| Armin1000 | 26.05.2014 18:13 |
Hallo schrauber, die die Ergebnisse: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Natasa und Armin at 2014-05-26 19:08:54
Running from C:\Users\Natasa und Armin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.2 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.2.1119 - Atheros)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BatteryLifeExtender (HKLM-x32\...\{74A579FB-EB06-497D-B194-01590D6FE51A}) (Version: 1.0.5 - Samsung)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.2806 - CyberLink Corp.) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.0.3108a - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 7.0.3213 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.2815b - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.1.1812 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3625 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 2.0.3625 - CyberLink Corp.) Hidden
Driver Genius Professional Edition (HKLM-x32\...\Driver Genius Professional Edition_is1) (Version: 11.0 - Driver-Soft Inc.)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{34B76DCB-BF7C-440F-B058-C84172C1E338}) (Version: 4.2.8 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
ElsterFormular 2008/2009 (HKLM-x32\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.2.1.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular-Upgrade (HKLM-x32\...\ElsterFormular 11.5.1.4843) (Version: 15.0.13587 - Landesfinanzdirektion Thüringen)
FileOpen Client (x64) (HKLM\...\{ABC082A6-A587-493C-83C1-5F2C60A8BAA8}) (Version: 3.0.47.900 - FileOpen Systems, Inc.)
Flip Words (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}) (Version: - Oberon Media)
Free 3GP Video Converter version 5.0.6.221 (HKLM-x32\...\Free 3GP Video Converter_is1) (Version: 5.0.6.221 - DVDVideoSoft Ltd.)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Game Pack (HKLM-x32\...\{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1) (Version: 6.3.1.1 - Oberon Media, Inc.)
Gem Shop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}) (Version: - Oberon Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Insaniquarium Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}) (Version: - Oberon Media)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005F0}) (Version: 7.0.50 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Mahjong Escape Ancient China (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Productivity 3.1 Toolbar (HKLM-x32\...\Productivity_3.1 Toolbar) (Version: 6.8.2.0 - Productivity 3.1)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.0.2 - Samsung)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.8.8855 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}) (Version: - Oberon Media)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Restore Points =========================
17-05-2014 04:36:27 Windows Update
18-05-2014 05:33:58 Windows Update
19-05-2014 04:23:59 Windows Update
20-05-2014 05:38:23 Windows Update
21-05-2014 04:16:56 Windows Update
22-05-2014 04:34:36 Windows Update
22-05-2014 19:17:44 Removed iTunes
23-05-2014 16:49:14 Windows Update
25-05-2014 09:12:57 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0669378D-94AC-4A47-9B8A-6E47507F3F66} - System32\Tasks\{64319BAB-851D-4AAB-ACC4-E812E3DE8323} => C:\Users\Natasa und Armin\Desktop\adwcleaner_3.210.exe [2014-05-20] ()
Task: {09629CDC-2707-4A14-97D1-D32D5C3564D8} - System32\Tasks\{A64B4597-A3A8-4370-99C4-340D84A5F9D1} => C:\Users\Natasa und Armin\Desktop\adwcleaner_3.210.exe [2014-05-20] ()
Task: {0AB4BD1F-558A-49BA-8452-080C73BA67A2} - System32\Tasks\{6AECF2BA-377E-440A-902E-81708899513C} => C:\Users\Natasa und Armin\Desktop\adwcleaner_3.210.exe [2014-05-20] ()
Task: {0D361E5F-4B07-41F2-B54C-4B77A8BA245B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)
Task: {0D67FB2C-AC4F-4260-9085-C0CCEE9C6DF6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-23] (Microsoft Corporation)
Task: {0E770F45-7A8B-4EF9-835C-D58A42D868A8} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {15C1B4F0-73D1-40C4-A315-5F7532A74279} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01] (Google Inc.)
Task: {1685421F-BE19-48AD-BAEC-14E90FAF39F8} - System32\Tasks\{BCE4E927-7BEA-4B7C-AA7F-971D0225DD3D} => C:\Program Files\Windows Repair\Tweaking.com - Windows Repair\Repair_Windows.exe [2014-04-16] (Tweaking.com)
Task: {274734B8-FE57-40B2-BEEC-5259D7536269} - System32\Tasks\{4B1046B0-DE81-435D-8551-053CB4E64791} => C:\Program Files\Windows Repair\Tweaking.com - Windows Repair\Repair_Windows.exe [2014-04-16] (Tweaking.com)
Task: {27AFDB44-EEC8-42F2-B4A8-326D51F47EB1} - System32\Tasks\{12E715F7-E5F2-4653-A9B4-224E9E1B26E5} => C:\Users\Natasa und Armin\Desktop\adwcleaner_3.210.exe [2014-05-20] ()
Task: {2AEF1649-DC66-45B5-80A5-F3EAE3B4FEED} - System32\Tasks\{F8C4B024-311F-485F-BD32-451FCAB94929} => C:\Program Files\Windows Repair\Tweaking.com - Windows Repair\Repair_Windows.exe [2014-04-16] (Tweaking.com)
Task: {2B4A87DF-A524-4911-8762-45811ABCAF7D} - System32\Tasks\{7FD7DAF0-373E-432D-ACEB-82141534FBD5} => C:\Users\Natasa und Armin\Desktop\adwcleaner_3.210.exe [2014-05-20] ()
Task: {32E9F075-250A-4FCC-8222-57C0293AA532} - System32\Tasks\{712CC67B-5E03-4302-BE12-3BD9212E30F1} => C:\Users\Natasa und Armin\Desktop\adwcleaner_3.210.exe [2014-05-20] ()
Task: {33A1E29B-1A57-4EED-9079-B77A951935A5} - System32\Tasks\{CB31438F-68BD-4CC1-9691-9C158531AF7A} => C:\Users\Natasa und Armin\Desktop\adwcleaner_3.210.exe [2014-05-20] ()
Task: {3F5032B5-1ACA-40ED-8E8C-85E2E91F503E} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2009-12-17] (Samsung Electronics Co., Ltd.)
Task: {44A8A210-B5C1-4B10-8821-0EFFB7ED3FB2} - System32\Tasks\{1FC6F5E2-CB02-4493-B40B-5F392180348C} => C:\Users\Natasa und Armin\Desktop\adwcleaner_3.210.exe [2014-05-20] ()
Task: {452259E0-3563-4448-B8E5-93821FECFE10} - System32\Tasks\DTChk => C:\Users\Public\Util\DTChk.exe [2014-04-23] (Search Results, LLC)
Task: {57C6817E-665B-4E89-8E01-F6EE7247FB02} - System32\Tasks\{0255DF94-D006-44B1-AD3F-0E0EB16A94EE} => C:\Program Files\Windows Repair\Tweaking.com - Windows Repair\Repair_Windows.exe [2014-04-16] (Tweaking.com)
Task: {71BF75CB-A622-4225-B685-B4CDDFB9CB4A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-23] (Microsoft Corporation)
Task: {74FC7394-AF00-4927-A35D-0AB7558ED453} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {8C486767-AED4-465E-A7E4-4C5C97BD3CD1} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {8D0BFD9A-4430-4BDC-876A-FD8E19B1BE9C} - System32\Tasks\{088C32C4-4A56-4180-B3FF-DAAADB90666C} => C:\Users\Natasa und Armin\Desktop\adwcleaner_3.210.exe [2014-05-20] ()
Task: {932A1D65-DE29-473F-8498-4431D1EAA72D} - System32\Tasks\{DE1EA9E1-65A2-459A-A99F-8F893C15DC4F} => C:\Users\Natasa und Armin\Desktop\adwcleaner_3.210.exe [2014-05-20] ()
Task: {9C4C3911-9E15-438F-9EC7-93D502D9BDCB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01] (Google Inc.)
Task: {A16FE5B0-0B6A-4D96-9CFE-F132C800A855} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B555A4F3-8D04-4DFE-89BF-9EB7DC71C782} - System32\Tasks\{A76075EB-21C0-4A94-88DE-92EBA756C5F4} => C:\Program Files\Windows Repair\Tweaking.com - Windows Repair\Repair_Windows.exe [2014-04-16] (Tweaking.com)
Task: {C4F7CA60-F41B-4DFA-87D2-BB4E955248C6} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {D1633233-AD77-479B-BD77-7E40B0A12CF2} - \DTReg No Task File <==== ATTENTION
Task: {D5F3117C-6EA6-45D1-B3CA-6FB138FA81EC} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {DD742FD1-D09A-4E3F-95D9-28D4B15112E0} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)
Task: {EEA2A079-7FCE-4ABB-BDD3-F8D69CC2F2C0} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-06-01] (Samsung Electronics. Co. Ltd.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-06-06 16:20 - 2010-06-06 16:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMon64.dll
2012-01-29 13:55 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-06-14 12:58 - 2009-07-07 20:23 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-04-23 12:35 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-26 21:32 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-04-02 20:23 - 2013-04-01 10:25 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-06-14 13:02 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-09 19:20 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-09 19:20 - 2014-04-02 03:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-09 19:20 - 2014-04-02 03:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-09 19:20 - 2014-04-02 03:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-09 19:20 - 2014-04-02 03:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-09 19:20 - 2014-04-02 03:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:2430E4FC
AlternateDataStreams: C:\ProgramData\Temp:268F887D
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: TSSTcorp CDDVDW TS-L633J
Description: CD-ROM-Laufwerk
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-CD-ROM-Laufwerke)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/26/2014 06:56:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.2.292, Zeitstempel: 0x52a6d152
Name des fehlerhaften Moduls: mfc100u.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2e0e6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001ebd89
ID des fehlerhaften Prozesses: 0xd84
Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0
Pfad der fehlerhaften Anwendung: ipmGui.exe1
Pfad des fehlerhaften Moduls: ipmGui.exe2
Berichtskennung: ipmGui.exe3
Error: (05/26/2014 06:56:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 88084654
Error: (05/26/2014 06:56:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 88084654
Error: (05/26/2014 06:56:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/25/2014 06:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4165
Error: (05/25/2014 06:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4165
Error: (05/25/2014 06:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/25/2014 06:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3120
Error: (05/25/2014 06:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3120
Error: (05/25/2014 06:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (05/25/2014 11:17:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Filter Pack 2.0 (KB2878281) 32-Bit-Edition
Error: (05/25/2014 11:17:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office 2010 (KB2880971) 32-Bit-Edition
Error: (05/25/2014 11:17:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4.5 und 4.5.1 unter Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB2931368)
Error: (05/23/2014 06:51:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Filter Pack 2.0 (KB2878281) 32-Bit-Edition
Error: (05/23/2014 06:50:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office 2010 (KB2880971) 32-Bit-Edition
Error: (05/23/2014 06:50:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4.5 und 4.5.1 unter Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB2931368)
Error: (05/22/2014 09:14:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (05/22/2014 08:35:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}
Error: (05/22/2014 08:32:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (05/22/2014 08:31:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (05/26/2014 06:56:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmGui.exe14.0.2.29252a6d152mfc100u.dll10.0.40219.3254df2e0e6c0000005001ebd89d8401cf790378ceb858C:\program files (x86)\avira\antivir desktop\ipmGui.exeC:\Windows\system32\mfc100u.dllb9a0937c-e4f6-11e3-af69-002454e7e3c7
Error: (05/26/2014 06:56:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 88084654
Error: (05/26/2014 06:56:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 88084654
Error: (05/26/2014 06:56:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/25/2014 06:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4165
Error: (05/25/2014 06:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4165
Error: (05/25/2014 06:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/25/2014 06:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3120
Error: (05/25/2014 06:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3120
Error: (05/25/2014 06:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Percentage of memory in use: 59%
Total physical RAM: 3032.61 MB
Available physical RAM: 1241.8 MB
Total Pagefile: 6063.4 MB
Available Pagefile: 3732.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:106.39 GB) (Free:18.71 GB) NTFS
Drive d: () (Fixed) (Total:106.39 GB) (Free:106.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: EA9CBF94)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=106 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=106 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Natasa und Armin (administrator on 26-05-2014) 19:07:39
Running from C:\Users\Natasa und Armin\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(FileOpen Systems Inc.) C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-868785299-726797094-2297327714-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-868785299-726797094-2297327714-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-06-14] (Google Inc.)
HKU\S-1-5-21-868785299-726797094-2297327714-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-868785299-726797094-2297327714-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-868785299-726797094-2297327714-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-868785299-726797094-2297327714-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-06-14] (Google Inc.)
HKU\S-1-5-21-868785299-726797094-2297327714-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-868785299-726797094-2297327714-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
URLSearchHook: HKLM-x32 - (No Name) - {9427041a-a8dc-4d06-9a68-93873486e957} - No File
URLSearchHook: HKCU - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\9.1\pdfforgeToolbarIE64.dll No File
URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
URLSearchHook: HKCU - (No Name) - {9427041a-a8dc-4d06-9a68-93873486e957} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 - {777A245C-D638-4D06-98C2-D124300EBEFC} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0EF84A43-2013-493D-BBBF-9276B06E1C8C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {0EF84A43-2013-493D-BBBF-9276B06E1C8C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {777A245C-D638-4D06-98C2-D124300EBEFC} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE425
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKCU - {BFE4BC16-D4E3-4556-890A-E03DD7EB0E7C} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {C3777C87-018C-470A-BAA4-84AD3FCAA7E7} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll (APN LLC.)
BHO-x32: No Name - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO-x32: No Name - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-x32: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO-x32: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO-x32: No Name - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO-x32: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No File
BHO-x32: No Name - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - No File
BHO-x32: No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - No Name - !{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - No File
Toolbar: HKLM - No Name - !{B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM-x32 - No Name - {9427041a-a8dc-4d06-9a68-93873486e957} - No File
Toolbar: HKLM-x32 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM-x32 - No Name - !{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - No File
Toolbar: HKLM-x32 - No Name - !{B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
Toolbar: HKLM-x32 - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll (APN LLC.)
Toolbar: HKCU - No Name - {9427041A-A8DC-4D06-9A68-93873486E957} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - No File
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - No File
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - No File
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - No File
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - No File
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - No File
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - No File
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - No File
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - No File
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF HKCU\...\Firefox\Extensions: [SpecialSavings@SpecialSavings.com] - C:\Users\Natasa und Armin\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com
FF Extension: SpecialSavings - C:\Users\Natasa und Armin\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com [2013-03-05]
Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Extension: (Allin1Convert) - C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl [2014-04-23]
CHR Extension: (Google Wallet) - C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [bfcpnihmbfoaeoakalclfalkdepgiaje] - C:\Users\Natasa und Armin\AppData\Roaming\SpecialSavings\SpecialSavings.crx [2013-08-28]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-04-11] (APN LLC.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 FileOpenManagerSvc; C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe [331648 2011-03-09] (FileOpen Systems Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-11-03] (Windows (R) 2003 DDK 3790 provider)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S1 hfucpqnp; \??\C:\Windows\system32\drivers\hfucpqnp.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-25 11:23 - 2014-05-25 11:46 - 00000000 ____D () C:\AdwCleaner
2014-05-22 21:44 - 2014-05-22 21:44 - 00002998 _____ () C:\Windows\System32\Tasks\{7FD7DAF0-373E-432D-ACEB-82141534FBD5}
2014-05-22 21:42 - 2014-05-22 21:42 - 00002998 _____ () C:\Windows\System32\Tasks\{6AECF2BA-377E-440A-902E-81708899513C}
2014-05-22 21:40 - 2014-05-22 21:40 - 00002998 _____ () C:\Windows\System32\Tasks\{64319BAB-851D-4AAB-ACC4-E812E3DE8323}
2014-05-22 21:33 - 2014-05-22 21:33 - 00002998 _____ () C:\Windows\System32\Tasks\{088C32C4-4A56-4180-B3FF-DAAADB90666C}
2014-05-22 21:32 - 2014-05-22 21:32 - 00002998 _____ () C:\Windows\System32\Tasks\{12E715F7-E5F2-4653-A9B4-224E9E1B26E5}
2014-05-22 21:30 - 2014-05-22 21:30 - 00002998 _____ () C:\Windows\System32\Tasks\{DE1EA9E1-65A2-459A-A99F-8F893C15DC4F}
2014-05-22 21:30 - 2014-05-22 21:30 - 00002998 _____ () C:\Windows\System32\Tasks\{1FC6F5E2-CB02-4493-B40B-5F392180348C}
2014-05-22 21:05 - 2014-05-22 21:05 - 00002998 _____ () C:\Windows\System32\Tasks\{A64B4597-A3A8-4370-99C4-340D84A5F9D1}
2014-05-22 21:02 - 2014-05-22 21:02 - 00002998 _____ () C:\Windows\System32\Tasks\{712CC67B-5E03-4302-BE12-3BD9212E30F1}
2014-05-22 20:57 - 2014-05-22 20:57 - 00002998 _____ () C:\Windows\System32\Tasks\{CB31438F-68BD-4CC1-9691-9C158531AF7A}
2014-05-22 20:29 - 2014-05-22 20:29 - 00000000 _____ () C:\Windows\SysWOW64\sho85F.tmp
2014-05-20 21:18 - 2014-05-20 21:17 - 01326389 _____ () C:\Users\Natasa und Armin\Desktop\adwcleaner_3.210.exe
2014-05-20 21:17 - 2014-05-20 21:16 - 00448512 _____ (OldTimer Tools) C:\Users\Natasa und Armin\Desktop\TFC.exe
2014-05-17 06:42 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 06:42 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 06:42 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 06:42 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 06:42 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 06:42 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-16 22:02 - 2014-05-16 22:02 - 00003050 _____ () C:\Windows\System32\Tasks\{4B1046B0-DE81-435D-8551-053CB4E64791}
2014-05-16 21:58 - 2014-05-16 21:58 - 00003050 _____ () C:\Windows\System32\Tasks\{F8C4B024-311F-485F-BD32-451FCAB94929}
2014-05-16 21:58 - 2014-05-16 21:58 - 00003050 _____ () C:\Windows\System32\Tasks\{BCE4E927-7BEA-4B7C-AA7F-971D0225DD3D}
2014-05-16 21:58 - 2014-05-16 21:58 - 00003050 _____ () C:\Windows\System32\Tasks\{A76075EB-21C0-4A94-88DE-92EBA756C5F4}
2014-05-16 21:58 - 2014-05-16 21:58 - 00003050 _____ () C:\Windows\System32\Tasks\{0255DF94-D006-44B1-AD3F-0E0EB16A94EE}
2014-05-16 09:44 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-16 09:44 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-16 09:43 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-16 09:43 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-16 09:43 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-16 09:43 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-16 09:43 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-16 09:43 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-16 09:43 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-16 09:43 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-16 09:43 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-16 09:43 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-16 09:43 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-16 09:43 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-16 09:43 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-16 09:43 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-16 09:43 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-16 09:43 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-16 09:43 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-16 09:43 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-16 09:43 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-16 09:43 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-16 09:43 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-16 09:43 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-16 09:43 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-16 09:43 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-16 09:43 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-16 09:43 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-16 09:43 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-16 09:43 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-16 09:43 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-16 09:43 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-16 09:43 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-16 09:43 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-16 09:43 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-16 09:43 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-16 09:43 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-16 09:43 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-16 09:43 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-16 09:43 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-16 09:43 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-16 09:43 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-16 09:43 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-16 09:43 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-16 09:43 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 20:45 - 2014-05-14 20:47 - 00000000 ____D () C:\Program Files\Windows Repair
2014-05-14 20:45 - 2014-05-14 20:45 - 00000000 ____D () C:\Program Files\Neuer Ordner
2014-05-11 23:38 - 2014-05-11 23:38 - 00855379 _____ () C:\Users\Natasa und Armin\Desktop\SecurityCheck.exe
2014-05-10 21:59 - 2014-05-10 21:59 - 00006844 _____ () C:\Users\Natasa und Armin\Desktop\JRT.txt
2014-05-10 21:46 - 2014-05-10 21:46 - 00000000 ____D () C:\Windows\ERUNT
2014-05-10 21:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-10 20:26 - 2014-05-25 11:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-10 20:26 - 2014-05-23 23:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-10 20:26 - 2014-05-10 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-10 20:26 - 2014-05-10 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-10 20:26 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-10 20:26 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-10 20:26 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 10:28 - 2014-05-10 10:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Natasa und Armin\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-09 21:53 - 2014-05-26 19:07 - 00000000 ____D () C:\Users\Natasa und Armin\Desktop\FRST-OlderVersion
2014-05-09 20:41 - 2014-05-09 21:48 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-09 20:36 - 2014-05-08 17:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Natasa und Armin\Desktop\revosetup95.exe
2014-05-07 19:46 - 2014-05-23 23:35 - 00034644 _____ () C:\Users\Natasa und Armin\Desktop\Addition.txt
2014-05-07 19:44 - 2014-05-26 19:08 - 00019666 _____ () C:\Users\Natasa und Armin\Desktop\FRST.txt
2014-05-07 19:44 - 2014-05-26 19:07 - 00000000 ____D () C:\FRST
2014-05-07 19:42 - 2014-05-26 19:07 - 02066944 _____ (Farbar) C:\Users\Natasa und Armin\Desktop\FRST64.exe
2014-05-01 16:50 - 2014-05-17 07:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
==================== One Month Modified Files and Folders =======
2014-05-26 19:08 - 2014-05-07 19:44 - 00019666 _____ () C:\Users\Natasa und Armin\Desktop\FRST.txt
2014-05-26 19:07 - 2014-05-09 21:53 - 00000000 ____D () C:\Users\Natasa und Armin\Desktop\FRST-OlderVersion
2014-05-26 19:07 - 2014-05-07 19:44 - 00000000 ____D () C:\FRST
2014-05-26 19:07 - 2014-05-07 19:42 - 02066944 _____ (Farbar) C:\Users\Natasa und Armin\Desktop\FRST64.exe
2014-05-26 19:07 - 2010-06-14 12:51 - 01387655 _____ () C:\Windows\WindowsUpdate.log
2014-05-26 19:04 - 2012-04-08 11:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-26 18:57 - 2011-04-01 21:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-26 18:56 - 2011-04-01 21:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-25 11:46 - 2014-05-25 11:23 - 00000000 ____D () C:\AdwCleaner
2014-05-25 11:22 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-25 11:22 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-25 11:13 - 2014-05-10 20:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-23 23:35 - 2014-05-07 19:46 - 00034644 _____ () C:\Users\Natasa und Armin\Desktop\Addition.txt
2014-05-23 23:10 - 2014-05-10 20:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-23 22:51 - 2013-09-26 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-05-23 22:51 - 2013-09-26 21:32 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-22 21:44 - 2014-05-22 21:44 - 00002998 _____ () C:\Windows\System32\Tasks\{7FD7DAF0-373E-432D-ACEB-82141534FBD5}
2014-05-22 21:42 - 2014-05-22 21:42 - 00002998 _____ () C:\Windows\System32\Tasks\{6AECF2BA-377E-440A-902E-81708899513C}
2014-05-22 21:40 - 2014-05-22 21:40 - 00002998 _____ () C:\Windows\System32\Tasks\{64319BAB-851D-4AAB-ACC4-E812E3DE8323}
2014-05-22 21:33 - 2014-05-22 21:33 - 00002998 _____ () C:\Windows\System32\Tasks\{088C32C4-4A56-4180-B3FF-DAAADB90666C}
2014-05-22 21:32 - 2014-05-22 21:32 - 00002998 _____ () C:\Windows\System32\Tasks\{12E715F7-E5F2-4653-A9B4-224E9E1B26E5}
2014-05-22 21:30 - 2014-05-22 21:30 - 00002998 _____ () C:\Windows\System32\Tasks\{DE1EA9E1-65A2-459A-A99F-8F893C15DC4F}
2014-05-22 21:30 - 2014-05-22 21:30 - 00002998 _____ () C:\Windows\System32\Tasks\{1FC6F5E2-CB02-4493-B40B-5F392180348C}
2014-05-22 21:13 - 2011-04-01 18:26 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-05-22 21:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 21:13 - 2009-07-14 06:51 - 00094902 _____ () C:\Windows\setupact.log
2014-05-22 21:05 - 2014-05-22 21:05 - 00002998 _____ () C:\Windows\System32\Tasks\{A64B4597-A3A8-4370-99C4-340D84A5F9D1}
2014-05-22 21:02 - 2014-05-22 21:02 - 00002998 _____ () C:\Windows\System32\Tasks\{712CC67B-5E03-4302-BE12-3BD9212E30F1}
2014-05-22 20:57 - 2014-05-22 20:57 - 00002998 _____ () C:\Windows\System32\Tasks\{CB31438F-68BD-4CC1-9691-9C158531AF7A}
2014-05-22 20:30 - 2010-06-14 13:34 - 01154366 _____ () C:\Windows\PFRO.log
2014-05-22 20:29 - 2014-05-22 20:29 - 00000000 _____ () C:\Windows\SysWOW64\sho85F.tmp
2014-05-21 20:31 - 2010-06-15 05:23 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-05-21 20:31 - 2010-06-15 05:23 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-05-21 20:31 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-21 06:51 - 2011-04-01 18:32 - 00000000 ____D () C:\ProgramData\OberonGameConsole
2014-05-20 21:17 - 2014-05-20 21:18 - 01326389 _____ () C:\Users\Natasa und Armin\Desktop\adwcleaner_3.210.exe
2014-05-20 21:16 - 2014-05-20 21:17 - 00448512 _____ (OldTimer Tools) C:\Users\Natasa und Armin\Desktop\TFC.exe
2014-05-17 08:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-17 07:05 - 2013-08-14 20:43 - 00000306 __RSH () C:\Users\Natasa und Armin\ntuser.pol
2014-05-17 07:05 - 2011-04-01 18:38 - 00000000 ___RD () C:\Users\Natasa und Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 07:05 - 2011-04-01 18:38 - 00000000 ___RD () C:\Users\Natasa und Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 07:05 - 2011-04-01 18:26 - 00000000 ____D () C:\Users\Natasa und Armin
2014-05-17 07:00 - 2014-05-01 16:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-17 06:41 - 2013-08-19 08:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 06:39 - 2011-04-06 21:40 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-16 22:02 - 2014-05-16 22:02 - 00003050 _____ () C:\Windows\System32\Tasks\{4B1046B0-DE81-435D-8551-053CB4E64791}
2014-05-16 21:58 - 2014-05-16 21:58 - 00003050 _____ () C:\Windows\System32\Tasks\{F8C4B024-311F-485F-BD32-451FCAB94929}
2014-05-16 21:58 - 2014-05-16 21:58 - 00003050 _____ () C:\Windows\System32\Tasks\{BCE4E927-7BEA-4B7C-AA7F-971D0225DD3D}
2014-05-16 21:58 - 2014-05-16 21:58 - 00003050 _____ () C:\Windows\System32\Tasks\{A76075EB-21C0-4A94-88DE-92EBA756C5F4}
2014-05-16 21:58 - 2014-05-16 21:58 - 00003050 _____ () C:\Windows\System32\Tasks\{0255DF94-D006-44B1-AD3F-0E0EB16A94EE}
2014-05-14 20:47 - 2014-05-14 20:45 - 00000000 ____D () C:\Program Files\Windows Repair
2014-05-14 20:45 - 2014-05-14 20:45 - 00000000 ____D () C:\Program Files\Neuer Ordner
2014-05-14 20:43 - 2012-04-08 11:16 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 20:43 - 2012-02-22 21:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-11 23:38 - 2014-05-11 23:38 - 00855379 _____ () C:\Users\Natasa und Armin\Desktop\SecurityCheck.exe
2014-05-10 21:59 - 2014-05-10 21:59 - 00006844 _____ () C:\Users\Natasa und Armin\Desktop\JRT.txt
2014-05-10 21:46 - 2014-05-10 21:46 - 00000000 ____D () C:\Windows\ERUNT
2014-05-10 21:07 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Performance
2014-05-10 20:26 - 2014-05-10 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-10 20:26 - 2014-05-10 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-10 10:28 - 2014-05-10 10:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Natasa und Armin\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-09 21:48 - 2014-05-09 20:41 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-09 21:24 - 2011-09-27 20:23 - 00001692 _____ () C:\prefs.js
2014-05-09 08:14 - 2014-05-16 09:44 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-16 09:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 17:51 - 2014-05-09 20:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Natasa und Armin\Desktop\revosetup95.exe
2014-05-06 06:40 - 2014-05-17 06:42 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-17 06:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-17 06:42 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-17 06:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-17 06:42 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-17 06:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-03 21:52 - 2011-12-14 22:05 - 00000000 ____D () C:\Users\Natasa und Armin\Tracing
2014-05-03 08:18 - 2009-07-14 06:45 - 00445752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-01 20:30 - 2010-06-14 13:03 - 00000000 ____D () C:\ProgramData\WinClon
2014-05-01 20:30 - 2010-06-14 12:47 - 00000000 ____D () C:\Windows\SysWOW64\x64
2014-05-01 20:30 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-01 20:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2014-05-01 20:29 - 2010-06-15 05:08 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-01 20:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-05-01 20:28 - 2011-04-01 22:26 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Roaming\SoftGrid Client
2014-05-01 20:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-29 20:59 - 2012-04-08 11:16 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-26 23:20 - 2014-03-30 20:32 - 00000000 ____D () C:\Users\Natasa und Armin\Documents\Kabel Deutschland
Files to move or delete:
====================
C:\Users\Natasa und Armin\chromeinstall-7u5.exe
Some content of TEMP:
====================
C:\Users\Natasa und Armin\AppData\Local\Temp\avgnt.exe
C:\Users\Natasa und Armin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Natasa und Armin\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-19 06:45
==================== End Of Log ============================
--- --- --- |
