HtHNightwolf | 30.04.2015 15:04 | Na, dann wollen wir mal hoffen:FRST Additions Logfile:
FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by **** **** at 2015-04-30 15:59:45
Running from C:\Users\**** ****\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2590940804-3939260128-1084211970-500 - Administrator - Disabled)
Gast (S-1-5-21-2590940804-3939260128-1084211970-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2590940804-3939260128-1084211970-1004 - Limited - Enabled)
**** **** (S-1-5-21-2590940804-3939260128-1084211970-1005 - Administrator - Enabled) => C:\Users\**** ****
serviceuser (S-1-5-21-2590940804-3939260128-1084211970-1002 - Administrator - Enabled) => C:\Users\serviceuser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Disabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{123A22CB-6D84-4135-A71F-886C9119E996}) (Version: 99.9 - Eyeo GmbH)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AxCrypt 1.7.3156.0 (HKLM\...\{8B49CDB9-824C-44D6-A5D3-D0235D3030B8}) (Version: 1.7.3156.0 - Axantum Software AB)
Classic Shell (HKLM\...\{7F34ADBE-77C0-47A0-BBC6-B3DA16CE8E68}) (Version: 3.6.7 - IvoSoft)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1924 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.2006 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4330 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FRITZ!Fernzugang (HKLM\...\{5001E5BC-C9BF-4598-AB89-E7318C76C5F4}) (Version: 1.2.6 - AVM Berlin)
G DATA INTERNET SECURITY (HKLM-x32\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.2 - G DATA Software AG)
Google Chrome (HKLM-x32\...\{93AC3E1B-6EB7-3F2E-A187-CE742EF09CCD}) (Version: 66.65.49242 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{29989969-FED8-4EFB-8FB2-39429D37E471}) (Version: 5.1.5.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{FCD58C04-324A-40D1-BA9E-1A754DF1736D}) (Version: 1.2.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 8 (HKLM-x32\...\{50F16F43-54B8-43DB-B96F-255546DFB990}) (Version: 1.0.1.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1106.1_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{B50981AD-95E8-4E4D-912A-7C4B738387CA}) (Version: 3.4.6.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{D1E7D876-6B86-4B35-A93D-15B0D6C43EAF}) (Version: 8.5.4.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{A9088865-5AB9-4E37-A82F-CB264E0B5415}) (Version: 1.0.3.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4711.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2590940804-3939260128-1084211970-1005\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Opera Stable 29.0.1795.47 (HKLM-x32\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.8 - PDF Complete, Inc)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{ED818A3C-3DF5-CDCF-3DB2-A646D7B31A16}) (Version: 9.0.717.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.2.612.2012 - Realtek)
RSA SecurID Software Token (HKLM-x32\...\{24C4AC5A-67A4-4E1D-B30C-8C7A01712607}) (Version: 4.1.0 - RSA, The Security Division of EMC)
RSA Smart Card Middleware 3.5 (HKLM-x32\...\{AC2F9FCC-170E-4B0B-84AB-7307A373570F}) (Version: 3.5.3.36 - RSA, The Security Division of EMC)
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V6.2L24 - PFU)
ScanSnap Manager (x32 Version: 6.2.24.1.1 - PFU) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
TeamViewer 7 Host (HKLM-x32\...\TeamViewer 7 Host) (Version: 7.0.39049 - TeamViewer)
ThomasLloyd Angebotsrechner (HKLM-x32\...\{862BD6A8-0749-4A99-9D59-52788987527D}) (Version: 1.1.1.0 - testroom.de)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
VHV RECOMAX (HKLM-x32\...\{53CFF9B1-4ED7-4114-8ECF-ADD13BC8AC57}) (Version: 7.02 - VHV Allgemeine Versicherung AG)
VHV-Tarifprogramm (HKLM-x32\...\{AC2E0432-9092-42F8-B4C2-E95DF8ADE82C}) (Version: 56.0.23 - VHV Allgemeine Versicherung AG)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows-Treiberpaket - Microsoft (USBCCID) SmartCardReader (05/17/2005 5.2.3790.2444) (HKLM\...\E38B2136962D21A7BDE5AAC98CD1C6EA6B6D0687) (Version: 05/17/2005 5.2.3790.2444 - Microsoft)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2590940804-3939260128-1084211970-1005_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\**** ****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2590940804-3939260128-1084211970-1005_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\**** ****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2590940804-3939260128-1084211970-1005_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\**** ****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2590940804-3939260128-1084211970-1005_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\**** ****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
14-04-2015 11:08:39 Geplanter Prüfpunkt
23-04-2015 15:42:49 Geplanter Prüfpunkt
28-04-2015 09:50:31 Revo Uninstaller's restore point - Google Chrome
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {272DBC88-A190-4FFB-9C24-A6282BD392B6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for OPFNB01W8-**** **** OPFNB01W8 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {283C14AF-81EC-4939-8558-3336DAC9B908} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.)
Task: {3A274FC1-1AAB-4631-B2AE-0E368FDC531F} - System32\Tasks\Opera scheduled Autoupdate 1422520709 => C:\Program Files (x86)\Opera\launcher.exe [2015-04-17] (Opera Software)
Task: {495328ED-3FD7-4B99-8761-EB22C798478A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {510FADD1-8F1D-4177-9A29-DA42CB0D5391} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {621DA10D-C293-466A-9C5B-D0E2E44D692A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {646CA6F1-623C-428D-9FD5-D734514B5A4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {6A3BEE26-6BC1-4BA0-8A9F-E84DC15C54AB} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
Task: {822F43A7-325E-4D93-BBB8-242A9F8D36DE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-16] (Microsoft Corporation)
Task: {86C4695D-D0CC-4240-86F7-ADE44DE57BD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.)
Task: {88538267-0352-4F39-9475-1BF15B6266E2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-03-10] (Microsoft Corporation)
Task: {A29C86C1-3E0D-44D6-9C10-142F079EABF0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A75C9BDF-A962-464B-8D22-F14451E54922} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-03-10] (Microsoft Corporation)
Task: {CE6E79F9-3AE9-4356-8549-AD866EC61C0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-08] (Hewlett-Packard Company)
Task: {E44F60F7-F3D8-45BC-BF4F-EDCEBF8E4844} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {F89CC9E3-4FDD-4E3D-BCC6-2E0FE6F736B3} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {FC0BAAA3-DDE6-4328-8010-562C8F4B5826} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-02-20 08:01 - 2015-02-20 08:01 - 00022528 _____ () C:\WINDOWS\System32\us001lm.dll
2014-03-20 13:05 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-08-15 00:13 - 2012-08-15 00:13 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2015-02-20 05:42 - 2015-02-20 05:42 - 00382072 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2012-08-15 00:11 - 2012-08-15 00:11 - 00022528 _____ () C:\Windows\system32\BsTrace.dll
2012-11-23 07:07 - 2012-07-18 08:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-08-15 00:11 - 2012-08-15 00:11 - 00022528 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2012-08-15 00:16 - 2012-08-15 00:16 - 00072192 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll
2012-08-16 03:20 - 2012-08-16 03:20 - 00356352 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll
2012-08-15 00:13 - 2012-08-15 00:13 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-08-15 00:13 - 2012-08-15 00:13 - 00052736 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2590940804-3939260128-1084211970-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\**** ****\Pictures\Silke Australien 2013 Teil 1\DSCN0280.JPG
DNS Servers: 192.168.10.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "ScanSnap Manager.lnk"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "T-Mobile ModemListener"
HKU\S-1-5-21-2590940804-3939260128-1084211970-1005\...\StartupApproved\Run: => "Optimizer Pro"
HKU\S-1-5-21-2590940804-3939260128-1084211970-1005\...\StartupApproved\Run: => "LiveSupport"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [UDP Query User{BF570D48-FD72-4CE0-A195-2AAFDF04F0EC}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{3A66DE75-B5F7-40CB-A9D8-3CD06F9E3599}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{B18D1BF7-75D9-43AB-861C-9C64FFAD571D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{90CADE6C-4D06-4101-8FEF-39EB26CFD89A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{AD488724-B811-4BD0-856C-E2F4FCD7EF58}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C57CC452-2B11-4BC4-884D-538206597FA4}] => (Allow) LPort=1900
FirewallRules: [{F6359149-A25D-463F-A93E-BE84EC705C18}] => (Allow) LPort=2869
FirewallRules: [{7C1963A4-5537-4C98-8442-498F01FE4C4F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{45912809-7EE6-4936-B3E8-FE29B5DA12B4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{7C4F15F6-7DC7-4E51-BCED-769D5D757F10}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{4033EFED-3F5B-435C-B2A1-14BD0E10FCCD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{DA2C7ADA-EAEA-4662-8DBC-80D464C2B688}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{B63533A3-8D06-428F-8405-6F95B313D8E7}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{510FD41E-0942-428A-9415-10FCE499018D}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{7917D16F-4001-4962-95D1-6A53E763E2C5}] => (Allow) C:\Users\serviceuser\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{438F6351-08B9-4A91-9581-243CB3C7A710}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0E275AA3-BC6F-4D02-8F52-5932253FE7D6}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{0CFBD356-7374-440D-9E97-CAEE7105882A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1D3BEDA9-70FE-426A-A931-D538995119D0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1A4D9E2D-1BD2-45BD-9727-5CFC08349038}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0BCE6C9B-334A-420F-8AB1-E0E8B6F6E8CE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{19DE3EA4-9601-4EE6-A437-5D851C64FE26}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{BE062543-9710-4086-B9E1-9768C0D09283}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{B48EE164-CDD7-4BF9-9549-762866AD8E34}] => (Allow) C:\VHV\VHV Tarifprogramm\VPL_APPS\Versandzentrale\VHVKommunikationszentrale.exe
FirewallRules: [{45743C02-9EA6-4611-8B0B-A1593B248CA6}] => (Allow) C:\VHV\VHV Tarifprogramm\VPL_APPS\Versandzentrale\VHVKommunikationszentrale.exe
FirewallRules: [{874515BA-B32B-469C-A78B-DEE05BCCEE3E}] => (Allow) C:\VHV\VHV Tarifprogramm\VPL_APPS\Versandzentrale\VHVKommunikationszentrale.exe
FirewallRules: [{2930F5C4-CECF-4AD8-9B6E-3D429345FF0F}] => (Allow) C:\VHV\VHV Tarifprogramm\VPL_APPS\Versandzentrale\VHVKommunikationszentrale.exe
FirewallRules: [{612C1DD8-EE41-408A-8389-070A7295D3DB}] => (Allow) C:\VHV\VHV Tarifprogramm\VPL_APPS\Versandzentrale\jre\bin\javaw.exe
FirewallRules: [{239B9F0C-F50F-4C25-AA16-E4D1C9C4A4BC}] => (Allow) C:\VHV\VHV Tarifprogramm\VPL_APPS\Versandzentrale\jre\bin\javaw.exe
FirewallRules: [{B635E286-2512-4BAC-BD42-F42737F9E1DE}] => (Allow) C:\VHV\VHV Tarifprogramm\VPL_APPS\Versandzentrale\jre\bin\javaw.exe
FirewallRules: [{94C8C81C-9DD7-4AE5-A479-E2AA0CA2265D}] => (Allow) C:\VHV\VHV Tarifprogramm\VPL_APPS\Versandzentrale\jre\bin\javaw.exe
FirewallRules: [TCP Query User{8C4FF156-37B6-4279-B8E1-8EA454F32496}C:\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe] => (Allow) C:\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe
FirewallRules: [UDP Query User{8BD174EF-7932-47A7-B536-D14F36A1C464}C:\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe] => (Allow) C:\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe
FirewallRules: [{9CF0441C-91C9-4D00-A0B7-C84FE55D1DED}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{43561BEB-5186-4FA5-9DB6-37EADA9A5425}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{4E5C47E4-42CB-479B-94B9-7A28A0341093}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{DE311D9E-96F1-4C22-9881-CD62DA8C7F7E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{958202E9-B461-4696-809B-59AD91D0F1B7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{8F01CC0A-811D-44D2-A90D-2198165DA4FE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{12DC2278-FE06-4190-8C24-49F15DB1E2AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/30/2015 10:44:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/30/2015 10:36:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/30/2015 09:43:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BlueSoleilCS.exe, Version: 9.0.716.0, Zeitstempel: 0x5029ea6a
Name des fehlerhaften Moduls: tl_filter.dll, Version: 0.0.0.0, Zeitstempel: 0x5029b6ce
Ausnahmecode: 0xc0000094
Fehleroffset: 0x0000d53d
ID des fehlerhaften Prozesses: 0xb94
Startzeit der fehlerhaften Anwendung: 0xBlueSoleilCS.exe0
Pfad der fehlerhaften Anwendung: BlueSoleilCS.exe1
Pfad des fehlerhaften Moduls: BlueSoleilCS.exe2
Berichtskennung: BlueSoleilCS.exe3
Vollständiger Name des fehlerhaften Pakets: BlueSoleilCS.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BlueSoleilCS.exe5
Error: (04/29/2015 01:43:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/29/2015 00:29:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/29/2015 09:59:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BlueSoleilCS.exe, Version: 9.0.716.0, Zeitstempel: 0x5029ea6a
Name des fehlerhaften Moduls: tl_filter.dll, Version: 0.0.0.0, Zeitstempel: 0x5029b6ce
Ausnahmecode: 0xc0000094
Fehleroffset: 0x0000d53d
ID des fehlerhaften Prozesses: 0x930
Startzeit der fehlerhaften Anwendung: 0xBlueSoleilCS.exe0
Pfad der fehlerhaften Anwendung: BlueSoleilCS.exe1
Pfad des fehlerhaften Moduls: BlueSoleilCS.exe2
Berichtskennung: BlueSoleilCS.exe3
Vollständiger Name des fehlerhaften Pakets: BlueSoleilCS.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BlueSoleilCS.exe5
Error: (04/29/2015 09:58:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BlueSoleilCS.exe, Version: 9.0.716.0, Zeitstempel: 0x5029ea6a
Name des fehlerhaften Moduls: tl_filter.dll, Version: 0.0.0.0, Zeitstempel: 0x5029b6ce
Ausnahmecode: 0xc0000094
Fehleroffset: 0x0000d53d
ID des fehlerhaften Prozesses: 0x79c
Startzeit der fehlerhaften Anwendung: 0xBlueSoleilCS.exe0
Pfad der fehlerhaften Anwendung: BlueSoleilCS.exe1
Pfad des fehlerhaften Moduls: BlueSoleilCS.exe2
Berichtskennung: BlueSoleilCS.exe3
Vollständiger Name des fehlerhaften Pakets: BlueSoleilCS.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BlueSoleilCS.exe5
Error: (04/29/2015 09:52:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: setup.exe_G Data Security Setup, Version: 1.0.15051.670, Zeitstempel: 0x54e70822
Name des fehlerhaften Moduls: gdig9NNXFH.dll.tmp_unloaded, Version: 1.0.15051.669, Zeitstempel: 0x54e707d2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002775
ID des fehlerhaften Prozesses: 0x10e4
Startzeit der fehlerhaften Anwendung: 0xsetup.exe_G Data Security Setup0
Pfad der fehlerhaften Anwendung: setup.exe_G Data Security Setup1
Pfad des fehlerhaften Moduls: setup.exe_G Data Security Setup2
Berichtskennung: setup.exe_G Data Security Setup3
Vollständiger Name des fehlerhaften Pakets: setup.exe_G Data Security Setup4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: setup.exe_G Data Security Setup5
Error: (04/29/2015 09:52:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: setup.exe_G Data Security Setup, Version: 1.0.15051.670, Zeitstempel: 0x54e70822
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x006e0070
ID des fehlerhaften Prozesses: 0x10e4
Startzeit der fehlerhaften Anwendung: 0xsetup.exe_G Data Security Setup0
Pfad der fehlerhaften Anwendung: setup.exe_G Data Security Setup1
Pfad des fehlerhaften Moduls: setup.exe_G Data Security Setup2
Berichtskennung: setup.exe_G Data Security Setup3
Vollständiger Name des fehlerhaften Pakets: setup.exe_G Data Security Setup4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: setup.exe_G Data Security Setup5
Error: (04/29/2015 09:42:34 AM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: CreateProvider failed (0x80320009)
System errors:
=============
Error: (04/30/2015 03:51:40 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (04/30/2015 03:51:40 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 112.
Error: (04/30/2015 03:51:39 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (04/30/2015 03:51:39 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (04/30/2015 03:51:39 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (04/30/2015 03:51:39 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 112.
Error: (04/30/2015 03:51:39 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 112.
Error: (04/30/2015 03:51:39 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 112.
Error: (04/30/2015 03:46:15 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (04/30/2015 03:46:15 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Microsoft Office Sessions:
=========================
Error: (04/30/2015 10:44:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\VHV\ReCoMax\Treiber\dpinst\ia64\dpinst.exe
Error: (04/30/2015 10:36:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\VHV\ReCoMax\Treiber\dpinst\ia64\dpinst.exe
Error: (04/30/2015 09:43:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BlueSoleilCS.exe9.0.716.05029ea6atl_filter.dll0.0.0.05029b6cec00000940000d53db9401d083195e2f0b0aC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exec:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dlla203040b-ef0c-11e4-bf32-a41731145a48
Error: (04/29/2015 01:43:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\VHV\ReCoMax\Treiber\dpinst\ia64\dpinst.exe
Error: (04/29/2015 00:29:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\VHV\ReCoMax\Treiber\dpinst\ia64\dpinst.exe
Error: (04/29/2015 09:59:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BlueSoleilCS.exe9.0.716.05029ea6atl_filter.dll0.0.0.05029b6cec00000940000d53d93001d0825278bedfc8C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exec:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dllb99bb174-ee45-11e4-bf32-a41731145a48
Error: (04/29/2015 09:58:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BlueSoleilCS.exe9.0.716.05029ea6atl_filter.dll0.0.0.05029b6cec00000940000d53d79c01d0825233eea5f3C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exec:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll79abbce0-ee45-11e4-bf32-a41731145a48
Error: (04/29/2015 09:52:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: setup.exe_G Data Security Setup1.0.15051.67054e70822gdig9NNXFH.dll.tmp_unloaded1.0.15051.66954e707d2c00000050000277510e401d0825169d7bbd6C:\ProgramData\G Data\Setups\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}\setup.exegdig9NNXFH.dll.tmpb869d6b5-ee44-11e4-bf31-a41731145a48
Error: (04/29/2015 09:52:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: setup.exe_G Data Security Setup1.0.15051.67054e70822unknown0.0.0.000000000c0000005006e007010e401d0825169d7bbd6C:\ProgramData\G Data\Setups\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}\setup.exeunknownb429c85e-ee44-11e4-bf31-a41731145a48
Error: (04/29/2015 09:42:34 AM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: CreateProvider failed (0x80320009)
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 44%
Total physical RAM: 3976.24 MB
Available physical RAM: 2211.67 MB
Total Pagefile: 4680.24 MB
Available Pagefile: 2504.61 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:448.7 GB) (Free:361.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32
Drive f: (HP_RECOVERY) (Fixed) (Total:13.42 GB) (Free:1.97 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A50E1C7D)
Partition: GPT Partition Type.
==================== End Of Log ============================ --- --- ---
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by **** **** (administrator) on OPFNB01W8 on 30-04-2015 15:58:15
Running from C:\Users\**** ****\Downloads
Loaded Profiles: **** **** (Available profiles: serviceuser & **** ****)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\FRITZVPN.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(RSA, The Security Division of EMC.) C:\Program Files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe
(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe
(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-06] (IDT, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-07-17] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-08-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [BtTray] => c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364032 2012-08-16] (IVT Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG)
HKLM-x32\...\Run: [RSA Card Conversion Utility] => C:\Program Files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe [3499728 2010-08-27] (RSA, The Security Division of EMC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-02-10] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2015-04-07]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk [2013-08-08]
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\vrtoolcheckorder.exe (VR-NetWorld Software)
Startup: C:\Users\**** ****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk [2013-10-03]
ShortcutTarget: FRITZ!Fernzugang.lnk -> C:\Program Files\FRITZ!Fernzugang\FRITZVPN.exe (AVM Berlin)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-04-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-04-12] (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/10
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2590940804-3939260128-1084211970-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-04-12] (IvoSoft)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll [2013-04-12] (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-04-12] (IvoSoft)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-10] (Hewlett-Packard)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll [2013-04-12] (IvoSoft)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-04-12] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-04-12] (IvoSoft)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-08-14] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\**** ****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\**** ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-29]
CHR Extension: (Google Docs) - C:\Users\**** ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-29]
CHR Extension: (Google Drive) - C:\Users\**** ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-29]
CHR Extension: (YouTube) - C:\Users\**** ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-29]
CHR Extension: (Google Search) - C:\Users\**** ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-29]
CHR Extension: (Google Sheets) - C:\Users\**** ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-29]
CHR Extension: (Bookmark Manager) - C:\Users\**** ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\**** ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-29]
CHR Extension: (Google Wallet) - C:\Users\**** ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-29]
CHR Extension: (Gmail) - C:\Users\**** ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-29]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2527864 2015-03-04] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [3672560 2015-02-20] (G Data Software AG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [336248 2012-02-02] (AVM Berlin)
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1578496 2012-08-15] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-08-15] (IVT Corporation) [File not signed]
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143736 2011-10-31] (AVM Berlin)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-03-18] (Microsoft Corporation)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3193080 2015-02-20] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-08-29] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2011-10-31] (AVM Berlin)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134624 2012-07-17] (PDF Complete Inc)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-06] (IDT, Inc.) [File not signed]
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
U4 BthHFSrv; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-20] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-14] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [150016 2015-04-07] (G Data Software AG)
S0 GDElam; C:\Windows\System32\DRIVERS\GDElam.sys [117904 2015-01-08] (G Data Software AG)
R3 GDKBB; C:\WINDOWS\system32\drivers\GDKBB64.sys [27648 2015-04-07] (G Data Software AG)
R3 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [20992 2015-04-07] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [230400 2015-04-07] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [91648 2015-04-07] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2015-04-07] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2015-04-13] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [124928 2015-04-07] (G Data Software AG)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NWIM; C:\Windows\system32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-15] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1862536 2012-07-28] ()
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-04] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-30 15:58 - 2015-04-30 15:59 - 00019885 _____ () C:\Users\**** ****\Downloads\FRST.txt
2015-04-30 15:57 - 2015-04-30 15:57 - 00000000 ____D () C:\Users\**** ****\Downloads\FRST-OlderVersion
2015-04-29 10:00 - 2015-04-29 10:00 - 00000000 ____D () C:\Users\**** ****\AppData\Local\Google
2015-04-29 09:38 - 2015-04-29 09:38 - 00000163 _____ () C:\Users\**** ****\Desktop\Spenden für das Trojaner-Board.url
2015-04-28 09:59 - 2015-04-28 09:59 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2015-04-28 09:55 - 2015-04-28 09:55 - 02347384 _____ (ESET) C:\Users\**** ****\Downloads\esetsmartinstaller_deu.exe
2015-04-28 09:55 - 2015-04-28 09:55 - 00002232 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-28 09:55 - 2015-04-28 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-28 09:54 - 2015-04-30 15:59 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-28 09:54 - 2015-04-30 09:59 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-28 09:54 - 2015-04-28 09:54 - 00004098 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-28 09:54 - 2015-04-28 09:54 - 00003862 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-27 12:27 - 2015-04-27 12:27 - 00001389 _____ () C:\Users\**** ****\Desktop\MBAM.txt
2015-04-27 11:43 - 2015-04-27 12:14 - 00000000 ____D () C:\AdwCleaner
2015-04-27 11:43 - 2015-04-27 11:43 - 02224640 _____ () C:\Users\**** ****\Downloads\AdwCleaner_4.202.exe
2015-04-27 11:37 - 2015-04-27 11:37 - 00000000 ____D () C:\Users\**** ****\Downloads\RevoUninstallerPortable
2015-04-27 11:36 - 2015-04-27 11:36 - 02785665 _____ (PortableApps.com) C:\Users\**** ****\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-04-27 11:17 - 2015-04-30 15:58 - 00000000 ____D () C:\FRST
2015-04-27 11:13 - 2015-04-30 15:57 - 02101248 _____ (Farbar) C:\Users\**** ****\Downloads\FRST64.exe
2015-04-15 09:20 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 09:20 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 09:20 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 09:20 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 09:20 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 09:20 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 09:20 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 09:20 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 09:20 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 09:20 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 09:20 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 09:20 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 09:20 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 09:20 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 09:20 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 09:20 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 09:20 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 09:20 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 09:20 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 09:19 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 09:19 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 09:19 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 09:19 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 09:19 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 09:19 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 09:19 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 09:19 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 09:19 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 09:19 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 09:19 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 09:19 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 09:19 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 09:19 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 09:19 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 09:19 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 09:19 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 09:19 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 09:19 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 09:19 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 09:19 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 09:19 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 09:19 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 09:19 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 09:19 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 09:19 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 09:19 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 09:19 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 09:19 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 09:19 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 09:19 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 09:19 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 09:19 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 09:19 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 09:19 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 09:19 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 09:19 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 09:19 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 09:19 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 09:19 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 09:19 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 09:19 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 09:19 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 09:19 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 09:19 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 09:19 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 09:19 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 09:19 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 09:19 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 09:19 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 09:19 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-08 09:35 - 2015-04-08 09:35 - 00000000 ____D () C:\ProgramData\Samsung
2015-04-07 10:11 - 2015-04-07 10:11 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-07 10:11 - 2015-04-07 10:11 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-07 09:57 - 2015-04-07 09:57 - 00027648 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDKBB64.sys
2015-04-07 09:57 - 2015-04-07 09:57 - 00020992 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDKBFlt64.sys
2015-04-07 09:57 - 2015-04-07 09:57 - 00002000 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2015-04-07 09:57 - 2015-04-07 09:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2015-04-07 09:57 - 2015-04-07 09:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_GDKBB64_01007.Wdf
2015-04-07 09:57 - 2015-04-07 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2015-04-07 09:44 - 2015-04-07 09:44 - 00000000 ____D () C:\Users\**** ****\AppData\Roaming\PFU
2015-04-07 09:44 - 2015-04-07 09:44 - 00000000 ____D () C:\Users\**** ****\AppData\Local\PFU
2015-04-07 09:43 - 2015-04-07 09:43 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\**** ****\Downloads\mbam-setup-2.1.4.1018 (1).exe
2015-04-07 09:42 - 2013-06-14 17:16 - 01453056 _____ (PFU LIMITED) C:\WINDOWS\system32\SV600u-x64.dll
2015-04-07 09:42 - 2012-12-07 17:03 - 07983104 _____ (PFU LIMITED) C:\WINDOWS\system32\ippiSV600-x64.dll
2015-04-07 09:42 - 2012-12-07 16:44 - 00901120 _____ (PFU LIMITED) C:\WINDOWS\system32\ijlSV600-x64.dll
2015-04-07 09:42 - 2012-04-24 15:02 - 00031744 _____ (PFU) C:\WINDOWS\system32\fj25usb-x64.dll
2015-04-07 09:42 - 2012-02-06 16:15 - 01065472 _____ (PFU LIMITED) C:\WINDOWS\system32\s1300iu-x64.dll
2015-04-07 09:42 - 2010-08-03 18:55 - 00623104 _____ (PFU Limited) C:\WINDOWS\system32\s1100u-x64.dll
2015-04-07 09:42 - 2010-07-23 12:50 - 03073024 _____ (PFU Limited) C:\WINDOWS\system32\ijl5s1100-x64.dll
2015-04-07 09:42 - 2010-07-20 21:18 - 03073024 _____ (PFU Limited) C:\WINDOWS\system32\ijl5s1300i-x64.dll
2015-04-07 09:42 - 2010-07-12 16:55 - 02467328 _____ (PFU Limited) C:\WINDOWS\system32\ippi5s1100-x64.dll
2015-04-07 09:42 - 2010-02-04 02:44 - 02467328 _____ (PFU Limited) C:\WINDOWS\system32\ippi5s1300i-x64.dll
2015-04-07 09:42 - 2009-09-18 22:01 - 00367616 _____ (PFU Limited) C:\WINDOWS\system32\s1300u-x64.dll
2015-04-07 09:42 - 2009-04-23 20:29 - 02873856 _____ (PFU Limited) C:\WINDOWS\system32\ijl5s1300-x64.dll
2015-04-07 09:42 - 2009-04-23 20:29 - 00695296 _____ (PFU Limited) C:\WINDOWS\system32\ippi5s1300-x64.dll
2015-04-07 09:42 - 2008-04-03 08:08 - 00033280 _____ (PFU) C:\WINDOWS\system32\fj52usb-x64.dll
2015-04-07 09:42 - 2007-08-17 16:33 - 00033280 _____ (PFU) C:\WINDOWS\system32\fjmcusb-x64.dll
2015-04-07 09:42 - 2007-07-26 22:47 - 00351744 _____ (PFU Limited) C:\WINDOWS\system32\s300u-x64.dll
2015-04-07 09:42 - 2007-05-23 19:57 - 02873856 _____ (PFU Limited) C:\WINDOWS\system32\ijl5s300-x64.dll
2015-04-07 09:42 - 2007-05-23 19:57 - 00695296 _____ (PFU Limited) C:\WINDOWS\system32\ippi5s300-x64.dll
2015-04-07 09:42 - 2005-02-17 11:55 - 00069632 _____ (PFU LIMITED) C:\WINDOWS\system32\distortion.dll
2015-04-07 09:41 - 2015-04-07 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manager
2015-04-07 09:41 - 2015-04-07 09:42 - 00000000 ____D () C:\WINDOWS\SSDriver
2015-04-07 09:40 - 2015-04-07 09:40 - 00000000 ____D () C:\Program Files (x86)\PFU
2015-04-07 09:37 - 2015-04-07 09:43 - 00000000 ____D () C:\Users\**** ****\Downloads\ScanSnap
2015-04-07 09:26 - 2015-04-07 09:34 - 708176168 _____ () C:\Users\**** ****\Downloads\WinScanSnapV62L24WW.exe
2015-04-07 09:16 - 2015-04-07 09:16 - 00000004 _____ () C:\Users\**** ****\AppData\Roaming\appdataFr2.bin
2015-04-07 09:09 - 2015-04-27 15:39 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-07 09:09 - 2015-04-27 11:45 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-07 09:09 - 2015-04-27 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-07 09:09 - 2015-04-27 11:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-07 09:09 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-07 09:09 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-07 09:09 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-07 09:09 - 2015-04-07 09:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-07 09:06 - 2015-04-07 09:06 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\**** ****\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-07 09:05 - 2015-04-07 09:48 - 00000000 ____D () C:\Users\**** ****\AppData\Local\Google__
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-30 15:56 - 2013-06-14 15:42 - 00000000 ____D () C:\Outlook PST
2015-04-30 15:56 - 2013-06-14 14:11 - 00000000 ____D () C:\Users\**** ****\Documents\Outlook-Dateien
2015-04-30 15:55 - 2013-08-22 16:46 - 00417984 _____ () C:\WINDOWS\setupact.log
2015-04-30 15:35 - 2014-10-14 12:11 - 01590527 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-30 15:35 - 2013-06-17 14:04 - 00005172 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for OPFNB01W8-**** **** OPFNB01W8
2015-04-30 15:25 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-30 12:46 - 2013-06-14 13:34 - 00000000 ____D () C:\Users\**** ****\AppData\Local\Packages
2015-04-30 10:19 - 2013-06-14 13:41 - 00000000 ____D () C:\Users\**** ****\AppData\Local\PDFC
2015-04-30 10:00 - 2014-01-04 21:16 - 00003966 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4A09FC67-40E2-4857-888D-4AB1348536F3}
2015-04-30 09:44 - 2015-01-29 10:38 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-30 09:43 - 2012-11-23 07:15 - 00004524 _____ () C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2015-04-30 09:43 - 2012-08-16 03:46 - 00000787 _____ () C:\WINDOWS\SysWOW64\bscs.ini
2015-04-29 12:27 - 2013-06-14 13:41 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2590940804-3939260128-1084211970-1005
2015-04-29 10:12 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-04-29 09:58 - 2012-09-08 11:24 - 00000000 ____D () C:\ProgramData\PDFC
2015-04-29 09:57 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-29 09:44 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-29 09:41 - 2015-01-29 10:38 - 00003842 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1422520709
2015-04-29 09:41 - 2015-01-29 10:38 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-04-29 09:37 - 2012-11-23 07:15 - 00000043 _____ () C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2015-04-29 09:35 - 2014-09-23 23:06 - 00070048 _____ () C:\WINDOWS\PFRO.log
2015-04-28 18:33 - 2015-03-07 14:34 - 00000097 _____ () C:\WINDOWS\SysWOW64\REMOTEDEVICE.INI
2015-04-28 09:55 - 2013-08-05 11:36 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-27 12:15 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-21 08:33 - 2013-08-08 16:11 - 00000000 ____D () C:\Users\Public\Documents\VR-NetWorld
2015-04-17 11:36 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-17 11:25 - 2015-03-18 12:27 - 00799648 _____ () C:\Users\**** ****\Desktop\Bauprojekt Roonallee 14, 22926 Ahrensburg 03_2015.pptx
2015-04-17 10:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-16 17:00 - 2013-06-17 14:58 - 00001727 _____ () C:\Users\**** ****\Desktop\**** - Verknüpfung.lnk
2015-04-16 11:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-16 09:23 - 2013-06-10 20:38 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-16 08:59 - 2013-07-23 01:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-16 08:54 - 2013-06-10 19:21 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-16 08:54 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-15 12:30 - 2014-12-10 16:10 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 12:30 - 2014-09-24 09:41 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 10:05 - 2014-09-24 08:16 - 02010198 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-15 10:05 - 2014-09-24 07:43 - 00858184 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-15 10:05 - 2014-09-24 07:43 - 00196320 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-15 09:19 - 2014-11-13 16:33 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-14 01:24 - 2015-03-11 23:33 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2015-03-11 23:33 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 15:54 - 2013-07-02 10:17 - 00106272 _____ (G Data Software) C:\WINDOWS\system32\Drivers\GRD.sys
2015-04-13 15:54 - 2013-07-02 10:17 - 00018160 _____ (G Data Software) C:\WINDOWS\system32\Drivers\GdPhyMem.sys
2015-04-07 10:00 - 2013-06-17 12:12 - 00091648 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\PktIcpt.sys
2015-04-07 09:57 - 2013-06-17 12:11 - 00230400 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\MiniIcpt.sys
2015-04-07 09:57 - 2013-06-17 12:11 - 00150016 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDBehave.sys
2015-04-07 09:57 - 2013-06-17 12:11 - 00124928 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\HookCentre.sys
2015-04-07 09:57 - 2013-06-17 12:11 - 00068608 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\gdwfpcd64.sys
2015-04-07 09:57 - 2013-06-17 11:57 - 00000000 ____D () C:\ProgramData\G Data
2015-04-07 09:56 - 2012-09-08 11:35 - 00060226 _____ () C:\WINDOWS\DPINST.LOG
2015-04-07 09:56 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-04-07 09:41 - 2012-09-08 11:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-01 13:15 - 2013-12-19 11:10 - 00000197 _____ () C:\Users\**** ****\AppData\Roaming\WB.CFG
==================== Files in the root of some directories =======
2015-04-07 09:16 - 2015-04-07 09:16 - 0000004 _____ () C:\Users\**** ****\AppData\Roaming\appdataFr2.bin
2013-12-19 11:10 - 2015-04-01 13:15 - 0000197 _____ () C:\Users\**** ****\AppData\Roaming\WB.CFG
Some content of TEMP:
====================
C:\Users\**** ****\AppData\Local\Temp\Quarantine.exe
C:\Users\**** ****\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-29 12:27
==================== End Of Log ============================ --- --- --- |