| seb-soft | 05.04.2015 12:26 |
Allen erstmal ein Frohes Osterfest.
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by seb (administrator) on SEB-PC on 05-04-2015 13:15:45
Running from C:\Unzipped
Loaded Profiles: seb (Available profiles: seb)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Englisch (USA)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Acronis) C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Cerious Software, Inc.) C:\Program Files (x86)\ThumbsPlus 7x deutsch\Thumbs.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_31\bin\java.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [136544 2009-11-10] (Seagate)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [1352480 2009-11-10] (Seagate)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe [906912 2009-11-10] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2489456 2010-12-17] (VIA)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\f0691044-5155-4c8a-a881-249948816748.exe [183232 2015-03-27] (AVAST Software)
HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe [960688 2015-02-05] (Adobe Systems Incorporated)
HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-09] (AVAST Software)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-09] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\seb\AppData\Roaming\Mozilla\Firefox\Profiles\bfj3vrht.default-1421832937164
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-10-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-10-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\seb\AppData\Roaming\Mozilla\Firefox\Profiles\bfj3vrht.default-1421832937164\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-14]
FF Extension: Adblock Plus - C:\Users\seb\AppData\Roaming\Mozilla\Firefox\Profiles\bfj3vrht.default-1421832937164\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-15]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\seb\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\seb\AppData\Roaming\IDM\idmmzcc5 [2015-04-02]
FF HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\seb\AppData\Roaming\IDM\idmmzcc5
Chrome:
=======
CHR Profile: C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-15]
CHR Extension: (Google Drive) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-15]
CHR Extension: (YouTube) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-15]
CHR Extension: (Google Search) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-15]
CHR Extension: (Gmail) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-15]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-02]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-02]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-09] (AVAST Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 Aspi32; C:\Windows\SysWow64\Drivers\Aspi32.sys [23936 1997-12-23] (Adaptec)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-09] ()
S3 cpuz130; No ImagePath
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S4 NVHDA; No ImagePath
R3 SAllBDA; C:\Windows\System32\Drivers\TeViiS2.sys [149128 2011-05-23] (TeVii Technology Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-12-16] ()
S3 Synth3dVsc; No ImagePath
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath
R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [10368 2009-09-16] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-05 13:15 - 2015-04-05 13:15 - 00000000 ____D () C:\FRST
2015-04-05 12:29 - 2015-04-05 12:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-03 22:40 - 2015-04-03 22:40 - 00003034 _____ () C:\Windows\System32\Tasks\Hessen_Dingsda_ab_2015_04_06_1032
2015-04-03 22:40 - 2015-04-03 22:40 - 00003034 _____ () C:\Windows\System32\Tasks\Hessen_Dingsda_ab_2015_04_06
2015-04-03 22:40 - 2015-04-03 22:40 - 00002888 _____ () C:\Windows\System32\Tasks\Hessen_Dingsda_ab_2015_04_06_PreStarter
2015-04-03 22:40 - 2015-04-03 22:40 - 00002888 _____ () C:\Windows\System32\Tasks\Hessen_Dingsda_ab_2015_04_06_1032_PreStarter
2015-04-03 22:40 - 2015-04-03 22:40 - 00000502 _____ () C:\Windows\Tasks\Hessen_Dingsda_ab_2015_04_06_1032.job
2015-04-03 22:40 - 2015-04-03 22:40 - 00000502 _____ () C:\Windows\Tasks\Hessen_Dingsda_ab_2015_04_06.job
2015-04-03 22:40 - 2015-04-03 22:40 - 00000356 _____ () C:\Windows\Tasks\Hessen_Dingsda_ab_2015_04_06_PreStarter.job
2015-04-03 22:40 - 2015-04-03 22:40 - 00000356 _____ () C:\Windows\Tasks\Hessen_Dingsda_ab_2015_04_06_1032_PreStarter.job
2015-04-02 15:54 - 2015-03-27 02:10 - 00192984 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-03-29 17:15 - 2015-03-29 17:15 - 00003044 _____ () C:\Windows\System32\Tasks\Tatort_Matterhorn_ab_2015_04_06
2015-03-29 17:15 - 2015-03-29 17:15 - 00002898 _____ () C:\Windows\System32\Tasks\Tatort_Matterhorn_ab_2015_04_06_PreStarter
2015-03-29 17:15 - 2015-03-29 17:15 - 00000512 _____ () C:\Windows\Tasks\Tatort_Matterhorn_ab_2015_04_06.job
2015-03-29 17:15 - 2015-03-29 17:15 - 00000366 _____ () C:\Windows\Tasks\Tatort_Matterhorn_ab_2015_04_06_PreStarter.job
2015-03-29 17:01 - 2015-03-29 17:01 - 00003044 _____ () C:\Windows\System32\Tasks\Spiel_mit_der_Angst_ab_2015_04_26
2015-03-29 17:01 - 2015-03-29 17:01 - 00002900 _____ () C:\Windows\System32\Tasks\Spiel_mit_der_Angst_ab_2015_04_26_PreStarter
2015-03-29 17:01 - 2015-03-29 17:01 - 00000512 _____ () C:\Windows\Tasks\Spiel_mit_der_Angst_ab_2015_04_26.job
2015-03-29 17:01 - 2015-03-29 17:01 - 00000368 _____ () C:\Windows\Tasks\Spiel_mit_der_Angst_ab_2015_04_26_PreStarter.job
2015-03-29 16:57 - 2015-03-29 16:57 - 00003046 _____ () C:\Windows\System32\Tasks\Mitternachtsspitzen_ab_2015_04_25
2015-03-29 16:57 - 2015-03-29 16:57 - 00002900 _____ () C:\Windows\System32\Tasks\Mitternachtsspitzen_ab_2015_04_25_PreStarter
2015-03-29 16:57 - 2015-03-29 16:57 - 00000514 _____ () C:\Windows\Tasks\Mitternachtsspitzen_ab_2015_04_25.job
2015-03-29 16:57 - 2015-03-29 16:57 - 00000368 _____ () C:\Windows\Tasks\Mitternachtsspitzen_ab_2015_04_25_PreStarter.job
2015-03-29 16:55 - 2015-03-30 13:10 - 00000526 _____ () C:\Windows\Tasks\Die_Sendung_mit_der_Maus_ab_2015_03_30.job
2015-03-29 16:55 - 2015-03-30 12:08 - 00000380 _____ () C:\Windows\Tasks\Die_Sendung_mit_der_Maus_ab_2015_03_30_PreStarter.job
2015-03-29 16:55 - 2015-03-29 16:55 - 00003390 _____ () C:\Windows\System32\Tasks\Die_Sendung_mit_der_Maus_ab_2015_03_30
2015-03-29 16:55 - 2015-03-29 16:55 - 00003244 _____ () C:\Windows\System32\Tasks\Die_Sendung_mit_der_Maus_ab_2015_03_30_PreStarter
2015-03-21 20:51 - 2015-03-26 22:52 - 00000504 _____ () C:\Windows\Tasks\Ginger_Rosa_ab_2015_04_15.job
2015-03-21 20:51 - 2015-03-26 22:52 - 00000358 _____ () C:\Windows\Tasks\Ginger_Rosa_ab_2015_04_15_PreStarter.job
2015-03-21 20:51 - 2015-03-21 20:51 - 00003036 _____ () C:\Windows\System32\Tasks\Ginger_Rosa_ab_2015_04_15
2015-03-21 20:51 - 2015-03-21 20:51 - 00002890 _____ () C:\Windows\System32\Tasks\Ginger_Rosa_ab_2015_04_15_PreStarter
2015-03-21 20:49 - 2015-03-26 22:52 - 00000628 _____ () C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_10.job
2015-03-21 20:49 - 2015-03-26 22:52 - 00000582 _____ () C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_09.job
2015-03-21 20:49 - 2015-03-26 22:52 - 00000482 _____ () C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_10_PreStarter.job
2015-03-21 20:49 - 2015-03-26 22:52 - 00000436 _____ () C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_09_PreStarter.job
2015-03-21 20:49 - 2015-03-21 20:49 - 00003160 _____ () C:\Windows\System32\Tasks\Die_Biene_Maja_ab_2015_04_10
2015-03-21 20:49 - 2015-03-21 20:49 - 00003114 _____ () C:\Windows\System32\Tasks\Die_Biene_Maja_ab_2015_04_09
2015-03-21 20:49 - 2015-03-21 20:49 - 00003014 _____ () C:\Windows\System32\Tasks\Die_Biene_Maja_ab_2015_04_10_PreStarter
2015-03-21 20:49 - 2015-03-21 20:49 - 00002968 _____ () C:\Windows\System32\Tasks\Die_Biene_Maja_ab_2015_04_09_PreStarter
2015-03-21 20:48 - 2015-03-26 22:52 - 00000612 _____ () C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_08.job
2015-03-21 20:48 - 2015-03-26 22:52 - 00000604 _____ () C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_07.job
2015-03-21 20:48 - 2015-03-26 22:52 - 00000466 _____ () C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_08_PreStarter.job
2015-03-21 20:48 - 2015-03-26 22:52 - 00000458 _____ () C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_07_PreStarter.job
2015-03-21 20:48 - 2015-03-21 20:48 - 00003144 _____ () C:\Windows\System32\Tasks\Die_Biene_Maja_ab_2015_04_08
2015-03-21 20:48 - 2015-03-21 20:48 - 00003136 _____ () C:\Windows\System32\Tasks\Die_Biene_Maja_ab_2015_04_07
2015-03-21 20:48 - 2015-03-21 20:48 - 00002998 _____ () C:\Windows\System32\Tasks\Die_Biene_Maja_ab_2015_04_08_PreStarter
2015-03-21 20:48 - 2015-03-21 20:48 - 00002990 _____ () C:\Windows\System32\Tasks\Die_Biene_Maja_ab_2015_04_07_PreStarter
2015-03-21 20:40 - 2015-04-04 18:55 - 00000706 _____ () C:\Windows\Tasks\Die_Biene_Maja_ab_2015_03_22.job
2015-03-21 20:40 - 2015-04-04 17:58 - 00000560 _____ () C:\Windows\Tasks\Die_Biene_Maja_ab_2015_03_22_PreStarter.job
2015-03-21 20:40 - 2015-03-21 20:40 - 00003850 _____ () C:\Windows\System32\Tasks\Die_Biene_Maja_ab_2015_03_22
2015-03-21 20:40 - 2015-03-21 20:40 - 00003704 _____ () C:\Windows\System32\Tasks\Die_Biene_Maja_ab_2015_03_22_PreStarter
2015-03-21 16:11 - 2015-03-21 16:11 - 433046050 _____ () C:\Windows\MEMORY.DMP
2015-03-21 16:11 - 2015-03-21 16:11 - 00274848 _____ () C:\Windows\Minidump\032115-37596-01.dmp
2015-03-15 01:23 - 2015-03-20 18:31 - 00000528 _____ () C:\Windows\Tasks\Ein_Herz_und_eine_Seele_ab_2015_04_05.job
2015-03-15 01:23 - 2015-03-20 18:31 - 00000382 _____ () C:\Windows\Tasks\Ein_Herz_und_eine_Seele_ab_2015_04_05_PreStarter.job
2015-03-15 01:23 - 2015-03-15 01:23 - 00003060 _____ () C:\Windows\System32\Tasks\Ein_Herz_und_eine_Seele_ab_2015_04_05
2015-03-15 01:23 - 2015-03-15 01:23 - 00002914 _____ () C:\Windows\System32\Tasks\Ein_Herz_und_eine_Seele_ab_2015_04_05_PreStarter
2015-03-15 01:22 - 2015-03-20 18:31 - 00000526 _____ () C:\Windows\Tasks\Die_Tuer_der_Versuchung_ab_2015_04_10.job
2015-03-15 01:22 - 2015-03-20 18:31 - 00000380 _____ () C:\Windows\Tasks\Die_Tuer_der_Versuchung_ab_2015_04_10_PreStarter.job
2015-03-15 01:22 - 2015-03-15 01:22 - 00003058 _____ () C:\Windows\System32\Tasks\Die_Tuer_der_Versuchung_ab_2015_04_10
2015-03-15 01:22 - 2015-03-15 01:22 - 00002912 _____ () C:\Windows\System32\Tasks\Die_Tuer_der_Versuchung_ab_2015_04_10_PreStarter
2015-03-14 20:19 - 2015-03-14 20:19 - 00001054 _____ () C:\Users\seb\Desktop\Biene Maja.doc - Verknüpfung.lnk
2015-03-14 20:17 - 2015-03-20 18:31 - 00000586 _____ () C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_06.job
2015-03-14 20:17 - 2015-03-20 18:31 - 00000442 _____ () C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_06_PreStarter.job
2015-03-14 20:17 - 2015-03-14 20:17 - 00003118 _____ () C:\Windows\System32\Tasks\Die_Biene_Maja_ab_2015_04_06
2015-03-14 20:17 - 2015-03-14 20:17 - 00002974 _____ () C:\Windows\System32\Tasks\Die_Biene_Maja_ab_2015_04_06_PreStarter
2015-03-14 16:52 - 2015-03-14 16:52 - 00000000 ____D () C:\Users\seb\AppData\Local\Apple Computer
2015-03-14 16:43 - 2015-03-14 16:43 - 00001849 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-03-14 16:43 - 2015-03-14 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-03-14 16:42 - 2015-03-14 16:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-03-14 16:42 - 2015-03-14 16:42 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-12 15:03 - 2015-03-12 15:03 - 00000000 ____D () C:\Users\seb\Documents\FormatFactory
2015-03-12 14:52 - 2015-03-12 14:52 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2015-03-12 14:52 - 2015-03-12 14:52 - 00000000 ____D () C:\ProgramData\Baidu
2015-03-12 14:50 - 2015-03-12 14:50 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2015-03-12 02:49 - 2015-03-12 02:49 - 00000000 __SHD () C:\found.000
2015-03-12 02:06 - 2015-03-12 02:06 - 00000000 ____D () C:\Users\seb\AppData\Roaming\Apple Computer
2015-03-12 01:55 - 2015-03-12 01:55 - 00000000 ____D () C:\Users\seb\AppData\Local\Apple
2015-03-12 01:55 - 2015-03-12 01:55 - 00000000 ____D () C:\ProgramData\Apple
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-05 13:15 - 2013-12-27 10:21 - 00000000 ____D () C:\Unzipped
2015-04-05 13:10 - 2013-01-24 00:31 - 00000000 ____D () C:\Users\seb\AppData\Roaming\vlc
2015-04-05 13:03 - 2013-01-05 17:22 - 00697072 _____ () C:\Windows\system32\perfh007.dat
2015-04-05 13:03 - 2013-01-05 17:22 - 00149040 _____ () C:\Windows\system32\perfc007.dat
2015-04-05 13:03 - 2009-07-14 07:13 - 01619880 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-05 12:51 - 2014-06-28 07:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-05 12:42 - 2015-02-27 14:37 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-05 12:30 - 2013-01-05 16:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-05 12:29 - 2015-02-02 00:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-05 12:28 - 2014-12-18 14:57 - 00000257 _____ () C:\Users\seb\Desktop\Photo.URL
2015-04-05 11:38 - 2013-01-05 16:14 - 02001895 _____ () C:\Windows\WindowsUpdate.log
2015-04-05 07:15 - 2015-02-25 00:54 - 00000572 _____ () C:\Windows\Tasks\Die_Biene_Maja_ab_2015_03_01.job
2015-04-05 07:15 - 2013-03-09 10:50 - 00000000 ____D () C:\Users\seb\AppData\Roaming\WinTVCap_GUI
2015-04-05 06:29 - 2015-02-25 00:54 - 00000428 _____ () C:\Windows\Tasks\Die_Biene_Maja_ab_2015_03_01_PreStarter.job
2015-04-04 18:00 - 2015-02-18 18:15 - 00000464 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2015-04-04 13:42 - 2015-02-27 14:37 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-04 11:30 - 2015-02-25 00:41 - 00000552 _____ () C:\Windows\Tasks\Die_Sendung_mit_der_Maus_ab_2015_02_28.job
2015-04-04 10:30 - 2015-02-25 00:41 - 00000406 _____ () C:\Windows\Tasks\Die_Sendung_mit_der_Maus_ab_2015_02_28_PreStarter.job
2015-04-03 16:22 - 2013-01-06 23:14 - 00000000 ____D () C:\Program Files (x86)\ThumbsPlus 7x deutsch
2015-04-03 11:01 - 2013-02-12 15:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-02 23:20 - 2014-12-09 11:45 - 00000000 ____D () C:\Users\seb\AppData\Roaming\DMCache
2015-04-02 23:20 - 2014-12-09 11:45 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-04-02 23:18 - 2014-12-09 11:45 - 00000000 ____D () C:\Users\seb\AppData\Roaming\IDM
2015-04-01 22:25 - 2015-02-04 22:37 - 00000600 _____ () C:\Windows\Tasks\Atlantis_ab_2015_02_11.job
2015-04-01 19:58 - 2015-02-04 22:37 - 00000454 _____ () C:\Windows\Tasks\Atlantis_ab_2015_02_11_PreStarter.job
2015-03-31 18:33 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-31 18:33 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-31 10:44 - 2015-02-18 18:15 - 00000438 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2015-03-28 16:04 - 2013-01-11 16:21 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2015-03-28 13:48 - 2013-02-12 15:27 - 00000000 ____D () C:\Users\seb\AppData\Roaming\dvdcss
2015-03-27 19:27 - 2013-01-11 16:26 - 00000000 ____D () C:\Users\seb\AppData\Local\Pinnacle
2015-03-26 23:11 - 2015-02-18 18:15 - 00000490 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-03-26 23:10 - 2015-02-06 15:15 - 00002133 _____ () C:\Windows\setupact.log
2015-03-26 23:10 - 2013-06-18 10:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-26 23:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-26 22:51 - 2013-01-05 18:57 - 00797310 _____ () C:\Windows\PFRO.log
2015-03-26 22:50 - 2013-04-26 13:38 - 00000000 ____D () C:\Users\seb\AppData\Roaming\TrueCrypt
2015-03-24 13:49 - 2013-01-11 16:59 - 00052736 _____ () C:\Users\seb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-21 19:30 - 2013-01-06 17:37 - 00000000 ____D () C:\Users\seb\AppData\Roaming\TV-Browser
2015-03-21 16:11 - 2013-01-23 01:15 - 00000000 ____D () C:\Windows\Minidump
2015-03-14 16:24 - 2013-06-07 11:59 - 00000000 ____D () C:\Users\seb\AppData\Roaming\WinFF
2015-03-12 14:35 - 2015-01-28 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-03-12 14:35 - 2015-01-28 14:50 - 00000000 ____D () C:\Program Files (x86)\Freemake
2015-03-12 14:35 - 2013-09-27 10:18 - 00000000 ____D () C:\ProgramData\Freemake
2015-03-12 01:56 - 2015-02-15 13:30 - 00000000 ____D () C:\Users\seb\AppData\Roaming\WinPatrol
2015-03-09 21:25 - 2013-06-13 07:41 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2015-03-09 21:25 - 2013-06-07 12:10 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-03-08 12:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PLA
==================== Files in the root of some directories =======
2013-06-08 07:10 - 2014-12-16 20:25 - 0000030 _____ () C:\Program Files (x86)\Exiferupdate.ini
2013-11-16 09:03 - 2013-11-16 09:04 - 50063360 _____ () C:\Program Files (x86)\GUT3F71.tmp
2013-01-11 16:59 - 2015-03-24 13:49 - 0052736 _____ () C:\Users\seb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-11 11:31 - 2013-12-25 23:42 - 0007605 _____ () C:\Users\seb\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\seb\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\seb\AppData\Local\Temp\ochelper.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-04 12:16
==================== End Of Log ============================
--- --- ---
--- --- ---
Und der Rest.
Schönen Tag noch. Gruss Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by seb at 2015-04-05 13:16:50
Running from C:\Unzipped
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2.1.0 (HKLM-x32\...\{4F80F043-B003-4820-B8E3-CB7E6CF5BB03}_is1) (Version: 2.1.0 - Christian Koban)
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.22.2217.13862 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.22.2217.13862 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - )
Audials (HKLM-x32\...\{7FAA26D8-3727-41CD-A9DE-9480E4EA9130}) (Version: 8.0.55300.0 - RapidSolution Software AG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Canon iP4300 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300) (Version: - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation)
DivX Codec 3.1alpha release (HKLM-x32\...\DIVXCodec) (Version: - )
Empire Earth (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version: - )
Exifer (HKLM-x32\...\Exifer_is1) (Version: - Friedemann Schmidt)
FlashGet(JetCar) (HKLM-x32\...\FlashGet(JetCar)) (Version: - )
Free Driver Scout (HKLM-x32\...\{50a7e828-15d3-40e6-a37d-22d5c5357878}) (Version: 1.0.0.0 - Covus Freemium)
Free Driver Scout (Version: 1.0.0.0 - Covus Freemium) Hidden
Free Studio version 5.3.1 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Ltd.)
Free Video Editor version 1.4.11.219 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.11.219 - DVDVideoSoft Ltd.)
Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.0 - Ellora Assets Corporation)
Future Pinball (HKLM-x32\...\Future Pinball_is1) (Version: Version 1.9.1.20101231 - Chris Leathley)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Google Earth (HKLM-x32\...\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}) (Version: 7.0.2.8415 - Google)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
InstallShield für Microsoft Visual C++ 6 (HKLM-x32\...\InstallShield für Microsoft Visual C++ 6) (Version: - )
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 6.0 Professional Edition (Deutsch) (HKLM-x32\...\Visual Studio 6.0 Professional Edition (deu)) (Version: - )
Microsoft VM for Java (HKLM-x32\...\MsJavaVM) (Version: - )
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version: - )
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mp3tag v2.53 (HKLM-x32\...\Mp3tag) (Version: v2.53 - Florian Heidenreich)
MSDN Library - Visual Studio 6.0a (Deutsch) (HKLM-x32\...\Microsoft Developer Network - Visual Studio 6.0a (deu)) (Version: - )
NVIDIA 3D Vision Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Graphics Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
Pinnacle Studio 15 (HKLM-x32\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8}) (Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PixiePack Codec Pack (HKLM-x32\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Seagate*DiscWizard (HKLM-x32\...\{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}) (Version: 11.0.8330 - Seagate)
ShrinkTo5Basic (HKLM-x32\...\ShrinkTo5Basic) (Version: - )
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
ThumbsPlus 7x (deutsch) (HKLM-x32\...\ThumbsPlus7x) (Version: - Atlantic Software Exchange, Inc.)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TV-Browser 3.4.0.95-Beta (HKLM-x32\...\tvbrowser) (Version: 3.4.0.95-Beta - TV-Browser Team)
VBEx32 2.1.01 (HKLM-x32\...\VBEx32_is1) (Version: - vb@rchiv- Das große Visual Basic Archiv)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
Xilisoft Download YouTube Video (HKLM-x32\...\Xilisoft Download YouTube Video) (Version: 5.6.1.20140425 - Xilisoft)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3122927800-2970940714-3403948491-1000_Classes\CLSID\{C539A15A-3AF9-4c92-B771-50CB78F5C751}\InprocServer32 -> C:\Program Files (x86)\Seagate\DiscWizard\tishell64.dll (Seagate)
CustomCLSID: HKU\S-1-5-21-3122927800-2970940714-3403948491-1000_Classes\CLSID\{C539A15B-3AF9-4c92-B771-50CB78F5C751}\InprocServer32 -> C:\Program Files (x86)\Seagate\DiscWizard\tishell64.dll (Seagate)
==================== Restore Points =========================
22-03-2015 19:08:44 Scheduled Checkpoint
24-03-2015 12:13:11 Removed Apple Software Update
24-03-2015 12:14:43 Revo Uninstaller's restore point - Apple Application Support
02-04-2015 01:53:49 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-02-11 20:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {023219F5-3A5C-4B45-AAF0-D5EF9470856D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {02573FEF-8494-46AF-AEE6-9E4640FF0E64} - System32\Tasks\Hessen_Dingsda_ab_2015_04_06 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {03845044-F3F2-49F0-ADB2-51FED48791ED} - System32\Tasks\Die_Biene_Maja_ab_2015_04_06 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {040C3AEB-758C-4A75-949B-141C4967AF90} - System32\Tasks\Die_Biene_Maja_ab_2015_04_08_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {057421E0-A1D0-412B-A9FD-D66419ADA411} - System32\Tasks\Die_Sendung_mit_der_Maus_ab_2015_02_28_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {0806E896-D721-4B7B-A331-C7CB287FF4D1} - System32\Tasks\Die_Tuer_der_Versuchung_ab_2015_04_10 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {0A24B285-3613-4B61-AE37-20D8162B9B51} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {10DBE4E1-1886-42A0-B7E2-58DCD0229B81} - System32\Tasks\Tatort_Matterhorn_ab_2015_04_06_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {1660F2BB-E740-44E5-9EF4-0D59CA15A67C} - System32\Tasks\Atlantis_ab_2015_02_11 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {188A93A4-5297-4F75-A7C9-1EC94118BB75} - System32\Tasks\Tatort_Matterhorn_ab_2015_04_06 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {19C1243F-BA5C-474F-B72F-0DBE6C21F4E4} - System32\Tasks\Mitternachtsspitzen_ab_2015_04_25 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {1B436BF4-305A-4878-9324-F082369176D2} - System32\Tasks\{2EDA19E1-EDAD-4650-84E0-3651A132AC5A} => pcalua.exe -a D:\PinnacleOriginal\HollywoodFX\InstallHFZ.exe -d D:\PinnacleOriginal\HollywoodFX
Task: {2485E0EA-EDFB-4000-ABCF-CA863E9075B1} - System32\Tasks\Die_Biene_Maja_ab_2015_04_06_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {273F3E38-D813-48BD-9EAF-5D152CB78B8F} - System32\Tasks\Die_Biene_Maja_ab_2015_04_09_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {2F2AF128-54C0-4693-AEE9-6CA0A4496C1C} - System32\Tasks\avastBCLRestartS-1-5-21-3122927800-2970940714-3403948491-1000 => Firefox.exe
Task: {32247E12-E338-4CAB-A8FF-9689298C5E90} - System32\Tasks\Die_Biene_Maja_ab_2015_04_10_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {40AD11AC-46E4-4BDC-B234-1DFCC7AC7688} - System32\Tasks\Hessen_Dingsda_ab_2015_04_06_1032_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {464C9C21-05A0-44E0-BDEB-0C5CD32394D5} - System32\Tasks\{E71FA50C-2A66-4E55-9475-1C1125FB8954} => pcalua.exe -a "C:\Program Files (x86)\Claro LTD\claro\1.8.8.5\GUninstaller.exe" -c -uprtc -key "claro"
Task: {54802746-DB94-406D-AC07-62E18F27CDF5} - System32\Tasks\Atlantis_ab_2015_02_11_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {594DDFFB-52DE-47F4-B1BE-B00C08704AED} - System32\Tasks\Die_Biene_Maja_ab_2015_03_22_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {5B7F407A-E382-413B-8F03-BD8C88C50564} - System32\Tasks\Hessen_Dingsda_ab_2015_04_06_1032 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {5D02FB00-2D6F-420C-A495-82189A0F39CB} - System32\Tasks\Spiel_mit_der_Angst_ab_2015_04_26_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {637A60BF-FF83-461B-98F5-5DA1622CF56E} - System32\Tasks\Ginger_Rosa_ab_2015_04_15_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {711AA0E2-C4C8-4354-A5FF-267CE869EB19} - System32\Tasks\Ein_Herz_und_eine_Seele_ab_2015_04_05_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {848810E3-F22E-4685-9444-5D578DD83485} - System32\Tasks\{204CB24E-4252-482E-93D2-30A0450F2046} => pcalua.exe -a "C:\Program Files (x86)\Moyea\FLV Downloader\install_flash_player_active_x.exe" -d "C:\Program Files (x86)\Moyea\FLV Downloader"
Task: {866E4DF8-2847-4D05-ACD3-C0872C1FB0E8} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {86AF534D-AA51-4DA2-8016-A0BF16A5FE5C} - System32\Tasks\Die_Biene_Maja_ab_2015_04_08 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {8CEB0E00-F5A8-49CA-B535-B4B0FEF50D73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-27] (Google Inc.)
Task: {92035D14-A876-47F5-87AD-193AFD3B97C1} - System32\Tasks\Die_Biene_Maja_ab_2015_03_01_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {993D594B-A5D1-4499-945B-C8BA8A0F8D7B} - System32\Tasks\{44CADEB5-0CE4-4EB2-857B-47A0392A788C} => H:\Neu-Install-7\WinTVCAPGUI\WinTVCap_GUI_3.6.3.exe [2013-01-06] ()
Task: {9BBAF748-44ED-48FB-81B4-234934D1C7FC} - System32\Tasks\Spiel_mit_der_Angst_ab_2015_04_26 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {A0182966-A5E4-4641-9B06-1EBB03F32238} - System32\Tasks\{F5BA5D89-AFF8-405D-B9AD-6E9D0B0D0129} => C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download New\FreeYTVDownloader.exe
Task: {A0B091DF-18E1-46D0-BD1A-B0D7FB9B5001} - System32\Tasks\Die_Biene_Maja_ab_2015_03_22 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {AD222EA9-87F5-48A8-A877-FB8CB4465381} - System32\Tasks\{0C43FBC4-3303-4061-B61C-5080CAAC890B} => pcalua.exe -a C:\Users\seb\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=mp3
Task: {B06D73FE-3899-4FD3-B7A7-E60188D32646} - System32\Tasks\Die_Biene_Maja_ab_2015_04_07 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {B13F3A2D-4857-458D-A6AC-58EA5B50D680} - System32\Tasks\Die_Sendung_mit_der_Maus_ab_2015_02_28 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {B4995C9D-C574-45C5-8614-C2790F6F94D6} - System32\Tasks\Die_Sendung_mit_der_Maus_ab_2015_03_30_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {C6092945-FF54-48EC-9BE3-57CCA6E46232} - System32\Tasks\Hessen_Dingsda_ab_2015_04_06_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {C84525DE-9FC6-481A-92B4-48FA6EE5C716} - System32\Tasks\Die_Biene_Maja_ab_2015_04_09 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {C980ACEB-02E1-4A27-9BBE-CFEE59DC6BD7} - System32\Tasks\Ein_Herz_und_eine_Seele_ab_2015_04_05 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {CB021FED-CA7E-4BC4-85CB-527C5D551928} - System32\Tasks\Die_Biene_Maja_ab_2015_04_10 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {CC75A05C-540D-42FF-9A2B-7567B6891841} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {D0490138-A3D0-402C-89D9-C78164420752} - System32\Tasks\Die_Tuer_der_Versuchung_ab_2015_04_10_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {D38347D2-E6E7-4C5D-8D89-D397C5417291} - System32\Tasks\Die_Sendung_mit_der_Maus_ab_2015_03_30 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {D40F0396-9F08-4539-A1EE-C65D30AAD0A8} - System32\Tasks\{454066F8-297E-452E-A014-89F2FB2F0114} => pcalua.exe -a H:\Neu-Install-7\TV-Browser\WinTVCap_GUI_3.6.3.exe -d H:\Neu-Install-7\TV-Browser
Task: {E18F7A48-C74D-41D2-91E5-40A92E688D8F} - System32\Tasks\Ginger_Rosa_ab_2015_04_15 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {E9179D40-E888-4233-AD5F-EB17A9904CFA} - System32\Tasks\Die_Biene_Maja_ab_2015_03_01 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {EE2D0B6B-CF41-4AEB-A83B-DF8AF6E017EC} - System32\Tasks\Die_Biene_Maja_ab_2015_04_07_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {F2EF8949-93A8-4BB2-867D-1998C110DAA0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-27] (Google Inc.)
Task: {F3CD5E50-3F49-4F6E-983A-618BB8C88DFF} - System32\Tasks\Mitternachtsspitzen_ab_2015_04_25_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {F6D6D01A-CA6D-40DA-B862-C5ACEF85982E} - System32\Tasks\{A7105E6B-946B-493F-9209-4BAEA01ED4E3} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {FEE90840-1E00-447B-8AB5-A187A47BFBA9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-09] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Atlantis_ab_2015_02_11.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe«-jar C:\ReDeMPG_Starter.jar
Task: C:\Windows\Tasks\Atlantis_ab_2015_02_11_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exeb-jar C:\ReDeMPG_Prestarter.jar
Task: C:\Windows\Tasks\Die_Biene_Maja_ab_2015_03_01.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe-jar C:\ReDeMPG_Starter.jar
Task: C:\Windows\Tasks\Die_Biene_Maja_ab_2015_03_01_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exeU-jar C:\ReDeMPG_Prestarter.jar
Task: C:\Windows\Tasks\Die_Biene_Maja_ab_2015_03_22.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exeà-jar C:\ReDeMPG_Starter.jar
Task: C:\Windows\Tasks\Die_Biene_Maja_ab_2015_03_22_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe—-jar C:\ReDeMPG_Prestarter.jar
Task: C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_06.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe¤-jar C:\ReDeMPG_Starter.jar
Task: C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_06_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe\-jar C:\ReDeMPG_Prestarter.jar
Task: C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_07.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe*-jar C:\ReDeMPG_Starter.jar
Task: C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_07_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exed-jar C:\ReDeMPG_Prestarter.jar
Task: C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_08.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe±-jar C:\ReDeMPG_Starter.jar
Task: C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_08_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exeh-jar C:\ReDeMPG_Prestarter.jar
Task: C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_09.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe¢-jar C:\ReDeMPG_Starter.jar
Task: C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_09_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exeY-jar C:\ReDeMPG_Prestarter.jar
Task: C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_10.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe¹-jar C:\ReDeMPG_Starter.jar
Task: C:\Windows\Tasks\Die_Biene_Maja_ab_2015_04_10_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exep-jar C:\ReDeMPG_Prestarter.jar
Task: C:\Windows\Tasks\Die_Sendung_mit_der_Maus_ab_2015_02_28.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe“-jar C:\ReDeMPG_Starter.jar
Task: C:\Windows\Tasks\Die_Sendung_mit_der_Maus_ab_2015_02_28_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exeJ-jar C:\ReDeMPG_Prestarter.jar
Task: C:\Windows\Tasks\Die_Sendung_mit_der_Maus_ab_2015_03_30.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe†-jar C:\ReDeMPG_Starter.jar
Task: C:\Windows\Tasks\Die_Sendung_mit_der_Maus_ab_2015_03_30_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe=-jar C:\ReDeMPG_Prestarter.jar
Task: C:\Windows\Tasks\Die_Tuer_der_Versuchung_ab_2015_04_10.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe†-jar C:\ReDeMPG_Starter.jar
Task: C:\Windows\Tasks\Die_Tuer_der_Versuchung_ab_2015_04_10_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe=-jar C:\ReDeMPG_Prestarter.jar
Task: C:\Windows\Tasks\Ein_Herz_und_eine_Seele_ab_2015_04_05.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe‡-jar C:\ReDeMPG_Starter.jar
Task: C:\Windows\Tasks\Ein_Herz_und_eine_Seele_ab_2015_04_05_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe>-jar C:\ReDeMPG_Prestarter.jar
Task: C:\Windows\Tasks\Ginger_Rosa_ab_2015_04_15.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe{-jar C:\ReDeMPG_Starter.jar
Task: C:\Windows\Tasks\Ginger_Rosa_ab_2015_04_15_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe2-jar C:\ReDeMPG_Prestarter.jar
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Hessen_Dingsda_ab_2015_04_06.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exez-jar C:\ReDeMPG_Starter.jar
Task: C:\Windows\Tasks\Hessen_Dingsda_ab_2015_04_06_1032.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exez-jar C:\ReDeMPG_Starter.jar
Task: C:\Windows\Tasks\Hessen_Dingsda_ab_2015_04_06_1032_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe1-jar C:\ReDeMPG_Prestarter.jar
Task: C:\Windows\Tasks\Hessen_Dingsda_ab_2015_04_06_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe1-jar C:\ReDeMPG_Prestarter.jar
Task: C:\Windows\Tasks\Mitternachtsspitzen_ab_2015_04_25.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe€-jar C:\ReDeMPG_Starter.jar
Task: C:\Windows\Tasks\Mitternachtsspitzen_ab_2015_04_25_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe7-jar C:\ReDeMPG_Prestarter.jar
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Windows\system32\rundll32.exeGC:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\Spiel_mit_der_Angst_ab_2015_04_26.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe-jar C:\ReDeMPG_Starter.jar
Task: C:\Windows\Tasks\Spiel_mit_der_Angst_ab_2015_04_26_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe7-jar C:\ReDeMPG_Prestarter.jar
Task: C:\Windows\Tasks\Tatort_Matterhorn_ab_2015_04_06.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe-jar C:\ReDeMPG_Starter.jar
Task: C:\Windows\Tasks\Tatort_Matterhorn_ab_2015_04_06_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe6-jar C:\ReDeMPG_Prestarter.jar
==================== Loaded Modules (whitelisted) ==============
2013-06-18 10:04 - 2012-10-02 21:51 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-01-05 16:19 - 2010-12-17 14:25 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-01-05 16:19 - 2010-12-17 14:25 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-01-05 16:19 - 2010-12-17 14:25 - 00105584 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2013-01-05 16:19 - 2010-12-17 14:25 - 64643696 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2012-11-16 15:09 - 2012-11-16 15:09 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-04-02 22:50 - 2015-04-02 22:50 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040202\algo.dll
2015-04-05 11:24 - 2015-04-05 11:24 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040500\algo.dll
2009-11-10 18:39 - 2009-11-10 18:39 - 01332576 _____ () C:\Program Files (x86)\Seagate\DiscWizard\fox.dll
2015-03-13 19:10 - 2015-03-13 19:10 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-25 17:43 - 2014-09-25 17:43 - 00043920 _____ () C:\Program Files (x86)\TV-Browser\jRegistryKey.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Exetender_148 => "C:\Program Files (x86)\FreeRide Games\GPlayer.exe" /runonstartup
MSCONFIG\startupreg: FreeYTVDownloader => C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
MSCONFIG\startupreg: TeViiRC => C:\Windows\TeViiRC.exe
==================== Accounts: =============================
Administrator (S-1-5-21-3122927800-2970940714-3403948491-500 - Administrator - Disabled)
Guest (S-1-5-21-3122927800-2970940714-3403948491-501 - Limited - Disabled)
seb (S-1-5-21-3122927800-2970940714-3403948491-1000 - Administrator - Enabled) => C:\Users\seb
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/05/2015 00:30:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 36.0.4.5557 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: d34
Startzeit: 01d06ae596a021cf
Endzeit: 472
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: c066f97f-db7e-11e4-9194-c860006d115b
Error: (04/04/2015 03:43:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1a50
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3
Error: (04/03/2015 05:15:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012a06b
ID des fehlerhaften Prozesses: 0x183c
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3
Error: (03/30/2015 03:55:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Future Pinball.exe, Version 1.9.2008.1225 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 16ac
Startzeit: 01d06af11bec2b52
Endzeit: 145
Anwendungspfad: C:\Games\Future Pinball\Future Pinball.exe
Berichts-ID: 72fc53c3-d6e4-11e4-9194-c860006d115b
Error: (03/30/2015 00:39:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1030
Startzeit: 01d0695e5e3462ca
Endzeit: 23400
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: 629778ac-d664-11e4-9194-c860006d115b
Error: (03/30/2015 00:36:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.4.5557, Zeitstempel: 0x550d0883
Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.4.5557, Zeitstempel: 0x550cfa82
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001e02
ID des fehlerhaften Prozesses: 0x460
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (03/28/2015 03:51:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0xa88
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (03/26/2015 10:43:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Studio.exe, Version 15.0.0.7593 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2f8
Startzeit: 01d0663d74491382
Endzeit: 129
Anwendungspfad: C:\Program Files (x86)\Pinnacle\Studio 15\Programs\Studio.exe
Berichts-ID: af1f3a08-d3f8-11e4-82d3-c860006d115b
Error: (03/25/2015 00:42:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0xf4c
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (03/24/2015 04:13:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x16dc
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
System errors:
=============
Error: (04/02/2015 03:27:47 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "Q:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (04/01/2015 00:21:57 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (03/30/2015 10:27:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (03/30/2015 02:32:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (03/28/2015 09:38:56 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (03/27/2015 08:35:43 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "Q:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (03/26/2015 11:10:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (03/26/2015 11:10:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\Aspi32.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (03/26/2015 10:52:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (03/26/2015 10:52:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\Aspi32.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Microsoft Office Sessions:
=========================
Error: (04/05/2015 00:30:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe36.0.4.5557d3401d06ae596a021cf472C:\Program Files (x86)\Mozilla Firefox\firefox.exec066f97f-db7e-11e4-9194-c860006d115b
Error: (04/04/2015 03:43:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3unknown0.0.0.000000000c0000005000000001a5001d06edd022daee5C:\Games\Future Pinball\Future Pinball.exeunknown8415de83-dad0-11e4-9194-c860006d115b
Error: (04/03/2015 05:15:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3Future Pinball.exe1.9.2008.12254d1d68d3c00000050012a06b183c01d06e20dc92cfe4C:\Games\Future Pinball\Future Pinball.exeC:\Games\Future Pinball\Future Pinball.exe421d3aed-da14-11e4-9194-c860006d115b
Error: (03/30/2015 03:55:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Future Pinball.exe1.9.2008.122516ac01d06af11bec2b52145C:\Games\Future Pinball\Future Pinball.exe72fc53c3-d6e4-11e4-9194-c860006d115b
Error: (03/30/2015 00:39:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567103001d0695e5e3462ca23400C:\Windows\Explorer.EXE629778ac-d664-11e4-9194-c860006d115b
Error: (03/30/2015 00:36:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.4.5557550d0883mozalloc.dll36.0.4.5557550cfa828000000300001e0246001d069fe146ce467C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllf91f83f2-d663-11e4-9194-c860006d115b
Error: (03/28/2015 03:51:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000000000000a8801d068095a10cb4fC:\Windows\Explorer.EXEunknown95bde176-d551-11e4-9194-c860006d115b
Error: (03/26/2015 10:43:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Studio.exe15.0.0.75932f801d0663d74491382129C:\Program Files (x86)\Pinnacle\Studio 15\Programs\Studio.exeaf1f3a08-d3f8-11e4-82d3-c860006d115b
Error: (03/25/2015 00:42:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000000000000f4c01d0663cba13b975C:\Windows\Explorer.EXEunknowna6bbc71c-d2db-11e4-82d3-c860006d115b
Error: (03/24/2015 04:13:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c0000005000000000000000016dc01d0663c97ce3c71C:\Windows\Explorer.EXEunknownefba00c9-d22f-11e4-82d3-c860006d115b
CodeIntegrity Errors:
===================================
Date: 2015-02-11 19:17:13.202
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-02-11 19:17:13.077
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-01-10 16:11:25.067
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CyberLink\PowerDVD\clpciid.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-01-10 16:11:25.004
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CyberLink\PowerDVD\clpciid.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) D CPU 3.40GHz
Percentage of memory in use: 40%
Total physical RAM: 4095.05 MB
Available physical RAM: 2439.55 MB
Total Pagefile: 16377.23 MB
Available Pagefile: 13879.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:234.45 GB) (Free:77.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Daten) (Fixed) (Total:97.65 GB) (Free:91.15 GB) NTFS
Drive f: (DRIVE_F) (Fixed) (Total:833.85 GB) (Free:142.1 GB) NTFS
Drive h: (C_Boot_Daten_1) (Fixed) (Total:718.47 GB) (Free:449.43 GB) NTFS
Drive i: (C_Boot_Daten_3) (Fixed) (Total:244.14 GB) (Free:198.05 GB) NTFS
Drive j: (C_Boot_Daten_2) (Fixed) (Total:200.2 GB) (Free:172 GB) NTFS
Drive k: (Elements) (Fixed) (Total:1862.98 GB) (Free:553.4 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 5F0FC9BA)
Partition 1: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=234.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=244.1 GB) - (Type=05)
Partition 4: (Not Active) - (Size=718.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B2025BBE)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 3497912C)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
FRST 32-Bit | FRST 64-Bit
Lesestoff:
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
dann auf 
und dann auf 
.