Ist es das nicht, was ich hier an zweiter Stelle eingefügt habe? Was anderes finde ich bzgl. FRST nicht :-( Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2014
Ran by Ellen at 2014-10-21 10:19:59
Running from C:\Users\Ellen\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1AB4D394-B72C-86E8-4D58-27147BC4071E}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1929380210.4759644.48.2147344384 - Audible, Inc.)
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-4300-A758B70C1200}) (Version: 12.18.0.3052 - APN, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
clicup (HKCU\...\clicup) (Version: 1.0 - Ad Businness Crown Solutions)
CyberLink Home Cinema (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
CyberLink Home Cinema (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3807_46074 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (x32 Version: 3.0.3925 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.0.2426b - CyberLink Corp.) Hidden
CyberLink PowerDirector (Version: 9.0.0.4911 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.5108.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.0.3725 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
ICQ 8.2 (build 7121) (HKCU\...\ICQ) (Version: 8.2.7121.0 - ICQ)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Media Go (HKLM-x32\...\{F66C4A41-C3A8-4523-AB6C-BAA1DB38305C}) (Version: 2.7.357 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.4.127.12060 (HKLM-x32\...\{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}) (Version: 2.4.127.12060 - Sony)
Mediathek (HKLM-x32\...\{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}) (Version: 1.4.0 - Medion)
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Medion Home Cinema 10 (x32 Version: 10.2419 - CyberLink Corp.) Hidden
Meteoroids (HKLM-x32\...\Meteoroids) (Version: 2.7.22 - Acute Angle Solutions)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6777 - Realtek Semiconductor Corp.)
simplitec simplicheck (HKLM-x32\...\{183D780B-28F9-41BA-A2CB-605F324A5781}) (Version: 1.3.10.0 - simplitec GmbH)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sony PC Companion 2.10.226 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.226 - Sony)
Speed Test 127 (HKLM-x32\...\Speed Test 127) (Version: 3.0.0.0 - Speed Analysis) <==== ATTENTION
Spotify (HKCU\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
SWR3 RauchFrei Version 1.2 (HKLM-x32\...\SWR3 RauchFrei_is1) (Version: 1.1 - Oliver Reuther und SWR3)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
V-bates 2.0.0.438 (HKLM\...\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1) (Version: 2.0.0.438 - Southstarco) <==== ATTENTION
VIS (HKLM-x32\...\VIS) (Version: - ) <==== ATTENTION
Yahoo Community Smartbar (HKLM-x32\...\{6818F6FB-6270-4DE8-9827-40E852111F2A}) (Version: 11.88.66.18547 - Linkury Inc.) <==== ATTENTION
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1557007503-3543225825-761289695-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ellen\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1557007503-3543225825-761289695-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Ellen\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1557007503-3543225825-761289695-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Ellen\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1557007503-3543225825-761289695-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Ellen\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1557007503-3543225825-761289695-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ellen\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1557007503-3543225825-761289695-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Ellen\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1557007503-3543225825-761289695-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ellen\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
01-10-2014 06:36:47 Geplanter Prüfpunkt
10-10-2014 18:27:03 Geplanter Prüfpunkt
18-10-2014 08:34:31 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {021011F1-2483-4B70-8611-E1615FC6FF5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1E1A5368-0775-49D3-ACED-EFA070CFF45C} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {1EB07FEE-BBD7-46C4-BEBE-82F52AA9352D} - System32\Tasks\System Speedup_UPDATES => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2AAE1266-6FFC-49DE-862F-A7122A87C549} - System32\Tasks\FF Watcher {AFB8A0E7-8234-46A7-8D21-841C4DEE507B} => C:\Program Files\V-bates\PrefHelper.exe [2014-01-08] () <==== ATTENTION
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {3119E4BF-9199-4ED9-B995-8D950ADABFDE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1557007503-3543225825-761289695-1002Core => C:\Users\Ellen\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: {3242544D-D6B4-4836-A67F-FFCC4A054055} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {33857418-F2D1-4125-B005-AAAF815F831C} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {96906686-2960-453B-9B5B-AFC3AFD310BA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A433DF5A-44FA-4945-9E47-490055AE2630} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {A8FF2CB3-3A51-414A-BD19-28A496DD462D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-18] (Microsoft Corporation)
Task: {B019D068-B4C4-49F9-900A-3C075056DC0D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {B685771A-4DDA-4FE7-AD1B-62B0D7C45007} - System32\Tasks\ASP => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {BB4837AB-F7D1-4098-8CFB-67A2C1192E12} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E7BEB86F-10DF-45EC-9201-0100A5D05E6A} - System32\Tasks\System Speedup_DEFAULT => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {F83C990D-638E-496C-9FA3-1C2F1E34A15E} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {F96A5ACF-DC0A-4795-8686-995BB24277C4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1557007503-3543225825-761289695-1002UA => C:\Users\Ellen\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: C:\WINDOWS\Tasks\FF Watcher {AFB8A0E7-8234-46A7-8D21-841C4DEE507B}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1557007503-3543225825-761289695-1002Core.job => C:\Users\Ellen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1557007503-3543225825-761289695-1002UA.job => C:\Users\Ellen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\System Speedup_DEFAULT.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: C:\WINDOWS\Tasks\System Speedup_UPDATES.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
==================== Loaded Modules (whitelisted) =============
2013-12-06 17:06 - 2013-12-06 17:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-04-08 17:18 - 2010-08-19 18:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-12-13 12:18 - 2014-01-08 16:24 - 00209408 _____ () C:\Program Files\V-bates\ExtensionUpdaterService.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-18 19:55 - 2014-10-10 04:03 - 01042760 _____ () C:\Users\Ellen\AppData\Local\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-18 19:55 - 2014-10-10 04:03 - 00211272 _____ () C:\Users\Ellen\AppData\Local\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-18 19:55 - 2014-10-10 04:04 - 08910664 _____ () C:\Users\Ellen\AppData\Local\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-18 19:55 - 2014-10-10 04:03 - 01681224 _____ () C:\Users\Ellen\AppData\Local\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Ellen\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "simplicheck.lnk"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKCU\...\StartupApproved\Run: => "Spotify"
HKCU\...\StartupApproved\Run: => "iCloudServices"
HKCU\...\StartupApproved\Run: => "ApplePhotoStreams"
HKCU\...\StartupApproved\Run: => "icq"
HKCU\...\StartupApproved\Run: => "Browser Infrastructure Helper"
HKCU\...\StartupApproved\Run: => "Sony PC Companion"
========================= Accounts: ==========================
Administrator (S-1-5-21-1557007503-3543225825-761289695-500 - Administrator - Disabled)
Ellen (S-1-5-21-1557007503-3543225825-761289695-1002 - Administrator - Enabled) => C:\Users\Ellen
Gast (S-1-5-21-1557007503-3543225825-761289695-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 15
System errors:
=============
Error: (10/19/2014 08:59:58 PM) (Source: DCOM) (EventID: 10010) (User: RONJA)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (10/19/2014 08:59:58 PM) (Source: DCOM) (EventID: 10010) (User: RONJA)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (10/14/2014 07:22:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "pwoUrw" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/09/2014 10:53:33 PM) (Source: DCOM) (EventID: 10010) (User: RONJA)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (10/09/2014 10:53:33 PM) (Source: DCOM) (EventID: 10010) (User: RONJA)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (10/09/2014 10:53:27 PM) (Source: DCOM) (EventID: 10010) (User: RONJA)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (10/09/2014 10:53:27 PM) (Source: DCOM) (EventID: 10010) (User: RONJA)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (10/09/2014 10:53:21 PM) (Source: DCOM) (EventID: 10010) (User: RONJA)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (10/09/2014 10:53:21 PM) (Source: DCOM) (EventID: 10010) (User: RONJA)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (10/09/2014 10:53:15 PM) (Source: DCOM) (EventID: 10010) (User: RONJA)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Microsoft Office Sessions:
=========================
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16
Error: (10/20/2014 10:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 15
==================== Memory info ===========================
Processor: AMD A10-5700 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 45%
Total physical RAM: 3542.76 MB
Available physical RAM: 1937.3 MB
Total Pagefile: 4182.76 MB
Available Pagefile: 1984.25 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:869.46 GB) (Free:823.13 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:41.97 GB) NTFS
Drive e: (USB DISK) (Removable) (Total:29.46 GB) (Free:19.54 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B719B179)
Partition: GPT Partition Type.
========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 29.5 GB) (Disk ID: FB9237A2)
Partition 1: (Not Active) - (Size=29.5 GB) - (Type=0C)
==================== End Of Log ============================
So, ich hoffe, ich habe das hier nun richtig geändert was noch nicht so richtig war :-)
LG von Ellen
So, ich hoffe, ich habe das hier nun richtig geändert was noch nicht so richtig war :-)
so, jetzt aber Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2014
Ran by Ellen at 2014-10-21 22:01:48
Running from C:\Users\Ellen\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1AB4D394-B72C-86E8-4D58-27147BC4071E}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1929380210.4759644.48.2147344384 - Audible, Inc.)
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-4300-A758B70C1200}) (Version: 12.18.0.3052 - APN, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
clicup (HKCU\...\clicup) (Version: 1.0 - Ad Businness Crown Solutions)
CyberLink Home Cinema (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
CyberLink Home Cinema (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3807_46074 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (x32 Version: 3.0.3925 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.0.2426b - CyberLink Corp.) Hidden
CyberLink PowerDirector (Version: 9.0.0.4911 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.5108.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.0.3725 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
ICQ 8.2 (build 7121) (HKCU\...\ICQ) (Version: 8.2.7121.0 - ICQ)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Media Go (HKLM-x32\...\{F66C4A41-C3A8-4523-AB6C-BAA1DB38305C}) (Version: 2.7.357 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.4.127.12060 (HKLM-x32\...\{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}) (Version: 2.4.127.12060 - Sony)
Mediathek (HKLM-x32\...\{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}) (Version: 1.4.0 - Medion)
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Medion Home Cinema 10 (x32 Version: 10.2419 - CyberLink Corp.) Hidden
Meteoroids (HKLM-x32\...\Meteoroids) (Version: 2.7.22 - Acute Angle Solutions)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6777 - Realtek Semiconductor Corp.)
simplitec simplicheck (HKLM-x32\...\{183D780B-28F9-41BA-A2CB-605F324A5781}) (Version: 1.3.10.0 - simplitec GmbH)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sony PC Companion 2.10.226 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.226 - Sony)
Speed Test 127 (HKLM-x32\...\Speed Test 127) (Version: 3.0.0.0 - Speed Analysis) <==== ATTENTION
Spotify (HKCU\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
SWR3 RauchFrei Version 1.2 (HKLM-x32\...\SWR3 RauchFrei_is1) (Version: 1.1 - Oliver Reuther und SWR3)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
V-bates 2.0.0.438 (HKLM\...\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1) (Version: 2.0.0.438 - Southstarco) <==== ATTENTION
VIS (HKLM-x32\...\VIS) (Version: - ) <==== ATTENTION
Yahoo Community Smartbar (HKLM-x32\...\{6818F6FB-6270-4DE8-9827-40E852111F2A}) (Version: 11.88.66.18547 - Linkury Inc.) <==== ATTENTION
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1557007503-3543225825-761289695-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ellen\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1557007503-3543225825-761289695-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Ellen\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1557007503-3543225825-761289695-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Ellen\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1557007503-3543225825-761289695-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Ellen\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1557007503-3543225825-761289695-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ellen\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1557007503-3543225825-761289695-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Ellen\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1557007503-3543225825-761289695-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ellen\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
10-10-2014 18:27:03 Geplanter Prüfpunkt
18-10-2014 08:34:31 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {021011F1-2483-4B70-8611-E1615FC6FF5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1E1A5368-0775-49D3-ACED-EFA070CFF45C} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {1EB07FEE-BBD7-46C4-BEBE-82F52AA9352D} - System32\Tasks\System Speedup_UPDATES => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2AAE1266-6FFC-49DE-862F-A7122A87C549} - System32\Tasks\FF Watcher {AFB8A0E7-8234-46A7-8D21-841C4DEE507B} => C:\Program Files\V-bates\PrefHelper.exe [2014-01-08] () <==== ATTENTION
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {3119E4BF-9199-4ED9-B995-8D950ADABFDE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1557007503-3543225825-761289695-1002Core => C:\Users\Ellen\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: {3242544D-D6B4-4836-A67F-FFCC4A054055} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {33857418-F2D1-4125-B005-AAAF815F831C} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {96906686-2960-453B-9B5B-AFC3AFD310BA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A433DF5A-44FA-4945-9E47-490055AE2630} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {A8FF2CB3-3A51-414A-BD19-28A496DD462D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-18] (Microsoft Corporation)
Task: {B019D068-B4C4-49F9-900A-3C075056DC0D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {B685771A-4DDA-4FE7-AD1B-62B0D7C45007} - System32\Tasks\ASP => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {BB4837AB-F7D1-4098-8CFB-67A2C1192E12} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E7BEB86F-10DF-45EC-9201-0100A5D05E6A} - System32\Tasks\System Speedup_DEFAULT => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {F83C990D-638E-496C-9FA3-1C2F1E34A15E} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {F96A5ACF-DC0A-4795-8686-995BB24277C4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1557007503-3543225825-761289695-1002UA => C:\Users\Ellen\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: C:\WINDOWS\Tasks\FF Watcher {AFB8A0E7-8234-46A7-8D21-841C4DEE507B}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1557007503-3543225825-761289695-1002Core.job => C:\Users\Ellen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1557007503-3543225825-761289695-1002UA.job => C:\Users\Ellen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\System Speedup_DEFAULT.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: C:\WINDOWS\Tasks\System Speedup_UPDATES.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
==================== Loaded Modules (whitelisted) =============
2013-12-06 17:06 - 2013-12-06 17:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-04-08 17:18 - 2010-08-19 18:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-12-13 12:18 - 2014-01-08 16:24 - 00209408 _____ () C:\Program Files\V-bates\ExtensionUpdaterService.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-18 19:55 - 2014-10-10 04:03 - 01042760 _____ () C:\Users\Ellen\AppData\Local\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-18 19:55 - 2014-10-10 04:03 - 00211272 _____ () C:\Users\Ellen\AppData\Local\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-18 19:55 - 2014-10-10 04:04 - 08910664 _____ () C:\Users\Ellen\AppData\Local\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-18 19:55 - 2014-10-10 04:03 - 01681224 _____ () C:\Users\Ellen\AppData\Local\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Ellen\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "simplicheck.lnk"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKCU\...\StartupApproved\Run: => "Spotify"
HKCU\...\StartupApproved\Run: => "iCloudServices"
HKCU\...\StartupApproved\Run: => "ApplePhotoStreams"
HKCU\...\StartupApproved\Run: => "icq"
HKCU\...\StartupApproved\Run: => "Browser Infrastructure Helper"
HKCU\...\StartupApproved\Run: => "Sony PC Companion"
========================= Accounts: ==========================
Administrator (S-1-5-21-1557007503-3543225825-761289695-500 - Administrator - Disabled)
Ellen (S-1-5-21-1557007503-3543225825-761289695-1002 - Administrator - Enabled) => C:\Users\Ellen
Gast (S-1-5-21-1557007503-3543225825-761289695-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/21/2014 00:37:26 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (1000) SUS20ClientDataStore: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1011 auf.
Error: (10/21/2014 00:37:26 PM) (Source: ESENT) (EventID: 439) (User: )
Description: wuaueng.dll (1000) SUS20ClientDataStore: Die Shadowkopfzeile für Datei C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb konnte nicht geschrieben werden. Fehler -1011.
Error: (10/21/2014 00:37:26 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (1000) SUS20ClientDataStore: Versuch, in Datei "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" bei Offset 0 (0x0000000000000000) für 32768 (0x00008000) Bytes zu schreiben, ist nach wuaueng.dll0 Sekunden mit Systemfehler 1453 (0x000005ad): "Nicht genügend Quoten, um den angeforderten Dienst auszuführen. " fehlgeschlagen. Fehler -1011 (0xfffffc0d) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.
Error: (10/21/2014 00:37:26 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (1000) SUS20ClientDataStore: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1011 auf.
Error: (10/21/2014 00:37:26 PM) (Source: ESENT) (EventID: 439) (User: )
Description: wuaueng.dll (1000) SUS20ClientDataStore: Die Shadowkopfzeile für Datei C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb konnte nicht geschrieben werden. Fehler -1011.
Error: (10/21/2014 00:37:26 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (1000) SUS20ClientDataStore: Versuch, in Datei "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" bei Offset 0 (0x0000000000000000) für 32768 (0x00008000) Bytes zu schreiben, ist nach wuaueng.dll0 Sekunden mit Systemfehler 1453 (0x000005ad): "Nicht genügend Quoten, um den angeforderten Dienst auszuführen. " fehlgeschlagen. Fehler -1011 (0xfffffc0d) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.
Error: (10/21/2014 00:37:26 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (1000) SUS20ClientDataStore: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1011 auf.
Error: (10/21/2014 00:37:26 PM) (Source: ESENT) (EventID: 439) (User: )
Description: wuaueng.dll (1000) SUS20ClientDataStore: Die Shadowkopfzeile für Datei C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb konnte nicht geschrieben werden. Fehler -1011.
Error: (10/21/2014 00:37:25 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (1000) SUS20ClientDataStore: Versuch, in Datei "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" bei Offset 0 (0x0000000000000000) für 32768 (0x00008000) Bytes zu schreiben, ist nach wuaueng.dll0 Sekunden mit Systemfehler 1453 (0x000005ad): "Nicht genügend Quoten, um den angeforderten Dienst auszuführen. " fehlgeschlagen. Fehler -1011 (0xfffffc0d) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.
Error: (10/21/2014 00:33:22 PM) (Source: ESENT) (EventID: 104) (User: )
Description: wuaueng.dll (1000) SUS20ClientDataStore: Das Datenbankmodul hat die Instanz (0) mit einem Fehler (-1011) beendet.
Interne Zeitsteuerungsabfolge: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.156, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000.
System errors:
=============
Error: (10/21/2014 00:48:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 21.10.2014 um 12:41:04 unerwartet heruntergefahren.
Error: (10/21/2014 00:27:18 PM) (Source: DCOM) (EventID: 10010) (User: RONJA)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (10/21/2014 00:27:18 PM) (Source: DCOM) (EventID: 10010) (User: RONJA)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (10/19/2014 08:59:58 PM) (Source: DCOM) (EventID: 10010) (User: RONJA)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (10/19/2014 08:59:58 PM) (Source: DCOM) (EventID: 10010) (User: RONJA)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (10/14/2014 07:22:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "pwoUrw" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/09/2014 10:53:33 PM) (Source: DCOM) (EventID: 10010) (User: RONJA)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (10/09/2014 10:53:33 PM) (Source: DCOM) (EventID: 10010) (User: RONJA)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (10/09/2014 10:53:27 PM) (Source: DCOM) (EventID: 10010) (User: RONJA)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (10/09/2014 10:53:27 PM) (Source: DCOM) (EventID: 10010) (User: RONJA)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Microsoft Office Sessions:
=========================
Error: (10/21/2014 00:37:26 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll1000SUS20ClientDataStore: -1011
Error: (10/21/2014 00:37:26 PM) (Source: ESENT) (EventID: 439) (User: )
Description: wuaueng.dll1000SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb-1011
Error: (10/21/2014 00:37:26 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll1000SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb0 (0x0000000000000000)32768 (0x00008000)-1011 (0xfffffc0d)1453 (0x000005ad)Nicht genügend Quoten, um den angeforderten Dienst auszuführen. 0.000
Error: (10/21/2014 00:37:26 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll1000SUS20ClientDataStore: -1011
Error: (10/21/2014 00:37:26 PM) (Source: ESENT) (EventID: 439) (User: )
Description: wuaueng.dll1000SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb-1011
Error: (10/21/2014 00:37:26 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll1000SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb0 (0x0000000000000000)32768 (0x00008000)-1011 (0xfffffc0d)1453 (0x000005ad)Nicht genügend Quoten, um den angeforderten Dienst auszuführen. 0.000
Error: (10/21/2014 00:37:26 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll1000SUS20ClientDataStore: -1011
Error: (10/21/2014 00:37:26 PM) (Source: ESENT) (EventID: 439) (User: )
Description: wuaueng.dll1000SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb-1011
Error: (10/21/2014 00:37:25 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll1000SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb0 (0x0000000000000000)32768 (0x00008000)-1011 (0xfffffc0d)1453 (0x000005ad)Nicht genügend Quoten, um den angeforderten Dienst auszuführen. 0.000
Error: (10/21/2014 00:33:22 PM) (Source: ESENT) (EventID: 104) (User: )
Description: wuaueng.dll1000SUS20ClientDataStore: 0-1011[1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.156, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000.
==================== Memory info ===========================
Processor: AMD A10-5700 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 55%
Total physical RAM: 3542.76 MB
Available physical RAM: 1569.74 MB
Total Pagefile: 4182.76 MB
Available Pagefile: 1439.93 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:869.46 GB) (Free:825.14 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:41.97 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B719B179)
Partition: GPT Partition Type.
==================== End Of Log ============================
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by Ellen (administrator) on RONJA on 21-10-2014 22:17:50
Running from C:\Users\Ellen\Desktop
Loaded Profile: Ellen (Available profiles: Ellen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files\V-bates\ExtensionUpdaterService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Users\Ellen\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Ellen\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Spotify Ltd) C:\Users\Ellen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(SWR3.online) C:\Program Files (x86)\RauchFrei\RauchFrei.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN LLC.) C:\Users\Ellen\AppData\Local\VNT\vntldr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13219984 2012-11-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [492248 2012-12-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [VNT] => C:\Program Files (x86)\VNT\vntldr.exe [196504 2014-08-22] (APN LLC.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-10-09] (APN)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-1557007503-3543225825-761289695-1002\...\Run: [Google Update] => C:\Users\Ellen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-16] (Google Inc.)
HKU\S-1-5-21-1557007503-3543225825-761289695-1002\...\Run: [Spotify] => C:\Users\Ellen\AppData\Roaming\Spotify\Spotify.exe [6342200 2014-09-24] (Spotify Ltd)
HKU\S-1-5-21-1557007503-3543225825-761289695-1002\...\Run: [Spotify Web Helper] => C:\Users\Ellen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-24] (Spotify Ltd)
HKU\S-1-5-21-1557007503-3543225825-761289695-1002\...\Run: [SWR3RauchFrei] => C:\Program Files (x86)\RauchFrei\RauchFrei.exe [895488 2004-04-07] (SWR3.online)
HKU\S-1-5-21-1557007503-3543225825-761289695-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1557007503-3543225825-761289695-1002\...\Run: [icq] => C:\Users\Ellen\AppData\Roaming\ICQM\icq.exe [34947592 2014-08-05] (ICQ)
HKU\S-1-5-21-1557007503-3543225825-761289695-1002\...\Run: [Browser Infrastructure Helper] => C:\Users\Ellen\AppData\Local\Smartbar\Application\Smartbar.exe [29696 2014-10-01] (Smartbar)
HKU\S-1-5-21-1557007503-3543225825-761289695-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [467680 2014-07-30] (Sony)
HKU\S-1-5-21-1557007503-3543225825-761289695-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-1557007503-3543225825-761289695-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-1557007503-3543225825-761289695-1002\...\MountPoints2: {86fdd0e4-3068-11e4-bf06-d43d7e2f7bbb} - "E:\Startme.exe"
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
ShortcutTarget: simplicheck.lnk -> C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe (simplitec)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StOI93zwfugoWJItNRYPZ4LD75omQnsdTQyIVo-9ivcTPRRsHnJwZNuxcaTt6gID3UM4l0CI9OsBxW12i2BZlmsQq0q7JJulUh--v7tqYx35fkDWGqfolSPK1bHmxSHweAzz3F39smKxUbHxuDI3UZ4wAyt63dKyafnw1q86QHZJPkHZaDeRJ1deUx0ywduwpbCx_z5UDWOtdJx_k,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StOI93zwfugoWJItNRYPZ4LD75omQnsdTQyIVo-9ivcTPRRsHnJwZNuxcaTt6gID3UM4l0CI9OsBxW12i2BZlmsQq0q7JJulUh--v7tqYx35fkDWGqfolSPK1bHmxSHweAzz3F39smKxUbHxuDI3UZ4wAyt63dKyafnw1q86QHZJPkHZaDeRJ1deUx0ywduwpbCx_z5UDWOtdJx_k,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StOI93zwfugoWJItNRYPZ4LD75omQnsdTQyIVo-9ivcTPRRsHnJwZNuxcaTt6gID3UM4l0CI9OsBxW12i2BZlmsQq0q7JJulUh--v7tqYx35fkDWGqfolSPK1bHmxSHweAzz3F39smKxUbHxuDI3UZ4wAyt63dKyafnw1q86QHZJPkHZaDeRJ1deUx0ywdvZ-5e4VzgYOoU-qQ7-k,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StOI93zwfugoWJItNRYPZ4LD75omQnsdTQyIVo-9ivcTPRRsHnJwZNuxcaTt6gID3UM4l0CI9OsBxW12i2BZlmsQq0q7JJulUh--v7tqYx35fkDWGqfolSPK1bHmxSHweAzz3F39smKxUbHxuDI3UZ4wAyt63dKyafnw1q86QHZJPkHZaDeRJ1deUx0ywdvZ-5e4VzgYOoU-qQ7-k,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StOI93zwfugoWJItNRYPZ4LD75omQnsdTQyIVo-9ivcTPRRsHnJwZNuxcaTt6gID3UM4l0CI9OsBxW12i2BZlmsQq0q7JJulUh--v7tqYx35fkDWGqfolSPK1bHmxSHweAzz3F39smKxUbHxuDI3UZ4wAyt63dKyafnw1q86QHZJPkHZaDeRJ1deUx0ywduwpbCx_z5UDWOtdJx_k,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StOI93zwfugoWJItNRYPZ4LD75omQnsdTQyIVo-9ivcTPRRsHnJwZNuxcaTt6gID3UM4l0CI9OsBxW12i2BZlmsQq0q7JJulUh--v7tqYx35fkDWGqfolSPK1bHmxSHweAzz3F39smKxUbHxuDI3UZ4wAyt63dKyafnw1q86QHZJPkHZaDeRJ1deUx0ywduwpbCx_z5UDWOtdJx_k,&q={searchTerms}
BHO: Speed Test 127 -> {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} -> C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll (BestOffers)
BHO: V-bates -> {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} -> C:\Program Files\V-bates\Extension64.dll ()
BHO: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-4300-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Speed Test 127 -> {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} -> C:\Program Files (x86)\Speed Test 127\ScriptHost.dll (BestOffers)
BHO-x32: V-bates -> {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} -> C:\Program Files\V-bates\Extension32.dll ()
BHO-x32: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-4300-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Ellen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Ellen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF Extension: V-bates - C:\Program Files\V-bates\Firefox [2013-12-13]
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (Avira Browser Safety) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-09]
CHR Extension: (Avira SafeSearch) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmiahjidflgnbiadknkmaimfpjkelng [2014-10-09]
CHR Extension: (Google Wallet) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR HKLM\...\Chrome\Extension: [pcoohmdcpejoeggdnihdfhohjgdbllgm] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\ToolbarCR.crx [2014-10-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pcoohmdcpejoeggdnihdfhohjgdbllgm] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\ToolbarCR.crx [2014-10-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-09-20] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 V-bates Updater; C:\Program Files\V-bates\ExtensionUpdaterService.exe [209408 2014-01-08] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-21 22:01 - 2014-10-21 22:02 - 00031428 _____ () C:\Users\Ellen\Desktop\Addition.txt
2014-10-21 22:00 - 2014-10-21 22:00 - 02110976 _____ (Farbar) C:\Users\Ellen\Desktop\FRST64.exe
2014-10-21 19:18 - 2014-10-21 19:18 - 00038829 _____ () C:\Users\Ellen\Downloads\otl-log.zip
2014-10-21 11:59 - 2014-10-21 11:59 - 00001356 _____ () C:\Users\Ellen\Desktop\Ereignisse Avira - Verknüpfung.lnk
2014-10-21 11:41 - 2014-10-21 11:42 - 00000000 ____D () C:\Users\Ellen\Desktop\Quarantäne
2014-10-21 11:40 - 2014-10-03 20:40 - 01392310 _____ () C:\Users\Ellen\Desktop\518e7921.qua
2014-10-21 11:40 - 2014-09-18 16:37 - 01382586 _____ () C:\Users\Ellen\Desktop\519d4d6a.qua
2014-10-21 11:19 - 2014-10-21 11:19 - 00001252 _____ () C:\Users\Ellen\Desktop\FRST - Verknüpfung.lnk
2014-10-21 11:14 - 2014-10-21 11:14 - 00003053 _____ () C:\Users\Ellen\Desktop\Gmer.txt
2014-10-21 10:53 - 2014-10-21 10:53 - 00380416 _____ () C:\Users\Ellen\Downloads\Gmer-19357 (1).exe
2014-10-21 10:52 - 2014-10-21 10:52 - 00380416 _____ () C:\Users\Ellen\Desktop\Gmer-19357.exe
2014-10-21 10:19 - 2014-10-21 22:17 - 00019596 _____ () C:\Users\Ellen\Desktop\FRST.txt
2014-10-21 10:19 - 2014-10-21 10:20 - 00028781 _____ () C:\Users\Ellen\Downloads\Addition.txt
2014-10-21 10:18 - 2014-10-21 22:17 - 00000000 ____D () C:\FRST
2014-10-21 09:43 - 2014-10-21 09:43 - 00000472 _____ () C:\Users\Ellen\Downloads\defogger_disable.log
2014-10-21 09:43 - 2014-10-21 09:43 - 00000000 _____ () C:\Users\Ellen\defogger_reenable
2014-10-21 09:30 - 2014-10-21 09:30 - 00050477 _____ () C:\Users\Ellen\Desktop\Defogger.exe
2014-10-20 11:18 - 2014-10-20 21:19 - 00002314 _____ () C:\WINDOWS\setupact.log
2014-10-20 11:18 - 2014-10-20 11:18 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-10-19 08:05 - 2014-10-19 08:05 - 00002744 _____ () C:\WINDOWS\PFRO.log
2014-10-18 09:53 - 2014-09-28 00:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-18 09:53 - 2014-09-08 05:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-18 09:53 - 2014-09-08 03:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-18 09:53 - 2014-09-08 03:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-18 09:53 - 2014-09-08 02:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-18 09:53 - 2014-09-08 02:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-18 09:53 - 2014-09-08 02:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-18 09:53 - 2014-09-08 02:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-18 09:53 - 2014-09-08 02:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-18 09:53 - 2014-09-08 02:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-18 09:53 - 2014-09-08 02:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-18 09:53 - 2014-09-08 01:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-18 09:53 - 2014-09-08 01:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-18 09:53 - 2014-09-08 01:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-18 09:53 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-18 09:53 - 2014-09-04 01:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-18 09:53 - 2014-09-04 01:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-18 09:52 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-18 09:52 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-18 09:52 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-18 09:52 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-18 09:52 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-18 09:52 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-18 09:52 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-18 09:52 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-18 09:52 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-18 09:52 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-18 09:52 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-18 09:52 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-18 09:52 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-18 09:52 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-18 09:52 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-18 09:52 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-18 09:52 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-18 09:52 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-18 09:52 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-18 09:52 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-18 09:52 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-18 09:52 - 2014-09-19 02:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-18 09:52 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-18 09:52 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-18 09:52 - 2014-09-19 02:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-18 09:52 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-18 09:52 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-18 09:52 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-18 09:52 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-18 09:52 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-18 09:52 - 2014-09-08 01:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-18 09:51 - 2014-10-10 00:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-10-18 09:51 - 2014-10-09 00:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-10-18 09:51 - 2014-09-19 03:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-10-18 09:51 - 2014-09-13 08:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-18 09:51 - 2014-09-13 07:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-18 09:51 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-18 09:51 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-18 09:51 - 2014-08-16 06:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-18 09:51 - 2014-08-16 06:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-18 09:51 - 2014-08-16 06:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-18 09:51 - 2014-08-16 05:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-18 09:51 - 2014-08-16 05:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-18 09:51 - 2014-08-16 05:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-18 09:51 - 2014-08-16 05:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-18 09:51 - 2014-08-16 05:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-18 09:51 - 2014-08-16 05:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-18 09:51 - 2014-08-16 03:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-18 09:51 - 2014-08-16 03:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-18 09:51 - 2014-08-16 02:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-18 09:51 - 2014-08-16 02:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-18 09:51 - 2014-08-16 02:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-18 09:51 - 2014-08-16 02:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-18 09:51 - 2014-08-16 02:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-18 09:51 - 2014-08-16 02:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-18 09:51 - 2014-08-16 02:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-18 09:51 - 2014-08-16 02:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-18 09:51 - 2014-08-16 02:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-18 09:51 - 2014-08-16 02:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-18 09:51 - 2014-08-16 02:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-18 09:51 - 2014-08-16 02:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-18 09:51 - 2014-08-16 02:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-18 09:51 - 2014-08-16 02:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-18 09:51 - 2014-08-16 02:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-18 09:51 - 2014-08-16 02:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-18 09:51 - 2014-08-16 02:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-18 09:51 - 2014-08-16 02:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-18 09:51 - 2014-08-16 02:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-18 09:51 - 2014-08-16 02:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-18 09:51 - 2014-08-16 02:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-18 09:51 - 2014-08-16 02:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-18 09:51 - 2014-08-16 02:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-18 09:51 - 2014-08-01 01:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-18 09:49 - 2014-09-13 08:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-18 09:49 - 2014-09-13 07:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-18 09:49 - 2014-08-29 03:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-18 09:49 - 2014-08-29 01:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-18 09:49 - 2014-08-29 01:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-10 08:46 - 2014-10-10 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-10-03 20:31 - 2014-10-03 20:31 - 00000000 ____D () C:\ProgramData\Meteoroids
2014-09-25 11:16 - 2014-09-25 11:16 - 00000383 _____ () C:\Users\Ellen\Desktop\Ein ganzes halbes Jahr (Ungekürzt) - Verknüpfung.lnk
2014-09-25 11:16 - 2014-09-25 11:16 - 00000377 _____ () C:\Users\Ellen\Desktop\01 Der Junge der Träume schenkte - Verknüpfung.lnk
2014-09-25 11:16 - 2014-09-25 11:16 - 00000332 _____ () C:\Users\Ellen\Desktop\01 Das weise Herz - Verknüpfung.lnk
2014-09-24 11:33 - 2014-09-24 11:33 - 00001473 _____ () C:\Users\Ellen\Desktop\057 - Verknüpfung.lnk
2014-09-24 11:33 - 2014-09-24 11:33 - 00001473 _____ () C:\Users\Ellen\Desktop\056 - Verknüpfung.lnk
2014-09-24 11:33 - 2014-09-24 11:33 - 00001473 _____ () C:\Users\Ellen\Desktop\055 - Verknüpfung.lnk
2014-09-24 11:32 - 2014-09-24 11:32 - 00001473 _____ () C:\Users\Ellen\Desktop\054 - Verknüpfung.lnk
2014-09-24 11:32 - 2014-09-24 11:32 - 00001451 _____ () C:\Users\Ellen\Downloads\054 - Verknüpfung.lnk
2014-09-23 13:35 - 2014-09-23 13:38 - 70638408 _____ (Apple Inc.) C:\Users\Ellen\Downloads\iCloudSetup.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-21 22:14 - 2013-08-20 09:25 - 00000000 ____D () C:\Users\Ellen\AppData\Roaming\Skype
2014-10-21 22:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-21 21:56 - 2014-01-13 12:26 - 00000304 _____ () C:\WINDOWS\Tasks\FF Watcher {AFB8A0E7-8234-46A7-8D21-841C4DEE507B}.job
2014-10-21 21:51 - 2013-08-16 13:08 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1557007503-3543225825-761289695-1002UA.job
2014-10-21 17:49 - 2013-08-15 22:24 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1557007503-3543225825-761289695-1002
2014-10-21 17:12 - 2014-05-14 15:19 - 01792476 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-21 16:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-21 16:43 - 2014-04-18 15:03 - 00000000 __RDO () C:\Users\Ellen\OneDrive
2014-10-21 16:43 - 2013-08-16 13:09 - 00002411 _____ () C:\Users\Ellen\Desktop\Google Chrome.lnk
2014-10-21 12:52 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-21 12:52 - 2013-11-14 09:11 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2014-10-21 12:52 - 2013-11-14 09:11 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2014-10-21 12:51 - 2013-08-16 13:08 - 00001080 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1557007503-3543225825-761289695-1002Core.job
2014-10-21 12:48 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-21 09:43 - 2013-12-21 18:26 - 00000000 ____D () C:\Users\Ellen
2014-10-21 09:01 - 2013-12-25 20:37 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{73FB94E5-29FB-46FE-8CF4-912163DFFFC7}
2014-10-20 12:20 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-19 21:25 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-10-19 09:04 - 2014-01-16 18:59 - 00067291 _____ () C:\WINDOWS\system32\lvcoinst.log
2014-10-18 15:01 - 2014-08-14 13:24 - 00000296 _____ () C:\WINDOWS\Tasks\System Speedup_DEFAULT.job
2014-10-18 14:22 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-18 13:37 - 2014-08-08 11:16 - 00001157 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-18 13:37 - 2013-12-21 19:08 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-18 13:37 - 2013-12-21 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-18 13:37 - 2013-12-21 11:32 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-18 13:31 - 2013-08-22 16:44 - 00368784 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-18 12:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-18 12:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-18 12:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-18 12:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-18 12:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-18 10:41 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-18 10:39 - 2013-08-18 12:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-18 10:36 - 2013-01-07 19:56 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-18 10:35 - 2014-07-09 07:55 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-10-14 07:22 - 2014-08-14 13:23 - 00000000 ____D () C:\ProgramData\WSiUTsFebDy
2014-10-11 19:41 - 2013-08-16 20:27 - 00000000 ____D () C:\Users\Ellen\AppData\Roaming\Spotify
2014-10-11 19:36 - 2013-08-16 20:29 - 00000000 ____D () C:\Users\Ellen\AppData\Local\Spotify
2014-10-11 15:23 - 2013-12-21 11:34 - 00000000 ____D () C:\Program Files (x86)\VNT
2014-10-09 14:19 - 2013-12-21 11:32 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-10-09 14:19 - 2013-12-21 11:32 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-10-09 14:19 - 2013-12-21 11:32 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-10-02 13:59 - 2014-08-14 13:33 - 00000000 ____D () C:\Users\Ellen\AppData\Local\Smartbar
2014-10-01 13:24 - 2014-08-14 13:24 - 00000304 _____ () C:\WINDOWS\Tasks\System Speedup_UPDATES.job
2014-09-30 00:45 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-30 00:45 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-25 11:40 - 2013-12-22 16:15 - 00000000 ____D () C:\Users\Ellen\AppData\Local\Audible
2014-09-23 14:30 - 2013-08-16 19:25 - 00000000 ____D () C:\Users\Ellen\AppData\Roaming\Apple Computer
2014-09-23 14:24 - 2013-08-16 19:25 - 00000000 ____D () C:\Users\Ellen\AppData\Local\Apple Computer
2014-09-23 13:40 - 2013-08-16 19:24 - 00000000 ____D () C:\Program Files\Common Files\Apple
Some content of TEMP:
====================
C:\Users\Ellen\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-21 12:59
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- --- |
So funktioniert es:
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
dann auf 
und dann auf 
. 
