASE.dllfe14ca7d-e0fe-11e4-82a6-c03fd5accd4b


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 42%
Total physical RAM: 8144.44 MB
Available physical RAM: 4679.34 MB
Total Pagefile: 10320.44 MB
Available Pagefile: 5661.08 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:739.58 GB) NTFS
Drive d: (Recover) (Fixed) (Total:59.99 GB) (Free:40.51 GB) NTFS
Drive g: (My Book) (Fixed) (Total:3725.99 GB) (Free:3028.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.

==================== End Of Log ============================
Mfg Chris

Geändert von ChrisGi (12.04.2015 um 13:28 Uhr)

Alt 12.04.2015, 13:06   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Ich habe Probleme mit right coupon und anderem! - Standard

Ich habe Probleme mit right coupon und anderem!



hi,

Addition.txt fehlt noch
__________________

__________________

Alt 12.04.2015, 13:11   #3
ChrisGi
 
Ich habe Probleme mit right coupon und anderem! - Standard

Ich habe Probleme mit right coupon und anderem!



oops!
Is ergänzt
__________________

Alt 12.04.2015, 18:44   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Ich habe Probleme mit right coupon und anderem! - Standard

Ich habe Probleme mit right coupon und anderem!



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Ich habe Probleme mit right coupon und anderem!
anderem, askbar, aufsetzen, beheben, blau, browser, browser hijacker, deinstalliere, deinstallieren, doppel, doppelt, etliche, hijacker, hyperlinks, interne, internet, neu, nichts, probleme, programme, verlinkt, vermeide, versuche, versucht, verzweifelt, würde



Ähnliche Themen: Ich habe Probleme mit right coupon und anderem!


  1. Ads By Piggy Coupon entfernen
    Anleitungen, FAQs & Links - 24.10.2015 (2)
  2. Ich habe eien E Mail von einem Online Anwalt erhalten mit Anlage, die ich geöffnet habe. Seit dem Probleme
    Log-Analyse und Auswertung - 10.04.2014 (13)
  3. Habe da einige Probleme.
    Log-Analyse und Auswertung - 23.02.2014 (3)
  4. Explorer und Chrome können sich zeitweise nicht ins www wählen, mit anderem Rechner keine Probleme und auch Internetzugriff vorhanden
    Log-Analyse und Auswertung - 18.10.2013 (1)
  5. habe Probleme mit MonsterMarketplace.com
    Plagegeister aller Art und deren Bekämpfung - 11.10.2013 (9)
  6. Windows Vista diverse Probleme, unter anderem Abstürze und Grafik/Soundprobleme in Spielen
    Log-Analyse und Auswertung - 18.09.2013 (11)
  7. Habe Probleme mit meinem PC
    Log-Analyse und Auswertung - 06.12.2010 (19)
  8. Habe mir einiges eingefangen unter anderem Ravemon.exe
    Log-Analyse und Auswertung - 28.02.2010 (6)
  9. habe ich trojaner probleme?
    Log-Analyse und Auswertung - 22.11.2008 (1)
  10. habe Probleme
    Antiviren-, Firewall- und andere Schutzprogramme - 30.12.2007 (4)
  11. Habe Probleme mit BIOS!!
    Alles rund um Windows - 11.08.2007 (17)
  12. habe probleme mit `TR/SPY.Bzub.B`
    Log-Analyse und Auswertung - 09.08.2007 (1)
  13. Habe PRobleme
    Log-Analyse und Auswertung - 07.09.2006 (5)
  14. Habe Trojaner Probleme
    Log-Analyse und Auswertung - 10.01.2005 (4)
  15. Habe Probleme
    Log-Analyse und Auswertung - 30.11.2004 (35)
  16. ich habe 2 probleme.
    Log-Analyse und Auswertung - 12.11.2004 (9)
  17. Habe Probleme mit IE6
    Plagegeister aller Art und deren Bekämpfung - 18.01.2004 (2)

Zum Thema Ich habe Probleme mit right coupon und anderem! - Hallo, und zwar habe ich wie im Header angegeben, dass ich mit right coupon Probleme habe! Ich hab versucht es unter Programme deinstallieren ging leider nicht! Auch im internet hab - Ich habe Probleme mit right coupon und anderem!...
Archiv
Du betrachtest: Ich habe Probleme mit right coupon und anderem! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.