UlliLang | 04.02.2015 15:55 | Positive Finds - Windows 8.1 Moin.
Ich habe mir (scheinbar durch die Installation von einem mp3 ripper) positive finds eingefangen und werde es nicht mehr los!
Was ich bisher getan habe:
1. positve finds in der Windows Systemsteuerung als Programm deinstalliert
2. Malwarenbytes Anti-Malware suchen, finden und löschen lassen.
3. HitmanPro suchen lassen
4. Chrome und Firefox zurückgesetzt
Leider kein Erfolg - es tauchen immer wieder Werbeeinblendungen von positive finds und neue Tabs auf.
Hier die Scan logs von FRST und Malwarebytes:
Vielen Dank
Ulli Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Ulli (administrator) on MEDION_AKOYA on 04-02-2015 15:26:10
Running from C:\Users\Ulli\Desktop
Loaded Profiles: Ulli & (Available profiles: Ulli)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Pervasive Software Inc.) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dropbox, Inc.) C:\Users\Ulli\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\onlinebrief24.de\ebdhelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\CouchfunkGmbH.WM2014LiveApp_1.0.2.0_x64__3vz57y5v96hga\WM2014.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [onlinebrief24-ebdhelper] => C:\Program Files (x86)\onlinebrief24.de\ebdhelper.exe [692224 2014-06-04] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe [969632 2012-08-10] (Ashampoo)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Run: [rfxsrvtray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Run: [Google+ Auto Backup] => "C:\Users\Ulli\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Run: [GoogleChromeAutoLaunch_F6A3317DD97F8A33E96BB46D3400FE8F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-27] (Google Inc.)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\MountPoints2: {0b5c7df5-802c-11e4-82b7-d43d7eb05526} - "H:\startme.exe"
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\MountPoints2: {79540f5c-8591-11e4-82b7-d43d7eb05526} - "I:\Startme.exe"
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\MountPoints2: {90aa118e-87e7-11e3-8275-801f02ddb352} - "H:\setup64.exe"
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [rfxsrvtray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google+ Auto Backup] => "C:\Users\Ulli\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_F6A3317DD97F8A33E96BB46D3400FE8F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-27] (Google Inc.)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0b5c7df5-802c-11e4-82b7-d43d7eb05526} - "H:\startme.exe"
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {79540f5c-8591-11e4-82b7-d43d7eb05526} - "I:\Startme.exe"
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {90aa118e-87e7-11e3-8275-801f02ddb352} - "H:\setup64.exe"
HKU\S-1-5-18\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe [969632 2012-08-10] (Ashampoo)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Radio.fx.LNK
ShortcutTarget: Radio.fx.LNK -> C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client.exe (Tobit.Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
ShortcutTarget: Start Pervasive PSQL Workgroup Engine.lnk -> C:\Windows\Installer\{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe ()
Startup: C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files (x86)\ANDI 2014\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Ulli\AppData\Roaming\Mozilla\Firefox\Profiles\qlcv7kpz.default-1422973342051
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3911576866-2457419995-2319590870-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-26]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3331400&octid=EB_ORIGINAL_CTID&ISID=MD18EECA1-4517-42A2-AE45-14F39DFA3445&SearchSource=55&CUI=&UM=6&UP=SPA6D04EAA-1147-47E8-BCE3-13A979B2B086&SSPV=
CHR StartupUrls: Default -> "https://mail.google.com/mail/u/0/#inbox", "chrome://newtab/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-06]
CHR Extension: (Google Docs) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-25]
CHR Extension: (Google Drive) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-25]
CHR Extension: (Adblock Plus) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-23]
CHR Extension: (Google-Suche) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-25]
CHR Extension: (Ultimate Google Docs Viewer) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\edgbhipncfdgcekflcoelhmnkcfdfjcl [2014-01-25]
CHR Extension: (Google Kalender) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-01-25]
CHR Extension: (Google Tabellen) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-06]
CHR Extension: (Avira Browserschutz) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-03-07]
CHR Extension: (AdBlock) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-25]
CHR Extension: (IE Tab) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-06-13]
CHR Extension: (Blogger) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2014-01-25]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Mail-Checker) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-01-25]
CHR Extension: (Google Wallet) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-25]
CHR Extension: (Google Quick Scroll) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2014-01-25]
CHR Extension: (Picasa) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-01-25]
CHR Extension: (Google Mail) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-25]
CHR HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] ()
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4683144 2014-06-02] (SafeNet Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-03] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-06-02] (SafeNet Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )
S3 USBTINSP; C:\Windows\System32\drivers\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 X86BDA; C:\Windows\system32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( )
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 15:26 - 2015-02-04 15:26 - 00029272 _____ () C:\Users\Ulli\Desktop\FRST.txt
2015-02-04 15:26 - 2015-02-04 15:23 - 02131456 _____ (Farbar) C:\Users\Ulli\Desktop\FRST64.exe
2015-02-04 15:23 - 2015-02-04 15:26 - 00000000 ____D () C:\FRST
2015-02-03 15:50 - 2015-02-03 15:50 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-02-03 15:38 - 2015-02-03 15:38 - 00001925 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-02-03 15:38 - 2015-02-03 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-02-03 15:38 - 2015-02-03 15:38 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-03 15:37 - 2015-02-03 15:50 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-03 15:22 - 2015-02-03 15:22 - 00000000 ____D () C:\Users\Ulli\Desktop\Alte Firefox-Daten
2015-02-03 14:55 - 2015-02-03 17:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-03 14:55 - 2015-02-03 14:55 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-03 14:55 - 2015-02-03 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-03 14:55 - 2015-02-03 14:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-03 14:55 - 2015-02-03 14:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-03 14:55 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-03 14:55 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-03 14:55 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-03 14:47 - 2015-02-03 14:47 - 00000000 ____D () C:\Users\Ulli\AppData\Roaming\Tobit
2015-02-02 17:09 - 2015-02-02 17:09 - 00000987 _____ () C:\Users\Public\Desktop\CDex.lnk
2015-02-02 17:09 - 2015-02-02 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDex
2015-02-02 17:08 - 2015-02-03 08:48 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-01-31 11:13 - 2015-02-02 17:04 - 00000040 _____ () C:\Users\Ulli\AppData\Roaming\cdr.ini
2015-01-31 11:13 - 2015-01-31 11:13 - 00001018 _____ () C:\Users\Ulli\Desktop\Free CD to MP3 Converter.lnk
2015-01-31 11:13 - 2015-01-31 11:13 - 00000000 ____D () C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2015-01-31 11:13 - 2015-01-31 11:13 - 00000000 ____D () C:\Users\Ulli\AppData\Roaming\Eusing
2015-01-31 11:13 - 2015-01-31 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2015-01-31 11:13 - 2015-01-31 11:13 - 00000000 ____D () C:\Program Files (x86)\CD to MP3 Freeware
2015-01-31 11:13 - 2001-03-23 16:29 - 00880912 _____ (Microsoft Corporation) C:\Windows\WM8EUTIL.exe
2015-01-31 11:12 - 2015-01-31 11:12 - 01906385 _____ () C:\Users\Ulli\Downloads\cdtomp3freeware.exe
2015-01-30 10:29 - 2015-02-02 17:09 - 00000000 ____D () C:\Program Files (x86)\CDex
2015-01-30 10:29 - 2015-01-30 10:29 - 00000000 ____D () C:\Users\Ulli\AppData\Local\CDex
2015-01-30 09:38 - 2015-01-30 09:46 - 00000000 ____D () C:\Users\Ulli\AppData\Roaming\DVDVideoSoft
2015-01-28 13:39 - 2015-01-28 13:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 13:21 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 13:21 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 13:21 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 13:21 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 13:21 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 13:21 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 13:21 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 13:21 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 13:21 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 13:21 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 13:21 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 13:21 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 13:21 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 13:21 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 13:21 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 13:21 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 13:21 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 13:21 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 13:21 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 13:21 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 13:21 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 13:21 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 13:21 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 13:21 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 15:25 - 2014-01-25 12:26 - 00000000 ____D () C:\Users\Ulli\Downloads\Programme
2015-02-04 15:23 - 2013-12-19 10:46 - 01784578 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 15:17 - 2014-09-19 17:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 15:10 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-04 07:31 - 2014-01-25 11:50 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 04:48 - 2014-01-26 10:01 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2015-02-03 20:27 - 2013-09-12 12:28 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2015-02-03 20:27 - 2013-09-12 12:28 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2015-02-03 20:27 - 2013-09-12 12:00 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 17:24 - 2014-01-25 11:51 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3911576866-2457419995-2319590870-1002
2015-02-03 17:11 - 2014-01-25 14:49 - 00000000 ____D () C:\Users\Ulli\Documents\Ulli
2015-02-03 16:31 - 2014-01-25 11:50 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 15:54 - 2014-01-25 11:47 - 00000000 ___DO () C:\Users\Ulli\SkyDrive
2015-02-03 15:53 - 2014-02-26 17:27 - 00000000 ____D () C:\Users\Ulli\Tracing
2015-02-03 15:53 - 2014-02-11 12:38 - 00000000 ___RD () C:\Users\Ulli\Documents\Google Drive
2015-02-03 15:53 - 2014-01-25 14:41 - 00000000 ___RD () C:\Users\Ulli\Dropbox
2015-02-03 15:53 - 2014-01-25 14:38 - 00000000 ____D () C:\Users\Ulli\AppData\Roaming\Dropbox
2015-02-03 15:52 - 2014-11-03 10:50 - 00000106 _____ () C:\Windows\system32\mfilemon.log
2015-02-03 15:52 - 2013-10-24 09:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-03 15:52 - 2013-09-12 11:53 - 00162750 _____ () C:\Windows\PFRO.log
2015-02-03 15:52 - 2013-08-22 15:46 - 00111134 _____ () C:\Windows\setupact.log
2015-02-03 15:52 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 15:28 - 2014-02-03 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-03 15:20 - 2014-05-12 19:00 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2015-02-03 14:45 - 2014-06-04 18:13 - 00000000 ____D () C:\AdwCleaner
2015-02-03 14:45 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-03 10:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-02 17:10 - 2014-12-08 13:29 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-01-31 01:33 - 2014-01-25 11:51 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-30 10:34 - 2014-01-25 12:25 - 00000432 _____ () C:\Windows\BRWMARK.INI
2015-01-30 10:34 - 2014-01-25 12:25 - 00000034 _____ () C:\Windows\SysWOW64\BD7420.DAT
2015-01-30 10:29 - 2014-01-25 17:16 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-30 09:43 - 2014-01-26 10:17 - 00000000 ____D () C:\Users\Ulli\StarMoney 9
2015-01-30 09:36 - 2014-10-30 17:23 - 00000000 ____D () C:\Program Files (x86)\Free mp3 Wma Converter
2015-01-29 16:31 - 2014-01-25 14:49 - 00000000 ____D () C:\Users\Ulli\Documents\Betrieb
2015-01-28 05:16 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-27 21:34 - 2014-01-25 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-26 11:06 - 2014-01-27 12:33 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 11:06 - 2014-01-26 12:03 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 11:05 - 2014-11-10 16:53 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-26 11:05 - 2014-11-10 16:53 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-26 11:05 - 2014-11-10 16:53 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-26 11:05 - 2014-11-10 16:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-26 11:05 - 2014-11-10 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-26 10:51 - 2014-01-25 14:15 - 00000000 ___RD () C:\Users\Ulli\Desktop\das war dabei
2015-01-24 21:20 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 21:17 - 2014-09-19 17:12 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-19 09:13 - 2014-01-25 14:46 - 00000000 ____D () C:\Users\Ulli\Documents\Mieter
2015-01-15 00:12 - 2014-06-19 18:13 - 00000028 _____ () C:\Windows\ODBC.INI
2015-01-14 13:51 - 2014-01-26 18:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 13:46 - 2014-01-26 18:27 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-05 13:09 - 2014-02-26 17:28 - 00000000 ____D () C:\Users\Ulli\AppData\Roaming\Windows Live Writer
==================== Files in the root of some directories =======
2014-05-12 19:04 - 2014-05-23 14:54 - 0000096 _____ () C:\Users\Ulli\AppData\Roaming\Camdata.ini
2014-05-12 19:04 - 2014-05-23 14:54 - 0000408 _____ () C:\Users\Ulli\AppData\Roaming\CamLayout.ini
2014-05-12 19:04 - 2014-05-23 14:54 - 0000408 _____ () C:\Users\Ulli\AppData\Roaming\CamShapes.ini
2014-05-12 19:04 - 2014-05-23 14:54 - 0004547 _____ () C:\Users\Ulli\AppData\Roaming\CamStudio.cfg
2015-01-31 11:13 - 2015-02-02 17:04 - 0000040 _____ () C:\Users\Ulli\AppData\Roaming\cdr.ini
2014-05-12 19:02 - 2014-05-23 14:36 - 0000096 _____ () C:\Users\Ulli\AppData\Roaming\version2.xml
2014-01-27 18:20 - 2014-01-28 00:16 - 0003584 _____ () C:\Users\Ulli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-24 09:46 - 2013-10-24 09:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-10-24 09:58 - 2013-10-24 09:58 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-10-24 09:52 - 2013-10-24 09:56 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-10-24 09:51 - 2013-10-24 09:51 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-10-24 09:57 - 2013-10-24 09:58 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2013-10-24 09:51 - 2013-10-24 09:52 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2013-10-24 09:56 - 2013-10-24 09:56 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log
Some content of TEMP:
====================
C:\Users\Ulli\AppData\Local\Temp\2630_3.22.1095_117Y.exe
C:\Users\Ulli\AppData\Local\Temp\amazonicon_v5.exe
C:\Users\Ulli\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Ulli\AppData\Local\Temp\AppLauncher.exe
C:\Users\Ulli\AppData\Local\Temp\avgnt.exe
C:\Users\Ulli\AppData\Local\Temp\COMAP.EXE
C:\Users\Ulli\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpibb4lt.dll
C:\Users\Ulli\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Ulli\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Ulli\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Ulli\AppData\Local\Temp\FreeAudioConverter.exe
C:\Users\Ulli\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ulli\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Ulli\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Ulli\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Ulli\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Ulli\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Ulli\AppData\Local\Temp\ms.exe
C:\Users\Ulli\AppData\Local\Temp\ose00000.exe
C:\Users\Ulli\AppData\Local\Temp\repair4.exe
C:\Users\Ulli\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Ulli\AppData\Local\Temp\sdapskill.exe
C:\Users\Ulli\AppData\Local\Temp\sdaspwn.exe
C:\Users\Ulli\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Ulli\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Ulli\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Ulli\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Ulli\AppData\Local\Temp\_isD299.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-04 04:19
==================== End Of Log ============================ Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Ulli at 2015-02-04 15:26:25
Running from C:\Users\Ulli\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
VIDEO DVR (HKLM-x32\...\{EBD0EE76-2CFC-4EE5-AFE6-7EEAA3B14332}) (Version: 2012.04.17 - -)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agrilog (HKLM-x32\...\de.bertelsmann.agrilog.AgrilogPortal) (Version: 0.9.0 - UNKNOWN)
Agrilog (x32 Version: 0.9.0 - UNKNOWN) Hidden
ANDI 2014 (HKLM-x32\...\{4BA6AC5A-A6E5-457F-BE5B-23FBE3D20650}) (Version: 6.0.4 - LGLN Hannover)
Ashampoo AppLauncher v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 11 v.11.0.4 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
Ashampoo Core Tuner 2 v.2.0.1 (HKLM-x32\...\Ashampoo Core Tuner 2_is1) (Version: 2.01 - Ashampoo GmbH & Co. KG)
Ashampoo GetBack Photo v.1.0.1 (HKLM-x32\...\Ashampoo GetBack Photo_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\Ashampoo HDD Control 2_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 4 v.4.0.1 (HKLM-x32\...\Ashampoo Music Studio 4_is1) (Version: 4.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 10 v.10.1.3 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.1.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 5 v.5.1.2 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.2 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio HD 2 v.2.0.5 (HKLM-x32\...\Ashampoo Slideshow Studio HD 2_is1) (Version: 2.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 5 v.5.1.5 (HKLM-x32\...\Ashampoo Snap 5_is1) (Version: 5.1.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Ashampoo Video Styler v.1.0.1 (HKLM-x32\...\Ashampoo Video Styler_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM-x32\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Brother MFL-Pro Suite MFC-7420 (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{E1E819A4-112C-454D-A3BE-FB58C60A2D80}) (Version: 1.40.0 - Kovid Goyal)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.77.0.2015 - Georgy Berdyshev)
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - )
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Farm Works Office (x32 Version: 2013.0.0526 - Trimble Navigation) Hidden
FarmPilotDispo (HKLM-x32\...\de.bertelsmann.farmpilot.FarmPilotDispo) (Version: 4.0.8 - UNKNOWN)
FarmPilotDispo (x32 Version: 4.0.8 - UNKNOWN) Hidden
FarmPilotFlotte (HKLM-x32\...\de.bertelsmann.farmpilot.FarmPilotFlotte) (Version: 4.0.10 - UNKNOWN)
FarmPilotFlotte (x32 Version: 4.0.10 - UNKNOWN) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotosizer 2.09 (HKLM-x32\...\Fotosizer) (Version: 2.09.0.548 - Fotosizer.com)
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free CD to MP3 Converter (HKLM-x32\...\Free CD to MP3 Converter) (Version: - Eusing Software)
FWAgDataFodd (HKLM-x32\...\{7A7578D3-B27B-4C2A-9C75-761E973C7782}) (Version: 1.0.28 - Farm Works Software)
FWLsbFOD (HKLM-x32\...\{37C6F31A-4ED1-4DFD-ADC0-31F02D77CE80}) (Version: 1.0.4 - Farm Works Software)
FWVygFOD (HKLM-x32\...\{4EC95BF9-674C-4FB6-94C1-56E2BE8979EE}) (Version: 1.0.74 - Farm Works Software)
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Geogrid®-Viewer (x32 Version: 6.3.2.0000 - EADS Deutschland GmbH) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Greenshot 1.1.9.13 (HKLM\...\Greenshot_is1) (Version: 1.1.9.13 - Greenshot)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
honestech VHS to DVD 2.0 SE (HKLM-x32\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 2.0 - honestech)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Joe (HKLM-x32\...\{0AD3DEBC-5321-457E-8B43-8F546940169B}) (Version: 4.00.0050 - Wirth IT Design)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
Mp3tag v2.62 (HKLM-x32\...\Mp3tag) (Version: v2.62 - Florian Heidenreich)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
NVIDIA 3D Vision Controller-Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.11 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office (HKLM-x32\...\{0B1D6943-B40D-4C1A-81B5-8038AC7DA5E4}) (Version: 2013.0.0526 - )
onlinebrief24.de (HKLM-x32\...\eBriefdienst-onlinebrief24) (Version: - )
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.0 - Tracker Software Products Ltd)
Pervasive PSQL v10.10 Workgroup (32-bit) (HKLM-x32\...\Pervasive PSQL v10.10 Workgroup (32-bit)) (Version: 10.13.060 - Pervasive Software)
Pervasive PSQL v10.10 Workgroup (32-bit) (x32 Version: 10.13.060 - Pervasive Software) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Radio.fx (HKLM-x32\...\Tobit Radio.fx Server) (Version: - Tobit.Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
SmartTools Publishing • Excel Jahreskalender 2015 (HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\SmartToolsExcelJahreskalender 2015) (Version: 7.00 - SmartTools Publishing)
SmartTools Publishing • Excel Jahreskalender 2015 (HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SmartToolsExcelJahreskalender 2015) (Version: 7.00 - SmartTools Publishing)
SmartTools Publishing • Word Serienmailer (HKLM-x32\...\SmartToolsSerienmailerv3.22) (Version: v3.22 - SmartTools Publishing)
StarMoney (x32 Version: 4.0.3.24 - StarFinanz) Hidden
StarMoney 9.0 (HKLM-x32\...\{D7163305-57C0-4BD4-8A04-E4181F6CDEDE}) (Version: 9.0 - Star Finanz GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Top50 V5 Viewer (HKLM-x32\...\{FABDDA3C-3951-428C-AE27-8E180365A061}) (Version: 6.3.2.0000 - EADS Deutschland GmbH)
Valokuvavalikoima (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{060D3CBD-8D3B-35C4-A0D8-49B3E040975A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{0911ECFC-FE5F-4C7F-A9A6-97ADAEE5D6FC}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Programme\SmartTools\Excel Jahreskalender 2015\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{1B158A14-A79D-38C1-B6A1-1A880A3FA50A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{3BA6D0D1-DC24-3DBA-A132-06A1BA807DCB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{59D15BAE-7C4E-3B51-8480-8C9CCB3C5D65}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{5B170D82-E562-3EFB-8139-93698F5A9322}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{5DFD9BFC-435D-3284-8C60-7C3203386798}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{6258287F-314C-3558-B92C-28D8EDAAC361}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{660F5B5C-6705-3B5C-B11C-869ED8217FCE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{6CD2091E-15F6-3F2F-9D99-DF8A167B51D8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{6EEDFCF0-D92D-3891-89F1-B7B745538E4A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{8324717F-46C4-3EE7-B07C-30122737A552}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{8634B281-0D37-317D-8F77-068938E82BFB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{8F0209F9-EC9B-3FCF-997C-A3094FFEF45F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{93289D11-48CF-356C-8BC4-DEDD603DD03B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{958D61DA-921A-3AB8-8A38-0B2943518910}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{A80F214C-0B43-3C02-B064-1FB58E461FE8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{B38988F9-3E55-3584-AC7D-44A5229790A8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{B6406164-BEED-309C-B0FD-9F055DDF7E1A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{B90F3724-195B-33C7-BCB2-EB7D48C4497F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{BB4F4887-B7E8-3483-82D4-C77B21CA984A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{C054C137-9B5A-3830-8B1C-A9955D5F1450}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{C88C785D-8EB2-3BD4-B4BB-6B261F4B46C8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{CEB81839-B60D-3A2B-8445-EBD410FCBAD7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{EBCB8E20-5468-300C-B4E5-61900BD9E341}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{EFC21CD6-B6E1-3A71-946C-73BB2F1F11CD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ulli\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
28-01-2015 05:13:57 Windows Update
30-01-2015 09:39:32 DVDVideoSoftRestorePoint
02-02-2015 17:08:38 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1CD11D60-DFDF-4EEF-8083-EE201F4D4EFF} - System32\Tasks\{4B192C6B-1C4A-459B-A1B7-EB1D2C5DB14F} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsMain
Task: {45583031-1E7F-4FBF-BAC7-71FA641308E2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {754B7387-74BE-49B0-82D9-8C01B9902462} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3911576866-2457419995-2319590870-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {9120D1CD-EBE8-46B1-ADE5-9450B64AAC1E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {C255F862-33C1-4647-A44D-BE1E81CEC1B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25] (Google Inc.)
Task: {D572FC10-7557-4D7C-982E-87B6103D6A56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25] (Google Inc.)
Task: {DB2D7868-DDCF-46EB-9414-9631A26C23C8} - System32\Tasks\{6A60C321-3331-4FFC-AB9A-94B4D0B8D123} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsWLM
Task: {F6160409-8B3A-46EF-AA5B-2AA146EAB2B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FD49A7D5-46D3-4D71-8306-733B2368BACA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-10-24 09:36 - 2014-09-13 22:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-24 10:08 - 2011-08-22 13:44 - 01421216 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
2013-10-24 10:08 - 2012-07-30 10:48 - 01518504 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
2014-02-17 17:27 - 2013-06-03 13:06 - 03999512 _____ () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
2014-06-04 15:51 - 2014-06-04 15:51 - 00692224 _____ () C:\Program Files (x86)\onlinebrief24.de\ebdhelper.exe
2014-06-09 08:25 - 2014-06-09 08:25 - 00059392 _____ () C:\Program Files\WindowsApps\CouchfunkGmbH.WM2014LiveApp_1.0.2.0_x64__3vz57y5v96hga\WM2014.exe
2013-08-22 08:19 - 2013-08-22 07:54 - 00792064 _____ () C:\Windows\system32\WinMetadata\Windows.UI.Xaml.winmd
2014-10-16 05:50 - 2014-10-16 05:50 - 01782784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
2014-06-09 08:25 - 2014-06-09 08:25 - 00150016 _____ () C:\Program Files\WindowsApps\CouchfunkGmbH.WM2014LiveApp_1.0.2.0_x64__3vz57y5v96hga\Couchfunk.Backend.DLL
2014-06-09 08:25 - 2014-06-09 08:25 - 00223744 _____ () C:\Program Files\WindowsApps\CouchfunkGmbH.WM2014LiveApp_1.0.2.0_x64__3vz57y5v96hga\Couchfunk.UIBase.DLL
2014-10-16 05:50 - 2014-10-16 05:50 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-10-16 05:50 - 2014-10-16 05:50 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2014-06-09 08:25 - 2014-06-09 08:25 - 00076288 _____ () C:\Program Files\WindowsApps\CouchfunkGmbH.WM2014LiveApp_1.0.2.0_x64__3vz57y5v96hga\Couchfunk.ViewModels.DLL
2013-08-22 08:19 - 2013-08-22 07:54 - 00121344 _____ () C:\Windows\system32\WinMetadata\Windows.Media.winmd
2013-08-22 08:19 - 2013-08-22 07:54 - 00054784 _____ () C:\Windows\system32\WinMetadata\Windows.Globalization.winmd
2014-06-09 08:25 - 2014-06-09 08:25 - 00014848 _____ () C:\Program Files\WindowsApps\CouchfunkGmbH.WM2014LiveApp_1.0.2.0_x64__3vz57y5v96hga\Couchfunk.WebApi.DLL
2014-06-09 08:25 - 2014-06-09 08:25 - 00034304 _____ () C:\Program Files\WindowsApps\CouchfunkGmbH.WM2014LiveApp_1.0.2.0_x64__3vz57y5v96hga\GoogleAnalytics.winmd
2014-06-09 08:25 - 2014-06-09 08:25 - 00047616 _____ () C:\Program Files\WindowsApps\CouchfunkGmbH.WM2014LiveApp_1.0.2.0_x64__3vz57y5v96hga\GoogleAnalytics.Core.winmd
2014-10-16 05:50 - 2014-10-16 05:50 - 01278464 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Storage\f9ac074d298db459c5eff6d3256861c8\Windows.Storage.ni.dll
2014-10-16 05:50 - 2014-10-16 05:50 - 00632320 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Security\c7f6d022c5d5aec4891cb6b3b9934336\Windows.Security.ni.dll
2014-10-16 05:50 - 2014-10-16 05:50 - 00521216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll
2013-08-22 08:19 - 2013-08-22 07:54 - 00112640 _____ () C:\Windows\system32\WinMetadata\Windows.Networking.winmd
2013-08-22 08:19 - 2013-08-22 07:54 - 00020480 _____ () C:\Windows\system32\WinMetadata\Windows.System.winmd
2013-08-22 08:19 - 2013-08-22 07:54 - 00049664 _____ () C:\Windows\system32\WinMetadata\Windows.Graphics.winmd
2013-08-22 08:19 - 2013-08-22 07:54 - 00169472 _____ () C:\Windows\system32\WinMetadata\Windows.Devices.winmd
2014-08-05 07:27 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2014-02-17 17:27 - 2013-06-03 13:06 - 09907712 _____ () C:\Program Files (x86)\Tobit Radio.fx\Client\TOBITCLT.dll
2014-02-17 17:27 - 2013-05-16 14:28 - 00242688 _____ () C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client$.ger
2015-02-03 15:52 - 2015-02-03 15:52 - 00098816 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32api.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00110080 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\pywintypes27.dll
2015-02-03 15:52 - 2015-02-03 15:52 - 00364544 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\pythoncom27.dll
2015-02-03 15:52 - 2015-02-03 15:52 - 00045568 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\_socket.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 01160704 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\_ssl.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00320512 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32com.shell.shell.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00713216 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\_hashlib.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 01175040 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\wx._core_.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00805888 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\wx._gdi_.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00811008 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\wx._windows_.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 01062400 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\wx._controls_.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00735232 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\wx._misc_.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00557056 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\pysqlite2._sqlite.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00128512 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\_elementtree.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00127488 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\pyexpat.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00087552 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\_ctypes.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00119808 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32file.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00108544 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32security.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00007168 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\hashobjs_ext.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00167936 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32gui.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00018432 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32event.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00038912 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32inet.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00011264 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32crypt.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00070656 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\wx._html2.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00027136 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\_multiprocessing.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00035840 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32process.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00686080 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\unicodedata.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00122368 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\wx._wizard.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00024064 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32pipe.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00025600 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32pdh.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00525640 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\windows._lib_cacheinvalidation.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00010240 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\select.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00017408 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32profile.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00022528 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32ts.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00078336 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\wx._animate.pyd
2013-10-24 09:56 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Ulli\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-03 15:53 - 2015-02-03 15:53 - 00043008 _____ () c:\users\ulli\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpibb4lt.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Ulli\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Ulli\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Ulli\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-31 01:33 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-31 01:33 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2014-01-26 11:52 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-01-31 01:33 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2013-10-24 09:26 - 2013-09-04 00:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-12-05 17:32 - 2007-10-01 15:35 - 00155648 ____N () C:\NLBW\Programm\axberega.DLL
2015-01-31 01:33 - 2015-01-27 04:44 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Ulli\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"
========================= Accounts: ==========================
Administrator (S-1-5-21-3911576866-2457419995-2319590870-500 - Administrator - Disabled)
Gast (S-1-5-21-3911576866-2457419995-2319590870-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3911576866-2457419995-2319590870-1004 - Limited - Enabled)
Ulli (S-1-5-21-3911576866-2457419995-2319590870-1002 - Administrator - Enabled) => C:\Users\Ulli
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/04/2015 04:21:37 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (02/03/2015 09:39:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MEDION_AKOYA)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/02/2015 05:10:36 PM) (Source: MsiInstaller) (EventID: 1013) (User: MEDION_AKOYA)
Description: Produkt: TuneUp Utilities 2014 -- Ungültiger Produktschlüssel
Error: (02/02/2015 05:03:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Power2Go8.exe, Version: 8.0.0.3202, Zeitstempel: 0x51fbbccc
Name des fehlerhaften Moduls: Power2Go8.exe, Version: 8.0.0.3202, Zeitstempel: 0x51fbbccc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001eb4d
ID des fehlerhaften Prozesses: 0x1d68
Startzeit der fehlerhaften Anwendung: 0xPower2Go8.exe0
Pfad der fehlerhaften Anwendung: Power2Go8.exe1
Pfad des fehlerhaften Moduls: Power2Go8.exe2
Berichtskennung: Power2Go8.exe3
Vollständiger Name des fehlerhaften Pakets: Power2Go8.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Power2Go8.exe5
Error: (02/02/2015 05:14:03 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (02/02/2015 05:11:14 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (02/01/2015 02:33:41 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (01/30/2015 10:30:32 AM) (Source: MsiInstaller) (EventID: 1013) (User: MEDION_AKOYA)
Description: Produkt: TuneUp Utilities 2014 -- Ungültiger Produktschlüssel
Error: (01/30/2015 09:47:32 AM) (Source: MsiInstaller) (EventID: 1013) (User: MEDION_AKOYA)
Description: Produkt: TuneUp Utilities 2014 -- Ungültiger Produktschlüssel
Error: (01/30/2015 09:43:42 AM) (Source: MsiInstaller) (EventID: 1013) (User: MEDION_AKOYA)
Description: Produkt: TuneUp Utilities 2014 -- Ungültiger Produktschlüssel
System errors:
=============
Error: (02/04/2015 03:09:47 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SPEEDPORT.IP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{48DB9C58-752C-400A-845E-0F672BF8456B}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (02/03/2015 03:52:19 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "SPEEDPORT.IP" zum Namen "MEDION_AKOYA" auf Transport "NetBT_Tcpip_{2DD379D7-8B65-4001-A248-2010D0D2803D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (02/03/2015 03:29:08 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "SPEEDPORT.IP" zum Namen "MEDION_AKOYA" auf Transport "NetBT_Tcpip_{2DD379D7-8B65-4001-A248-2010D0D2803D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (02/03/2015 02:46:33 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "SPEEDPORT.IP" zum Namen "MEDION_AKOYA" auf Transport "NetBT_Tcpip_{2DD379D7-8B65-4001-A248-2010D0D2803D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (02/03/2015 08:48:57 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "SPEEDPORT.IP" zum Namen "MEDION_AKOYA" auf Transport "NetBT_Tcpip_{2DD379D7-8B65-4001-A248-2010D0D2803D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (01/31/2015 11:25:34 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (01/31/2015 11:25:18 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (01/31/2015 11:25:12 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (01/31/2015 11:25:06 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (01/31/2015 11:24:58 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Microsoft Office Sessions:
=========================
Error: (02/04/2015 04:21:37 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\Users\Ulli\AppData\Roaming\programme\smarttools\excel jahreskalender 2015\adxloader.dll.Manifestc:\Users\Ulli\AppData\Roaming\programme\smarttools\excel jahreskalender 2015\adxloader.dll.Manifest2
Error: (02/03/2015 09:39:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MEDION_AKOYA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927142
Error: (02/02/2015 05:10:36 PM) (Source: MsiInstaller) (EventID: 1013) (User: MEDION_AKOYA)
Description: Produkt: TuneUp Utilities 2014 -- Ungültiger Produktschlüssel(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (02/02/2015 05:03:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Power2Go8.exe8.0.0.320251fbbcccPower2Go8.exe8.0.0.320251fbbcccc00000050001eb4d1d6801d03d3f2d711983C:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exeC:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe0ae1d54a-aaf5-11e4-82bf-d43d7eb05526
Error: (02/02/2015 05:14:03 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\Users\Ulli\AppData\Roaming\programme\smarttools\excel jahreskalender 2015\adxloader.dll.Manifestc:\Users\Ulli\AppData\Roaming\programme\smarttools\excel jahreskalender 2015\adxloader.dll.Manifest2
Error: (02/02/2015 05:11:14 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\Users\Ulli\AppData\Roaming\programme\smarttools\excel jahreskalender 2015\adxloader.dll.Manifestc:\Users\Ulli\AppData\Roaming\programme\smarttools\excel jahreskalender 2015\adxloader.dll.Manifest2
Error: (02/01/2015 02:33:41 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\Users\Ulli\AppData\Roaming\programme\smarttools\excel jahreskalender 2015\adxloader.dll.Manifestc:\Users\Ulli\AppData\Roaming\programme\smarttools\excel jahreskalender 2015\adxloader.dll.Manifest2
Error: (01/30/2015 10:30:32 AM) (Source: MsiInstaller) (EventID: 1013) (User: MEDION_AKOYA)
Description: Produkt: TuneUp Utilities 2014 -- Ungültiger Produktschlüssel(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (01/30/2015 09:47:32 AM) (Source: MsiInstaller) (EventID: 1013) (User: MEDION_AKOYA)
Description: Produkt: TuneUp Utilities 2014 -- Ungültiger Produktschlüssel(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (01/30/2015 09:43:42 AM) (Source: MsiInstaller) (EventID: 1013) (User: MEDION_AKOYA)
Description: Produkt: TuneUp Utilities 2014 -- Ungültiger Produktschlüssel(NULL)(NULL)(NULL)(NULL)(NULL)
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 12244.35 MB
Available physical RAM: 9097.91 MB
Total Pagefile: 14100.35 MB
Available Pagefile: 10496.48 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:1801.3 GB) (Free:1463.48 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:45.04 GB) NTFS
Drive g: () (Removable) (Total:0.99 GB) (Free:0.87 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 1009 MB) (Disk ID: 004FA16F)
Partition 1: (Active) - (Size=1009 MB) - (Type=06)
==================== End Of Log ============================ Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 03.02.2015
Scan Time: 14:56:22
Logfile: anti-malware.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.03.05
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Ulli
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 390720
Time Elapsed: 23 min, 5 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 6
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{30c85a3d-1d96-4589-b63f-91fb7ef45a41}, Quarantined, [66abca50e0aab97d34397c7b27db2ed2],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{63c63464-1423-4fdb-ba5d-6f75f491c63e}, Quarantined, [66abca50e0aab97d34397c7b27db2ed2],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{50F60937-910A-4C05-8E36-FE4E299191CF}, Quarantined, [66abca50e0aab97d34397c7b27db2ed2],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{50F60937-910A-4C05-8E36-FE4E299191CF}, Quarantined, [66abca50e0aab97d34397c7b27db2ed2],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{63c63464-1423-4fdb-ba5d-6f75f491c63e}, Quarantined, [66abca50e0aab97d34397c7b27db2ed2],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}, Quarantined, [66abca50e0aab97d34397c7b27db2ed2],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 9
PUP.Optional.Bunndle, C:\Program Files\CamStudio 2.7\BunndleOfferManager.exe, Quarantined, [a56ca3771d6de94dfe73302d52ae58a8],
PUP.Optional.Conduit.A, C:\Users\Ulli\AppData\Local\Temp\nsj22DD.exe, Quarantined, [41d09f7bb1d938fee07b8c1ca061a858],
PUP.Optional.SkyTech.A, C:\Users\Ulli\AppData\Local\Temp\268487171\268487171.zipDir\alilog.dll, Quarantined, [ef220812a3e715219fc8976404fd0af6],
PUP.Optional.V9.A, C:\Users\Ulli\AppData\Local\Temp\268487171\268487171.zipDir\qSE.exe, Quarantined, [50c136e48dfd54e283a9fd4ce020ed13],
PUP.Optional.Skytech.A, C:\Users\Ulli\AppData\Local\Temp\268487171\268487171.zipDir\UninstallManager.exe, Quarantined, [29e86fabc1c946f0d1fbe6c5a55c0ff1],
PUP.Optional.IePluginService.A, C:\Users\Ulli\AppData\Local\Temp\268487171\268487171.zipDir\tmp\SupTab_Setup302.exe, Quarantined, [08098694157561d5c61bbdbeb1509967],
PUP.Optional.SmileysWeLove.A, C:\Users\Ulli\AppData\Local\Temp\bhfiles\IEOpenServiceHelper.exe, Quarantined, [36db2af0aae0a5918eb979361ee3b64a],
PUP.Adware.Agent, C:\Users\Ulli\AppData\Local\Temp\PositiveFinds\Setup.exe, Quarantined, [f61bf228eaa0bc7afad0e5217b857e82],
PUP.Optional.PositiveFind.A, C:\Users\Ulli\AppData\Roaming\Mozilla\Firefox\Profiles\9eur0fyz.default\extensions\{29e2f58a-a791-4ede-8083-4f6919d1cb6d}.xpi, Quarantined, [ee23f426acde6ccaf1414839b350f010],
Physical Sectors: 0
(No malicious items detected)
(end) |