| |
| |||||||
Log-Analyse und Auswertung: Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC LeistungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.01.2015, 12:01
| #1 |
 |  Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung Hallo zusammen. Ich habe seit einiger Zeit bemerkt, dass mein Laptop wesentlich langsamer ist als sonst. Erst tat ich es als ein Internet Problem ab, da ich hauptsächlich surfe. Mir ist aber jetzt aufgefallen, dass im Taskmanager unter Prozessen mehrfach ein Prozess namens compatibilitycheck.exe vorkommt, den ich nicht kenne und welche auch nicht von mir als Benutzer gesteuert ist. Diese Prozesse lasten meinen PC sehr aus (meistens sind 2-3 [von bis zu ca 15] unter den Prozessen welchen den meisten Arbeitsspeicher benutzen) und selbst wenn ich neu starte und kein Programm öffne ist meine CPU-Auslastung bei mindestens 70% teilweise sogar höher. Sobald ich ein anderes Programm benutze liegt sie eigentlich immer bei 100%. Diese Prozesse lassen sich nicht von mir löschen. Desweiteren habe ich immer Pop-Ups, selbst dann wenn ich nichtmal einen Browser offen habe. Habe den PC letztens neu gestartet und da kam auch ohne das ich irgendwas aufhatte ein Pop-Up, der aber direkt wieder verschwand. Außerdem kommt im Hintergrund öfter auf einmal eine Stimme, welche sich als ein Ausschnitt aus verschiedenen Interviews, Berichten, etc. entpuppt, für 2-10 Sekunden läuft und wieder verschwindet. Auch dies passiert ohne Browser, aber naturlich auch mit. Nutzen kann man den PC so kaum, da er von fast allem überfordert ist. Ich habe die Schritte so befolgt wie sie in der Anleitung standen, nur habe ich keine Erfahrung in Foren und was das richtige Posten angeht, daher hoffe ich, dass das mit dem Posten der Logs wie gewollt klappt. Hier die Logs: Defogger disable: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:49 on 21/01/2015 (***** *****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by ***** ***** (administrator) on DAVID on 21-01-2015 10:52:39
Running from C:\Users\***** *****\Desktop
Loaded Profiles: ***** ***** (Available profiles: ***** *****)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(T-Systems International GmbH) C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(T-Systems International GmbH) C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Spotify Ltd) C:\Users\***** *****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\***** *****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [T-Home Dialerschutz-Software] => C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe [1411720 2010-03-29] (T-Systems International GmbH)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6814240 2009-02-13] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-02-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [RocketDock] => "C:\Program Files\RocketDock\RocketDock.exe"
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [Spotify Web Helper] => C:\Users\***** *****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-13] (Spotify Ltd)
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [NextLive] => C:\Windows\system32\rundll32.exe "C:\Users\***** *****\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\MountPoints2: {7b16325e-30b4-11e1-9eb1-00265eb087d7} - F:\Autorun.exe
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\MountPoints2: {8052ec9d-f8b4-11df-8b29-00265eb087d7} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\MountPoints2: {8d6e4b71-f4d4-11df-9935-806e6f6e6963} - E:\AutoRun.exe
Startup: C:\Users\***** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://rts.dsrlte.com?affID=na
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM -> DefaultScope {772CA233-EF58-4C12-BD53-408EFC32E247} URL =
SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> DefaultScope {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312329&CUI=UN39588198854758620&UM=2
SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312329&CUI=UN39588198854758620&UM=2
SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> {241EC647-646E-4DDF-9263-2F5111F019F6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> {34AEBC21-74EA-4AF2-9473-630C7A0F5BB7} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> {772CA233-EF58-4C12-BD53-408EFC32E247} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{58A12B80-1895-4C95-9F28-3D8660E0C185}: [NameServer] 223.0.0.0
FireFox:
========
FF ProfilePath: C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL:
FF NetworkProxy: "autoconfig_url", "data:application/x-ns-proxy-autoconfig;base64,ZnVuY3Rpb24gaXNZb3VUdWJlVmlkZW8odXJsKXsgcmV0dXJuIG5ldyBSZWdFeHAoIl4oPzpodHRwfGh0dHBzKTpcXC9cXC8oPzouKikoPzouZ29vZ2xldmlkZW8uY29tfC5jLnlvdXR1YmUuY29tKSg/Oi4qKVxcL3ZpZGVvcGxheWJhY2soPzouKikoPzpnY3I9dXN8XFwvZ2NyXFwvdXNcXC8pKD86LiopJCIsJ2knKS50ZXN0KHVybCk7fWZ1bmN0aW9uIGlzWW91VHViZVZpZGVvUGFnZSh1cmwsIGhvc3QsIHZpZHVybCkgeyByZXR1cm4gaG9zdC5pbmRleE9mKCd5b3V0dWJlLmNvbScpICE9IC0xICYmIHVybC5pbmRleE9mKHZpZHVybCkgIT0gLTE7fWZ1bmN0aW9uIEZpbmRQcm94eUZvclVSTCh1cmwsIGhvc3QpIHtpZihpc1lvdVR1YmVWaWRlbyh1cmwpICB8fCBpc1lvdVR1YmVWaWRlb1BhZ2UodXJsLCBob3N0LCAnaHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj0wQ0t3N2t1SWxWcyZpbmRleD0xNSZsaXN0PVBMN1d6MEdjNER0UHVZa1hrZTlpLVFwY1lWOVowWjdSQmUnKSB8fCBpc1lvdVR1YmVWaWRlb1BhZ2UodXJsLCBob3N0LCAnaHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj13UGJITmtLYnprNCZpbmRleD0xNiZsaXN0PVBMN1d6MEdjNER0UHVZa1hrZTlpLVFwY1lWOVowWjdSQmUnKSB8fCBpc1lvdVR1YmVWaWRlb1BhZ2UodXJsLCBob3N0LCAnaHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj04bF9CN1NMWjZ5MCZpbmRleD0xNyZsaXN0PVBMN1d6MEdjNER0UHVZa1hrZTlpLVFwY1lWOVowWjdSQmUnKSl7IHJldHVybiAnUFJPWFkgMjA5LjIzOS4xMTQuMTAwOjMxMzEnO31lbHNleyByZXR1cm4gJ0RJUkVDVCc7fX0="
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2508884068-3804397540-1067786986-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\***** *****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2508884068-3804397540-1067786986-1000: electronicarts.com/GameFacePlugin -> C:\Users\***** *****\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF SearchPlugin: C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\searchplugins\dsrlte.xml
FF Extension: Avira Browser Safety - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\abs@avira.com [2015-01-20]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-09]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-12-09]
FF Extension: MEGA - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\firefox@mega.co.nz.xpi [2014-12-23]
FF Extension: ProxTube - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\info@convert2mp3.net.xpi [2014-06-22]
FF Extension: NoScript - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-09]
FF Extension: Flash Block - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2014-12-09]
FF Extension: Adblock Plus - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-22]
FF Extension: Adblock Edge - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-12-09]
FF HKLM\...\Firefox\Extensions: [seesimilar@SeeSimilar.com] - C:\Users\***** *****\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com
FF Extension: SeeSimilar - C:\Users\***** *****\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com [2013-10-19]
FF HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Firefox\Extensions: [seesimilar@SeeSimilar.com] - C:\Users\***** *****\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\***** *****\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-10-10]
CHR HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\***** *****\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-30]
CHR HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\***** *****\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-10-10]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 CouponarificService; C:\Program Files\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv.exe [161280 2014-11-19] () [File not signed]
R2 DFSVC; C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe [288768 2009-10-21] (T-Systems International GmbH) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2011-05-16] (Microsoft Corporation) [File not signed]
R2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [91304 2015-01-12] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 OO SSD Migration Kit; "C:\Program Files\OO Software\SSD Migration Kit\oosmkag.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 DFSYS; C:\Program Files\T-Home\Dialerschutz-Software\DFSYS.SYS [14624 2009-10-15] (T-Systems International GmbH)
S3 dsiarhwprog; C:\Windows\System32\Drivers\dsiarhwprog.sys [29184 2007-02-08] (Thesycon GmbH, Germany)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-08-12] (SAMSUNG ELECTRONICS CO., LTD.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl70a16154; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{58CD8086-3C8A-4E54-8294-DFE630690E61}\MpKsl70a16154.sys [39464 2015-01-21] (Microsoft Corporation)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [36048 2014-11-19] (NetFilterSDK.com)
R3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH)
R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [238464 2008-11-21] (Vimicro Corporation)
R1 {9d5747ee-0448-4681-8337-1555de75a3b6}Gw; C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw.sys [52928 2014-05-06] (StdLib)
R1 {9d5747ee-0448-4681-8337-1555de75a3b6}w; C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}w.sys [52928 2014-04-29] (StdLib)
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Migrate OS to SSD 4.0\program\BioNTDrv.SYS [X]
S1 netfilter2; system32\drivers\netfilter2.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-21 10:52 - 2015-01-21 10:53 - 00019168 _____ () C:\Users\***** *****\Desktop\FRST.txt
2015-01-21 10:52 - 2015-01-21 10:53 - 00000000 ____D () C:\FRST
2015-01-21 10:51 - 2015-01-21 10:51 - 01118208 _____ (Farbar) C:\Users\***** *****\Desktop\FRST.exe
2015-01-21 10:49 - 2015-01-21 10:49 - 00000484 _____ () C:\Users\***** *****\Desktop\defogger_disable.log
2015-01-21 10:49 - 2015-01-21 10:49 - 00000000 _____ () C:\Users\***** *****\defogger_reenable
2015-01-21 10:47 - 2015-01-21 10:47 - 00050477 _____ () C:\Users\***** *****\Desktop\Defogger.exe
2015-01-21 10:23 - 2015-01-21 10:23 - 00000000 ____D () C:\Users\***** *****\AppData\Local\AviraSpeedup
2015-01-21 10:22 - 2015-01-21 10:22 - 00000056 _____ () C:\Windows\setupact.log
2015-01-21 10:22 - 2015-01-21 10:22 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-20 17:43 - 2015-01-20 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-01-20 17:35 - 2015-01-20 17:33 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-20 17:32 - 2015-01-20 17:32 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\Avira
2015-01-20 17:31 - 2015-01-20 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-20 17:30 - 2015-01-20 17:43 - 00000000 ____D () C:\Program Files\Avira
2015-01-20 17:30 - 2015-01-20 17:32 - 00000000 ____D () C:\ProgramData\Avira
2015-01-20 17:30 - 2014-11-24 10:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-20 17:30 - 2014-11-24 10:23 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-20 17:30 - 2014-11-24 10:23 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-20 17:30 - 2014-11-24 10:23 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-01-17 12:12 - 2015-01-17 12:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 12:05 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:05 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:05 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 12:05 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:05 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:05 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 10:41 - 2015-01-21 10:54 - 00000112 _____ () C:\ProgramData\Y4Ki2D2g0.dat
2015-01-11 17:59 - 2015-01-11 17:59 - 00000641 _____ () C:\Users\***** *****\Desktop\Bilder.lnk
2015-01-10 20:21 - 2015-01-10 20:21 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-10 20:21 - 2015-01-10 20:21 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-08 13:32 - 2015-01-20 17:40 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-08 13:30 - 2015-01-21 10:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-08 13:30 - 2015-01-21 10:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2014-12-25 15:49 - 2014-12-25 15:49 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\EurekaLab s.a.s
2014-12-23 21:17 - 2014-12-23 21:17 - 00000320 _____ () C:\Users\***** *****\Desktop\Magic The Gathering Online .appref-ms
2014-12-23 21:17 - 2014-12-23 21:17 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast
2014-12-23 21:17 - 2014-12-23 21:17 - 00000000 ____D () C:\Users\***** *****\AppData\Local\Wizards of the Coast
2014-12-23 21:17 - 2014-12-23 21:17 - 00000000 ____D () C:\ProgramData\Gibraltar
2014-12-23 21:14 - 2014-12-30 22:43 - 00000000 ____D () C:\Users\***** *****\AppData\Local\Deployment
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-21 10:54 - 2014-05-21 13:54 - 00001332 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-7.job
2015-01-21 10:49 - 2010-11-20 19:58 - 00000000 ____D () C:\Users\***** *****
2015-01-21 10:30 - 2009-07-14 05:34 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 10:30 - 2009-07-14 05:34 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 10:28 - 2013-11-04 19:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 10:26 - 2010-11-20 19:55 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 10:26 - 2010-11-20 19:36 - 01772187 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 10:23 - 2014-02-08 20:30 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\newnext.me
2015-01-21 10:23 - 2012-07-07 22:42 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\Dropbox
2015-01-21 10:22 - 2014-05-21 13:54 - 00002220 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-4.job
2015-01-21 10:22 - 2014-05-21 13:54 - 00001484 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-5.job
2015-01-21 10:22 - 2014-05-21 13:54 - 00001392 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-1.job
2015-01-21 10:22 - 2014-05-21 13:54 - 00001378 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-2.job
2015-01-21 10:22 - 2014-05-21 13:53 - 00003454 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-3.job
2015-01-21 10:22 - 2014-05-21 13:53 - 00001400 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-6.job
2015-01-21 10:22 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 10:22 - 2009-07-14 05:33 - 00496744 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-20 22:05 - 2014-05-21 13:50 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\Security System 2
2015-01-20 19:04 - 2011-01-01 20:36 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\vlc
2015-01-20 17:52 - 2010-11-20 20:57 - 00155032 _____ () C:\Users\***** *****\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-20 17:44 - 2014-12-01 23:09 - 00000000 ____D () C:\Program Files\Couponarific
2015-01-20 17:38 - 2014-05-21 13:50 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\BupSystem
2015-01-20 17:10 - 2010-11-21 20:48 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\WD
2015-01-20 17:10 - 2010-11-21 20:48 - 00000000 ____D () C:\Program Files\Common Files\Memeo
2015-01-19 22:16 - 2011-07-31 12:54 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-19 21:30 - 2012-08-02 11:31 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\Spotify
2015-01-19 19:25 - 2012-08-02 11:31 - 00000000 ____D () C:\Users\***** *****\AppData\Local\Spotify
2015-01-17 16:27 - 2014-06-22 13:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-15 14:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-15 12:28 - 2012-03-30 13:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-15 12:28 - 2011-05-20 05:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-14 13:14 - 2013-08-15 15:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 13:10 - 2010-11-20 21:57 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 18:25 - 2010-12-11 19:19 - 00000000 ____D () C:\Program Files\Magic Workstation
2015-01-12 18:24 - 2010-11-20 21:27 - 00000000 ____D () C:\Program Files\CyberLink
2015-01-12 18:24 - 2010-11-20 20:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-12 18:18 - 2010-11-20 21:26 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-12 18:10 - 2010-12-03 22:03 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\CyberLink
2015-01-11 18:21 - 2010-12-28 14:37 - 00000000 ____D () C:\Users\***** *****\AppData\Local\Google
2015-01-11 18:21 - 2010-12-28 14:37 - 00000000 ____D () C:\Program Files\Google
2015-01-09 10:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-31 12:13 - 2010-11-20 20:24 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-25 14:42 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-23 21:14 - 2011-01-27 20:43 - 00000000 ____D () C:\Users\***** *****\AppData\Local\Apps\2.0
==================== Files in the root of some directories =======
2011-08-31 16:21 - 2011-09-04 19:09 - 0000000 ____H () C:\Users\***** *****\AppData\Roaming\windrvconfig.txt
2011-11-19 20:02 - 2011-11-26 16:50 - 0010240 _____ () C:\Users\***** *****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-21 14:01 - 2014-05-21 14:01 - 0301496 _____ (VuuPC Limited) C:\Users\***** *****\AppData\Local\nsr324A.tmp
2011-07-21 23:24 - 2011-07-21 23:24 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-08-26 21:06 - 2011-08-27 13:32 - 0007246 _____ () C:\ProgramData\hpzinstall.log
2015-01-13 10:41 - 2015-01-21 10:54 - 0000112 _____ () C:\ProgramData\Y4Ki2D2g0.dat
Files to move or delete:
====================
C:\ProgramData\Y4Ki2D2g0.dat
C:\Users\***** *****\MTGOinstall.exe
Some content of TEMP:
====================
C:\Users\***** *****\AppData\Local\Temp\avgnt.exe
C:\Users\***** *****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxgeqzy.dll
C:\Users\***** *****\AppData\Local\Temp\ose00000.exe
C:\Users\***** *****\AppData\Local\Temp\_isC6DA.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-16 21:02
==================== End Of Log ============================
Und der FRST addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by ***** ***** at 2015-01-21 10:54:49
Running from C:\Users\***** *****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira System Speedup 1.5 (HKLM\...\Avira System Speedup_is1) (Version: 1.5 - 2000 - 2014 Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.3 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
Free Video to iPhone Converter version 3.2.12 (HKLM\...\Free Video to iPhone Converter_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube Download version 3.1.37.918 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Magic The Gathering Online (HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\35c9d60442fbb010) (Version: 3.4.83.467 - Wizards of the Coast)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Namuga 1.3M Webcam (HKLM\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5791 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.8 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}) (Version: 2.0 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., LTD) Hidden
Spotify (HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
T-Home Dialerschutz-Software (HKLM\...\{E8C5BD56-F5D8-41D3-8A71-273468FE256A}) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD Discovery Software (HKLM\...\{324F388E-4F28-42D6-ADD1-9AB27D249523}) (Version: 1.70 - Western Digital)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\***** *****\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{CBD32ACD-3033-5DC4-AF3E-A32955785032}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
15-01-2015 15:34:35 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
18-01-2015 13:12:32 Windows Update
20-01-2015 17:43:26 Avira System Speedup 1.5
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2014-05-21 13:44 - 00004422 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 capitalimonline.com
127.0.0.1 www.verifi-infonet.com
127.0.0.1 www.forsil-srl.com
127.0.0.1 trustedppiclaims.co.uk
127.0.0.1 ftp.signara.org
127.0.0.1 buy-fifa-ultimateteam-coins.com
127.0.0.1 pay.pal-schutz.com
127.0.0.1 swqk3xftx38.h149.pp39dk.com
127.0.0.1 robertoleal.es
127.0.0.1 verifi-infonet.com
127.0.0.1 ssl.paypal.secure.your.billing.information.mytrickworld.com
127.0.0.1 lastminute-ibiza.net
127.0.0.1 myaccount.aol.com.onlineaccounts.upgrade.online.billing.account.update.alcaldiadearaure.gob.ve
127.0.0.1 www.rhnp.org
127.0.0.1 173.214.178.24
127.0.0.1 bit.ly
127.0.0.1 www.axisengneering.com
127.0.0.1 www.positive-eft.com
127.0.0.1 hw0vrcfmu0fpd.com
127.0.0.1 www.art3c.com.tw
127.0.0.1 www.kielkoppfest.harzwinter.net
127.0.0.1 www.battle.net-account.asxp.cn.com
127.0.0.1 mgstrategiesstudio.com
127.0.0.1 www.paypal.com.p2jdb5zb17llxg1i.0243cn71m8gjun1.com
127.0.0.1 paypal.com.update.account.toughbook.cl
127.0.0.1 www.lappen-123.no
127.0.0.1 www.paypal-update.visitasgratis.info
127.0.0.1 stromarket.ru
127.0.0.1 www.ocevap.com
There are 63 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {019E612F-B8F3-415B-8EAD-4AC47C01275C} - System32\Tasks\{E00C48C4-87C3-49CA-B00D-268CB9C644A1} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\Datel\Action Replay Code Manager\ActionReplayCodeManager.exe"
Task: {10332AD8-1A6D-48A3-8E38-E346CACF7EE3} - \7842eb70 No Task File <==== ATTENTION
Task: {11530222-9822-4EAA-BFB9-5925E06C72A3} - \d88be1c No Task File <==== ATTENTION
Task: {1328961F-FE69-4320-8EF1-1269ED486E7E} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-6 => C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-novainstaller.exe <==== ATTENTION
Task: {1A01F8A6-86EA-4569-BA32-608D06521C06} - \ceb89d40 No Task File <==== ATTENTION
Task: {1CC0017D-A4BA-4373-BC62-1C80719E4D4A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {22C6D372-FC50-4519-B5C5-A2B56F42B3C2} - \7a3ef47c No Task File <==== ATTENTION
Task: {2F4D318B-F369-4C98-B304-F5A8E18C93A2} - \ace63bf0 No Task File <==== ATTENTION
Task: {323FDAEF-12A7-4C6E-B6B8-1EFEA42F5001} - \b0e63a68 No Task File <==== ATTENTION
Task: {34C690D4-20C4-4ABC-8BA0-AF2364492543} - \becf0200 No Task File <==== ATTENTION
Task: {42F4DE03-5E7C-445A-9867-C04F63F31EE6} - \ad3af7c8 No Task File <==== ATTENTION
Task: {4913859C-17B0-4960-BE76-779215D91849} - \4c86bc0c No Task File <==== ATTENTION
Task: {4B6023C5-EDD2-4C66-831F-48FFEE52CACE} - \b1538c78 No Task File <==== ATTENTION
Task: {4FACD718-1A45-4290-A96F-0B663F59C4C4} - System32\Tasks\45026eb0 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup4076733968.exe <==== ATTENTION
Task: {53CECBCA-C046-4232-8759-2BAA40B79C4B} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-3 => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-3.exe <==== ATTENTION
Task: {56CDA0D3-78A0-421E-ABB9-418C91501505} - \df070e80 No Task File <==== ATTENTION
Task: {5A46ACF8-4B69-4FE3-8BAE-EE0CC0BCEE56} - \b6f52770 No Task File <==== ATTENTION
Task: {5E6792EE-0A3D-46FB-AE22-EA8F8E5C503D} - \16d25320 No Task File <==== ATTENTION
Task: {6B115181-745C-4D10-A3DB-F3D04CB0490A} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-5 => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-5.exe <==== ATTENTION
Task: {71D6D7F1-71D0-43DB-A988-CF9201EA9BC8} - \575739e8 No Task File <==== ATTENTION
Task: {72CD3727-88FB-405C-94BB-23E4FE3FE617} - \ddd72840 No Task File <==== ATTENTION
Task: {7A4DF1FF-FD15-4061-A24A-F4F6148ADED8} - \a2002928 No Task File <==== ATTENTION
Task: {7AA01F0B-5604-4EF7-B09F-63AEB007B3A2} - \54da9420 No Task File <==== ATTENTION
Task: {7ECFCA4D-5ACA-44D4-9333-0D19E24A5AA5} - System32\Tasks\f5f36f24 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup4059328268.exe <==== ATTENTION
Task: {88BAC989-1324-4B59-9C75-54BE7B9646F6} - \9ea26a9c No Task File <==== ATTENTION
Task: {8A16775E-A772-4A3D-8F7E-45627DF4CB08} - \c039b47c No Task File <==== ATTENTION
Task: {8B268604-D0B2-477C-BE61-BA0AEB68A949} - System32\Tasks\{26F5BD3E-F422-4FAA-9FD1-D56CAAF3AD57} => pcalua.exe -a "C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe"
Task: {8F8B76FF-C32A-489C-8559-E479D0EDAE09} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-2 => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-2.exe <==== ATTENTION
Task: {92DA3894-AF54-4C1A-ABC4-E562DE68330D} - \da240da0 No Task File <==== ATTENTION
Task: {A03FF811-E18E-48D3-8B7E-A45553F7B140} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated)
Task: {A62CF9AE-CEB2-4475-9CDB-4C7A0B76883B} - System32\Tasks\{335CA652-06A0-4C90-B11F-106466CCE734} => pcalua.exe -a "C:\Users\***** *****\Desktop\setup.exe" -d "C:\Users\***** *****\Desktop"
Task: {A8243FDB-E6E0-4DA9-A7D4-F2704FF53571} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-7 => C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-nova.exe <==== ATTENTION
Task: {A82B83D3-41D0-46F1-B5EE-DD6B6C1B6931} - \e8bd60 No Task File <==== ATTENTION
Task: {B2FF72F8-2491-489D-9EB0-C60DEAC65581} - \da4afbb0 No Task File <==== ATTENTION
Task: {BE2E2CB0-4E3D-4BE2-833D-BB08C64D8E6B} - System32\Tasks\e8d3af80 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup3906187136.exe <==== ATTENTION
Task: {BFD675EC-58D8-4F98-993C-9B1D2E1E9FAB} - \6bdc3698 No Task File <==== ATTENTION
Task: {C90047E2-DAF4-4EF1-8628-13D8DBD4DCCA} - System32\Tasks\AviraSpeedup => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [2014-12-11] (Avira Operations GmbH & Co. KG)
Task: {CA5E6FDD-DEE3-472B-A779-DC221523F209} - System32\Tasks\{A36728D1-C91B-49A3-8728-BABA5743CED5} => pcalua.exe -a "D:\Sonstiges\European Code Manager PC software\Setup.exe" -d "D:\Sonstiges\European Code Manager PC software"
Task: {D3F11C58-6191-4441-B9CD-A3DD00302089} - System32\Tasks\{44221F18-D3DE-4777-9286-F3A22E0BBC24} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {D62FF945-FED7-4B79-98E9-7D1E6254F800} - \889d9f2c No Task File <==== ATTENTION
Task: {D942E5D6-9803-4E79-80BD-6A7E5740D353} - \11015950 No Task File <==== ATTENTION
Task: {DB6F1920-AE35-413F-9EB4-EBC2A3D9C97D} - System32\Tasks\f409e070 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup3021004544.exe <==== ATTENTION
Task: {E14534E0-FB7A-41FA-86E1-CA8FD695F3E7} - System32\Tasks\ff3efb40 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup2275163168.exe <==== ATTENTION
Task: {EA27474F-86DD-43D8-A893-780467D1161C} - System32\Tasks\{2BF3C3A4-A032-46D5-8E6C-20C23974797E} => c:\program files\opera\opera.exe [2014-04-27] (Opera Software)
Task: {EDDD8E7E-DF80-4F61-BD60-E82B6AFD3738} - \13d83880 No Task File <==== ATTENTION
Task: {EF8B3455-FBD6-4ACF-A646-6BE89587B4F8} - \517999a8 No Task File <==== ATTENTION
Task: {EF961023-A4AB-4ACC-BC3D-B1DB17149720} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-05-15] (Samsung Electronics Co., Ltd.)
Task: {F41A82C7-C7BF-44D8-A7D7-8345F924F450} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-1 => C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-codedownloader.exe <==== ATTENTION
Task: {F514247D-FC72-4E10-99A0-DBBE91B7BE72} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2008-12-03] ()
Task: {FDCB7367-5FAC-4BB6-98CF-D8136710CCA7} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-4 => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-4.exe <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-1.job => C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-2.job => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-3.job => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-4.job => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-5.job => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-6.job => C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-novainstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-7.job => C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-nova.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2012-08-19 21:09 - 2010-06-17 20:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2009-09-01 05:31 - 2009-09-01 05:31 - 00022723 _____ () C:\Windows\System32\ssp2ml3.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-08 13:30 - 2015-01-12 13:55 - 00091304 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2010-11-21 02:20 - 2009-12-12 15:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2010-11-21 02:01 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\***** *****\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-21 10:23 - 2015-01-21 10:23 - 00043008 _____ () c:\Users\***** *****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxgeqzy.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\***** *****\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\***** *****\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\***** *****\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-08 13:30 - 2015-01-08 21:51 - 51252392 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2015-01-08 13:31 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2015-01-08 13:31 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libegl.dll
2015-01-08 13:31 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2015-01-08 13:31 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll
2015-01-17 12:12 - 2015-01-17 12:13 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-01-15 12:28 - 2015-01-15 12:28 - 16844464 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2508884068-3804397540-1067786986-500 - Administrator - Disabled)
***** ***** (S-1-5-21-2508884068-3804397540-1067786986-1000 - Administrator - Enabled) => C:\Users\***** *****
Gast (S-1-5-21-2508884068-3804397540-1067786986-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2508884068-3804397540-1067786986-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/20/2015 03:49:05 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (01/20/2015 02:24:07 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (01/20/2015 08:51:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecf0
ID des fehlerhaften Prozesses: 0xfbc
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/20/2015 08:51:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x588
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/20/2015 08:18:02 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (01/19/2015 11:33:28 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (01/19/2015 11:25:14 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (01/19/2015 11:24:36 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (01/19/2015 09:32:40 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (01/19/2015 05:45:50 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
System errors:
=============
Error: (01/21/2015 10:23:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
netfilter2
Error: (01/21/2015 10:22:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "OO SSD Migration Kit" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/21/2015 10:22:38 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (01/21/2015 10:22:38 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (01/20/2015 06:24:40 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (01/20/2015 06:07:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht.
Error: (01/20/2015 06:07:39 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (01/20/2015 05:39:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
netfilter2
Error: (01/20/2015 05:39:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "OO SSD Migration Kit" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/20/2015 05:39:35 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-01-20 18:10:24.050
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-14 12:05:07.496
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-13 21:48:54.378
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-13 20:44:39.625
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-13 20:12:56.550
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-13 20:01:59.492
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 17:27:42.457
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-09 10:11:24.501
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-07 13:47:45.441
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 14:23:55.627
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 85%
Total physical RAM: 3036.61 MB
Available physical RAM: 451.7 MB
Total Pagefile: 6069.46 MB
Available Pagefile: 2482.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.15 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:142.09 GB) (Free:46.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:96.38 GB) (Free:10.96 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: 91AC48D6)
Partition 1: (Active) - (Size=142.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=96.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-21 11:13:58
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SanDisk_ rev.X231 238,47GB
Running: Gmer-19357.exe; Driver: C:\Users\DAVIDE~1\AppData\Local\Temp\pxldapod.sys
---- System - GMER 2.1 ----
SSDT 8EBEEAE6 ZwCreateSection
SSDT 8EBEEAF0 ZwRequestWaitReplyPort
SSDT 8EBEEAEB ZwSetContextThread
SSDT 8EBEEAF5 ZwSetSecurityObject
SSDT 8EBEEAFA ZwSystemDebugControl
SSDT 8EBEEA87 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRequestWaitReplyPort + 14B9 83075A15 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 83095662 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 8309CC04 4 Bytes JMP B5DB8EBE
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 8309CFA4 4 Bytes [EB, EA, BE, 8E]
.text ntoskrnl.exe!KeRemoveQueueEx + 18DB 8309D020 4 Bytes JMP A57B8EBE
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 8309D074 4 Bytes [FA, EA, BE, 8E]
.text ntoskrnl.exe!KeRemoveQueueEx + 1937 8309D07C 4 Bytes [87, EA, BE, 8E]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x99810000, 0x2D5378, 0xE8000020]
---- Devices - GMER 2.1 ----
Device \Driver\DFInjDrv \Device\DFInjDrv DFInjDrv32.sys
Device \Driver\BTHUSB \Device\00000078 bthport.sys
Device \Driver\BTHUSB \Device\0000007a bthport.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00265eb087d7
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00265eb087d7@204208300125 0x6C 0x8B 0x35 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00265eb087d7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00265eb087d7@204208300125 0x6C 0x8B 0x35 0x0F ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSMK01.00.00.01PRO 9E60C89BEF73DE1A9B461DAA54F4C473B0E5D69592F026DB212D770A859D141B24C989AEF57D7D71D7BBE9B5D49F83144F3A31C114A5E2F7AC5D9719881869EDCAA3782B5A14FB92F83DDF678842AD86C2B5A95BFB9F657DCDD92F2F2A949699C27E85E4455E861AC810CCEC81C69ED38BF2908E6531DB835FB1AF96AE69BC61DF80636143564C19B28D47AC33ED38FBD11F7BBBCC7DF614DF87514C3DBF7BFC186189DC45CC0214C9A226BD784B5FEE5D7EC3F716FDEB2F72130C82E116FB990AEB33441F62DD84C1CF84698F467B149C65060B867EF6C75E201F9D8A3D66D57481DE3A89901DD6F32CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC79335452DA3813582173E45B3B30BAACFBD408B789F6BBEDA54EEA85030A76E9FDFA070A4167A667BB88E1F56BEBA85A5F4D5D7979975062C52912A8070C528E3B31C32F366B3601AAB459D8A1FD5FD8D58BEF615EA9A37021B5F7190D4071676ED0625F811084000552E1DD6FD2B24C0F9AB826B1E0382BA1D6920E173EA7135B31FBEA4C72D9AE87CCD713C7AC7A4C611D72B2D0439896D682226D8C74CFA368BB6F582884004E91A3583C05259267C3481FA67DAD4FAF6FC326D437A1C6A121705E61088BC49
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@8EF953EE 2024
---- EOF - GMER 2.1 ----
Gruß David P.S.: In den Logs habe ich, falls Vor- und Nachname zusammen vorkamen beides durch '***** *****' ersetzt. |
|
21.01.2015, 12:02
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
21.01.2015, 12:16
| #3 |
| | Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung Hallo und Danke für die schnelle Antwort.
__________________Nein ich habe leider keine anderen Logs, da ich nur Avira drauf habe und damit, nach eurer Anleitung, versucht habe die Logs zu exportieren, was aber irgendwie nicht gemacht wurde. |
|
21.01.2015, 12:36
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung Dann schau doch nach ob Avira was gefunden hat und wenn ja diese Zeilen notieren und hier posten
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.01.2015, 12:45
| #5 |
| | Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung Mein Problem ist das ich zwar bei Avira den Teil finde mit den 'Funden' aber nicht genau weiß was passiert wenn ich auf exportieren drücke oder wie ich das dann hier her bekomme, sodass ich es dir zeigen kann. Ich kann dir hier die einzelnen Funde reinkopieren, weiß aber nicht, ob dass das ist was du brauchst. Code:
ATTFilter In der Datei 'C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\wkscli.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.118120' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Code:
ATTFilter In der Datei 'C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\wkscli.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.118120' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Code:
ATTFilter Die Datei 'C:\Users\David Engel\AppData\Roaming\Security System 2\uninstaller.exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/AgentCV.A.9121' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51986267.qua' verschoben!
Code:
ATTFilter Die Datei 'C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{BE3E4190-72AB-EA8B-E208-F8475DD24312}-7024639.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '492b4dec.qua' verschoben!
Code:
ATTFilter Die Datei 'C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{BE3E4190-72AB-EA8B-E208-F8475DD24312}-7024639.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '492b4dec.qua' verschoben!
Code:
ATTFilter Die Datei 'C:\Users\David Engel\AppData\Roaming\BupSystem\bup.exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/AgentCV.A.3743' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1b2d5ec1.qua' verschoben!
|
|
21.01.2015, 13:02
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung Dann jetzt Avira deinstallieren. Du hast nämlich schon MSE installiert und zwei Virenscanner parallel sollte man niemals fahren. Sag Bescheid wenn runter ist.
__________________ --> Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung |
|
21.01.2015, 13:10
| #7 |
| | Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung Avira ist deinstalliert. |
|
21.01.2015, 13:25
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung Dann jetzt MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.01.2015, 18:16
| #9 |
| | Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung Hab ich gemacht. Beim ersten Scan hat sich der Pc aufgehängt. nach dem Neustart liefen aber sowohl Scan als auch CleanUp problemlos. Hab danach nochmal nen Scan laufen lassen und poste beide Logs 1.: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
Database version:
main: v2015.01.21.07
rootkit: v2015.01.14.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
David Engel :: DAVID [administrator]
21.01.2015 17:27:10
mbar-log-2015-01-21 (17-27-10).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 311736
Time elapsed: 12 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\SOFTWARE\Cerberus (Backdoor.Trace) -> Delete on reboot. [44c7e5152f5a52e430741811e02423dd]
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Users\David Engel\M-1-74-6482-7942-8945 (Trojan.Agent.Gen) -> Delete on reboot. [f8137783ef9aaa8c73095edd659ebc44]
Files Detected: 5
C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw.sys (PUP.Optional.Sanbreel.A) -> Delete on reboot. [06a6ee2ce32f5a6805489ef56f0e96c3]
C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}w.sys (PUP.Optional.Sanbreel.A) -> Delete on reboot. [cc8ff7d676ce6d84af98bd099cabc971]
C:\Windows\System32\drivers\etc\hosts (Hijack.Host) -> Bad: (127.0.0.1 173.214.178.24) Good: () -> Replace on reboot. [ac5f47b3672277bf150f35a418ed768a]
C:\Windows\System32\drivers\etc\hosts (Hijack.Host) -> Bad: (127.0.0.1 192.185.97.25) Good: () -> Replace on reboot. [df2c48b2e6a391a5ea3b4d8c37ce7f81]
C:\Windows\System32\drivers\etc\hosts (Hijack.Host) -> Bad: (127.0.0.1 82.98.147.80) Good: () -> Replace on reboot. [709b46b475143303be68ac2da0659e62]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
Database version:
main: v2015.01.21.07
rootkit: v2015.01.14.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
David Engel :: DAVID [administrator]
21.01.2015 18:03:46
mbar-log-2015-01-21 (18-03-46).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 311778
Time elapsed: 9 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
 |
|
21.01.2015, 19:44
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung Adware/Junkware/Toolbars entfernen (alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.01.2015, 20:23
| #11 |
| | Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung adwcleaner: Code:
ATTFilter # AdwCleaner v4.108 - Bericht erstellt am 21/01/2015 um 19:52:13
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-18.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : David Engel - DAVID
# Gestartet von : C:\Users\David Engel\Desktop\AdwCleaner_4.108.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : netfilter
[#] Dienst Gelöscht : {9d5747ee-0448-4681-8337-1555de75a3b6}Gw
[#] Dienst Gelöscht : {9d5747ee-0448-4681-8337-1555de75a3b6}w
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\globalUpdate
Ordner Gelöscht : C:\Program Files\IminentToolbar
Ordner Gelöscht : C:\Program Files\SupraSavings
Ordner Gelöscht : C:\Program Files\CouponArific
Ordner Gelöscht : C:\Users\David Engel\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\David Engel\AppData\Local\genienext
Ordner Gelöscht : C:\Users\David Engel\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\David Engel\AppData\Local\lollipop
Ordner Gelöscht : C:\Users\David Engel\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\David Engel\AppData\Local\NativeMessaging
Ordner Gelöscht : C:\Users\David Engel\AppData\Local\TBHostSupport
Ordner Gelöscht : C:\Users\David Engel\AppData\Local\Webinternetsecurity
Ordner Gelöscht : C:\Users\David Engel\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\David Engel\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\David Engel\AppData\Roaming\BupSystem
Ordner Gelöscht : C:\Users\David Engel\AppData\Roaming\IminentToolbar
Ordner Gelöscht : C:\Users\David Engel\AppData\Roaming\newnext.me
Ordner Gelöscht : C:\Users\David Engel\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\David Engel\AppData\Roaming\SearchProtect
Ordner Gelöscht : C:\Users\David Engel\AppData\Roaming\Security System 2
Ordner Gelöscht : C:\Users\David Engel\AppData\Roaming\SeeSimilar
Ordner Gelöscht : C:\Users\David Engel\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\David Engel\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\David Engel\Documents\Mobogenie
Datei Gelöscht : C:\Windows\system32\drivers\netfilter.sys
Datei Gelöscht : C:\Users\David Engel\daemonprocess.txt
Datei Gelöscht : C:\Users\David Engel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
Datei Gelöscht : C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\searchplugins\dsrlte.xml
***** [ Tasks ] *****
Task Gelöscht : afdac15d-7bd5-405d-9a08-c67ddb3e609a-1
Task Gelöscht : afdac15d-7bd5-405d-9a08-c67ddb3e609a-2
Task Gelöscht : afdac15d-7bd5-405d-9a08-c67ddb3e609a-3
Task Gelöscht : afdac15d-7bd5-405d-9a08-c67ddb3e609a-4
Task Gelöscht : afdac15d-7bd5-405d-9a08-c67ddb3e609a-5
Task Gelöscht : afdac15d-7bd5-405d-9a08-c67ddb3e609a-6
Task Gelöscht : afdac15d-7bd5-405d-9a08-c67ddb3e609a-7
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [SeeSimilar@SeeSimilar.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [SeeSimilar@SeeSimilar.com]
Schlüssel Gelöscht : HKCU\Software\Classes\Applications\lollipop.exe
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3312329
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{114DB5FA-0AFB-BB92-A75B-F44D3CE875CD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{772CA233-EF58-4C12-BD53-408EFC32E247}
Schlüssel Gelöscht : HKCU\Software\ClickConnect
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\sizlsearch
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Supra Savings
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gelöscht : HKLM\SOFTWARE\Supra Savings
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\couponarific
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ams1.ib.adnxs.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\de.yhs4.search.yahoo.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dsrlte.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fra1.ib.adnxs.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ib.adnxs.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nym1.ib.adnxs.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\rts.dsrlte.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.conduit.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovigo.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.trovigo.com
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v35.0 (x86 de)
[gf77mrzk.default\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "146dd855a775bb5a8ed29b2549d1eba8");
*************************
AdwCleaner[R0].txt - [10610 octets] - [21/01/2015 19:50:19]
AdwCleaner[S0].txt - [10359 octets] - [21/01/2015 19:52:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10420 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x86
Ran by David Engel on 21.01.2015 at 20:00:12,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] netfilter
Successfully deleted: [Service] netfilter
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{0AB4AAFB-F576-4D16-ACC6-571BD39AEEC4}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{1094E40E-BF2A-4BF9-AAE3-F5414638231F}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{140381EA-1C9E-4CBC-89C0-E936BDBEE208}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{14B336DC-7F90-4404-8242-759A8F5AFB2D}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{291DA5B7-92EC-4687-B502-A2C170E151C8}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{38F95AD1-4D77-4B9A-A03F-F9B945EA342A}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{540AD25D-93EF-47D9-A4B8-E38B126E240B}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{591FDDDA-3B4D-40DA-8486-8971532DAAB7}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{63F5C932-CE02-4120-BA0A-D1F7A03E8B63}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{846736A7-F795-4628-9C97-CBFDF4552FFE}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{CA807143-0586-46D7-A783-F6CDB90C32F1}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{CEC67E50-BAF0-48FA-BD86-0323E8D94E4D}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{F8AEFE3A-7B04-4480-B866-0913D126C3C9}
~~~ FireFox
Emptied folder: C:\Users\David Engel\AppData\Roaming\mozilla\firefox\profiles\gf77mrzk.default\minidumps [77 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.01.2015 at 20:16:07,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by David Engel (administrator) on DAVID on 21-01-2015 20:17:38
Running from C:\Users\David Engel\Desktop
Loaded Profiles: David Engel (Available profiles: David Engel)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(T-Systems International GmbH) C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(T-Systems International GmbH) C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Spotify Ltd) C:\Users\David Engel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\David Engel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [T-Home Dialerschutz-Software] => C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe [1411720 2010-03-29] (T-Systems International GmbH)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6814240 2009-02-13] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-02-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [RocketDock] => "C:\Program Files\RocketDock\RocketDock.exe"
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [Spotify Web Helper] => C:\Users\David Engel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-13] (Spotify Ltd)
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\MountPoints2: {7b16325e-30b4-11e1-9eb1-00265eb087d7} - F:\Autorun.exe
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\MountPoints2: {8052ec9d-f8b4-11df-8b29-00265eb087d7} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\MountPoints2: {8d6e4b71-f4d4-11df-9935-806e6f6e6963} - E:\AutoRun.exe
Startup: C:\Users\David Engel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> {241EC647-646E-4DDF-9263-2F5111F019F6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> {34AEBC21-74EA-4AF2-9473-630C7A0F5BB7} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{58A12B80-1895-4C95-9F28-3D8660E0C185}: [NameServer] 223.0.0.0
FireFox:
========
FF ProfilePath: C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL:
FF NetworkProxy: "autoconfig_url", "data:application/x-ns-proxy-autoconfig;base64,ZnVuY3Rpb24gaXNZb3VUdWJlVmlkZW8odXJsKXsgcmV0dXJuIG5ldyBSZWdFeHAoIl4oPzpodHRwfGh0dHBzKTpcXC9cXC8oPzouKikoPzouZ29vZ2xldmlkZW8uY29tfC5jLnlvdXR1YmUuY29tKSg/Oi4qKVxcL3ZpZGVvcGxheWJhY2soPzouKikoPzpnY3I9dXN8XFwvZ2NyXFwvdXNcXC8pKD86LiopJCIsJ2knKS50ZXN0KHVybCk7fWZ1bmN0aW9uIGlzWW91VHViZVZpZGVvUGFnZSh1cmwsIGhvc3QsIHZpZHVybCkgeyByZXR1cm4gaG9zdC5pbmRleE9mKCd5b3V0dWJlLmNvbScpICE9IC0xICYmIHVybC5pbmRleE9mKHZpZHVybCkgIT0gLTE7fWZ1bmN0aW9uIEZpbmRQcm94eUZvclVSTCh1cmwsIGhvc3QpIHtpZihpc1lvdVR1YmVWaWRlbyh1cmwpICB8fCBpc1lvdVR1YmVWaWRlb1BhZ2UodXJsLCBob3N0LCAnaHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj0wQ0t3N2t1SWxWcyZpbmRleD0xNSZsaXN0PVBMN1d6MEdjNER0UHVZa1hrZTlpLVFwY1lWOVowWjdSQmUnKSB8fCBpc1lvdVR1YmVWaWRlb1BhZ2UodXJsLCBob3N0LCAnaHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj13UGJITmtLYnprNCZpbmRleD0xNiZsaXN0PVBMN1d6MEdjNER0UHVZa1hrZTlpLVFwY1lWOVowWjdSQmUnKSB8fCBpc1lvdVR1YmVWaWRlb1BhZ2UodXJsLCBob3N0LCAnaHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj04bF9CN1NMWjZ5MCZpbmRleD0xNyZsaXN0PVBMN1d6MEdjNER0UHVZa1hrZTlpLVFwY1lWOVowWjdSQmUnKSl7IHJldHVybiAnUFJPWFkgMjA5LjIzOS4xMTQuMTAwOjMxMzEnO31lbHNleyByZXR1cm4gJ0RJUkVDVCc7fX0="
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2508884068-3804397540-1067786986-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David Engel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2508884068-3804397540-1067786986-1000: electronicarts.com/GameFacePlugin -> C:\Users\David Engel\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Extension: Avira Browser Safety - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\abs@avira.com [2015-01-20]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-09]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-12-09]
FF Extension: MEGA - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\firefox@mega.co.nz.xpi [2014-12-23]
FF Extension: ProxTube - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\info@convert2mp3.net.xpi [2014-06-22]
FF Extension: NoScript - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-09]
FF Extension: Flash Block - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2014-12-09]
FF Extension: Adblock Plus - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-22]
FF Extension: Adblock Edge - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-12-09]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\David Engel\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-10-10]
CHR HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\David Engel\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-30]
CHR HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\David Engel\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-10-10]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 CouponarificService; C:\Program Files\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv.exe [161280 2014-11-19] () [File not signed]
R2 DFSVC; C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe [288768 2009-10-21] (T-Systems International GmbH) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2011-05-16] (Microsoft Corporation) [File not signed]
R2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [91304 2015-01-12] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 OO SSD Migration Kit; "C:\Program Files\OO Software\SSD Migration Kit\oosmkag.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 DFSYS; C:\Program Files\T-Home\Dialerschutz-Software\DFSYS.SYS [14624 2009-10-15] (T-Systems International GmbH)
S3 dsiarhwprog; C:\Windows\System32\Drivers\dsiarhwprog.sys [29184 2007-02-08] (Thesycon GmbH, Germany)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-08-12] (SAMSUNG ELECTRONICS CO., LTD.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [82648 2015-01-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKslb5c991d7; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{175C28DB-FB44-4E1F-BB75-A33BF1418175}\MpKslb5c991d7.sys [39464 2015-01-21] (Microsoft Corporation)
R3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [238464 2008-11-21] (Vimicro Corporation)
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Migrate OS to SSD 4.0\program\BioNTDrv.SYS [X]
S1 netfilter2; system32\drivers\netfilter2.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-21 20:16 - 2015-01-21 20:16 - 00002620 _____ () C:\Users\David Engel\Desktop\JRT.txt
2015-01-21 20:00 - 2015-01-21 20:00 - 00000000 ____D () C:\Windows\ERUNT
2015-01-21 19:59 - 2015-01-21 19:59 - 01707939 _____ (Thisisu) C:\Users\David Engel\Desktop\JRT.exe
2015-01-21 19:54 - 2015-01-21 19:54 - 00000000 ____D () C:\Program Files\Couponarific
2015-01-21 19:50 - 2015-01-21 19:52 - 00000000 ____D () C:\AdwCleaner
2015-01-21 19:49 - 2015-01-21 19:49 - 02186752 _____ () C:\Users\David Engel\Desktop\AdwCleaner_4.108.exe
2015-01-21 16:53 - 2015-01-21 18:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-21 16:53 - 2015-01-21 18:03 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 16:53 - 2015-01-21 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-21 16:52 - 2015-01-21 16:52 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-21 16:51 - 2015-01-21 18:13 - 00000000 ____D () C:\Users\David Engel\Desktop\mbar
2015-01-21 16:47 - 2015-01-21 19:53 - 00001316 _____ () C:\Windows\PFRO.log
2015-01-21 13:29 - 2015-01-21 13:29 - 16466552 _____ (Malwarebytes Corp.) C:\Users\David Engel\Desktop\mbar-1.08.3.1004.exe
2015-01-21 12:00 - 2015-01-21 12:00 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-01-21 11:13 - 2015-01-21 11:13 - 00004734 _____ () C:\Users\David Engel\Desktop\Gmer.log
2015-01-21 11:00 - 2015-01-21 11:00 - 00380416 _____ () C:\Users\David Engel\Desktop\Gmer-19357.exe
2015-01-21 10:54 - 2015-01-21 11:23 - 00049935 _____ () C:\Users\David Engel\Desktop\Addition.txt
2015-01-21 10:52 - 2015-01-21 20:17 - 00015423 _____ () C:\Users\David Engel\Desktop\FRST.txt
2015-01-21 10:52 - 2015-01-21 20:17 - 00000000 ____D () C:\FRST
2015-01-21 10:51 - 2015-01-21 10:51 - 01118208 _____ (Farbar) C:\Users\David Engel\Desktop\FRST.exe
2015-01-21 10:49 - 2015-01-21 11:21 - 00000486 _____ () C:\Users\David Engel\Desktop\defogger_disable.log
2015-01-21 10:49 - 2015-01-21 10:49 - 00000000 _____ () C:\Users\David Engel\defogger_reenable
2015-01-21 10:47 - 2015-01-21 10:47 - 00050477 _____ () C:\Users\David Engel\Desktop\Defogger.exe
2015-01-21 10:22 - 2015-01-21 19:53 - 00000392 _____ () C:\Windows\setupact.log
2015-01-21 10:22 - 2015-01-21 10:22 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-20 17:30 - 2015-01-21 16:47 - 00000000 ____D () C:\Program Files\Avira
2015-01-17 12:12 - 2015-01-17 12:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 12:05 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:05 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:05 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 12:05 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:05 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:05 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 10:41 - 2015-01-21 20:01 - 00000112 _____ () C:\ProgramData\Y4Ki2D2g0.dat
2015-01-11 17:59 - 2015-01-11 17:59 - 00000641 _____ () C:\Users\David Engel\Desktop\Bilder.lnk
2015-01-10 20:21 - 2015-01-10 20:21 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-10 20:21 - 2015-01-10 20:21 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-08 13:32 - 2015-01-21 13:08 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-08 13:30 - 2015-01-21 19:59 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-08 13:30 - 2015-01-21 19:59 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2014-12-25 15:49 - 2014-12-25 15:49 - 00000000 ____D () C:\Users\David Engel\AppData\Roaming\EurekaLab s.a.s
2014-12-23 21:17 - 2014-12-23 21:17 - 00000320 _____ () C:\Users\David Engel\Desktop\Magic The Gathering Online .appref-ms
2014-12-23 21:17 - 2014-12-23 21:17 - 00000000 ____D () C:\Users\David Engel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast
2014-12-23 21:17 - 2014-12-23 21:17 - 00000000 ____D () C:\Users\David Engel\AppData\Local\Wizards of the Coast
2014-12-23 21:17 - 2014-12-23 21:17 - 00000000 ____D () C:\ProgramData\Gibraltar
2014-12-23 21:14 - 2014-12-30 22:43 - 00000000 ____D () C:\Users\David Engel\AppData\Local\Deployment
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-21 20:02 - 2009-07-14 05:34 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 20:02 - 2009-07-14 05:34 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 20:00 - 2012-07-07 22:42 - 00000000 ____D () C:\Users\David Engel\AppData\Roaming\Dropbox
2015-01-21 19:58 - 2010-11-20 19:55 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 19:58 - 2010-11-20 19:36 - 01906315 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 19:53 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 19:52 - 2010-11-20 19:58 - 00000000 ____D () C:\Users\David Engel
2015-01-21 19:49 - 2011-01-01 20:36 - 00000000 ____D () C:\Users\David Engel\AppData\Roaming\vlc
2015-01-21 19:28 - 2013-11-04 19:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 17:47 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\addins
2015-01-21 12:33 - 2012-08-02 11:31 - 00000000 ____D () C:\Users\David Engel\AppData\Roaming\Spotify
2015-01-21 10:22 - 2009-07-14 05:33 - 00496744 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-20 17:52 - 2010-11-20 20:57 - 00155032 _____ () C:\Users\David Engel\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-20 17:10 - 2010-11-21 20:48 - 00000000 ____D () C:\Users\David Engel\AppData\Roaming\WD
2015-01-20 17:10 - 2010-11-21 20:48 - 00000000 ____D () C:\Program Files\Common Files\Memeo
2015-01-19 22:16 - 2011-07-31 12:54 - 00000000 ____D () C:\Users\David Engel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-19 19:25 - 2012-08-02 11:31 - 00000000 ____D () C:\Users\David Engel\AppData\Local\Spotify
2015-01-17 16:27 - 2014-06-22 13:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-15 14:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-15 12:28 - 2012-03-30 13:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-15 12:28 - 2011-05-20 05:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-14 13:14 - 2013-08-15 15:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 13:10 - 2010-11-20 21:57 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 18:25 - 2010-12-11 19:19 - 00000000 ____D () C:\Program Files\Magic Workstation
2015-01-12 18:24 - 2010-11-20 21:27 - 00000000 ____D () C:\Program Files\CyberLink
2015-01-12 18:24 - 2010-11-20 20:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-12 18:18 - 2010-11-20 21:26 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-12 18:10 - 2010-12-03 22:03 - 00000000 ____D () C:\Users\David Engel\AppData\Roaming\CyberLink
2015-01-11 18:21 - 2010-12-28 14:37 - 00000000 ____D () C:\Users\David Engel\AppData\Local\Google
2015-01-11 18:21 - 2010-12-28 14:37 - 00000000 ____D () C:\Program Files\Google
2015-01-09 10:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-31 12:13 - 2010-11-20 20:24 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-25 14:42 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-23 21:14 - 2011-01-27 20:43 - 00000000 ____D () C:\Users\David Engel\AppData\Local\Apps\2.0
==================== Files in the root of some directories =======
2011-08-31 16:21 - 2011-09-04 19:09 - 0000000 ____H () C:\Users\David Engel\AppData\Roaming\windrvconfig.txt
2011-11-19 20:02 - 2011-11-26 16:50 - 0010240 _____ () C:\Users\David Engel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-21 14:01 - 2014-05-21 14:01 - 0301496 _____ (VuuPC Limited) C:\Users\David Engel\AppData\Local\nsr324A.tmp
2011-07-21 23:24 - 2011-07-21 23:24 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-08-26 21:06 - 2011-08-27 13:32 - 0007246 _____ () C:\ProgramData\hpzinstall.log
2015-01-13 10:41 - 2015-01-21 20:01 - 0000112 _____ () C:\ProgramData\Y4Ki2D2g0.dat
Files to move or delete:
====================
C:\ProgramData\Y4Ki2D2g0.dat
C:\Users\David Engel\MTGOinstall.exe
Some content of TEMP:
====================
C:\Users\David Engel\AppData\Local\Temp\avgnt.exe
C:\Users\David Engel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyotk9h.dll
C:\Users\David Engel\AppData\Local\Temp\ose00000.exe
C:\Users\David Engel\AppData\Local\Temp\Quarantine.exe
C:\Users\David Engel\AppData\Local\Temp\sqlite3.dll
C:\Users\David Engel\AppData\Local\Temp\_isC6DA.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-16 21:02
==================== End Of Log ============================
|
|
21.01.2015, 20:25
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken. 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.01.2015, 20:30
| #13 |
| | Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung hier noch die addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by David Engel at 2015-01-21 20:28:33
Running from C:\Users\David Engel\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.3 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
Free Video to iPhone Converter version 3.2.12 (HKLM\...\Free Video to iPhone Converter_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube Download version 3.1.37.918 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Magic The Gathering Online (HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\35c9d60442fbb010) (Version: 3.4.83.467 - Wizards of the Coast)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Namuga 1.3M Webcam (HKLM\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5791 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.8 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}) (Version: 2.0 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., LTD) Hidden
Spotify (HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
T-Home Dialerschutz-Software (HKLM\...\{E8C5BD56-F5D8-41D3-8A71-273468FE256A}) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD Discovery Software (HKLM\...\{324F388E-4F28-42D6-ADD1-9AB27D249523}) (Version: 1.70 - Western Digital)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\David Engel\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{CBD32ACD-3033-5DC4-AF3E-A32955785032}\InprocServer32 -> C:\Users\David Engel\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
18-01-2015 13:12:32 Windows Update
20-01-2015 17:43:26 Avira System Speedup 1.5
21-01-2015 17:45:37 Malwarebytes Anti-Rootkit Restore Point
21-01-2015 18:22:54 Windows Update
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {019E612F-B8F3-415B-8EAD-4AC47C01275C} - System32\Tasks\{E00C48C4-87C3-49CA-B00D-268CB9C644A1} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\Datel\Action Replay Code Manager\ActionReplayCodeManager.exe"
Task: {10332AD8-1A6D-48A3-8E38-E346CACF7EE3} - \7842eb70 No Task File <==== ATTENTION
Task: {11530222-9822-4EAA-BFB9-5925E06C72A3} - \d88be1c No Task File <==== ATTENTION
Task: {1A01F8A6-86EA-4569-BA32-608D06521C06} - \ceb89d40 No Task File <==== ATTENTION
Task: {1CC0017D-A4BA-4373-BC62-1C80719E4D4A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {22C6D372-FC50-4519-B5C5-A2B56F42B3C2} - \7a3ef47c No Task File <==== ATTENTION
Task: {2F4D318B-F369-4C98-B304-F5A8E18C93A2} - \ace63bf0 No Task File <==== ATTENTION
Task: {323FDAEF-12A7-4C6E-B6B8-1EFEA42F5001} - \b0e63a68 No Task File <==== ATTENTION
Task: {34C690D4-20C4-4ABC-8BA0-AF2364492543} - \becf0200 No Task File <==== ATTENTION
Task: {42F4DE03-5E7C-445A-9867-C04F63F31EE6} - \ad3af7c8 No Task File <==== ATTENTION
Task: {4913859C-17B0-4960-BE76-779215D91849} - \4c86bc0c No Task File <==== ATTENTION
Task: {4B6023C5-EDD2-4C66-831F-48FFEE52CACE} - \b1538c78 No Task File <==== ATTENTION
Task: {4FACD718-1A45-4290-A96F-0B663F59C4C4} - System32\Tasks\45026eb0 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup4076733968.exe <==== ATTENTION
Task: {56CDA0D3-78A0-421E-ABB9-418C91501505} - \df070e80 No Task File <==== ATTENTION
Task: {5A46ACF8-4B69-4FE3-8BAE-EE0CC0BCEE56} - \b6f52770 No Task File <==== ATTENTION
Task: {5E6792EE-0A3D-46FB-AE22-EA8F8E5C503D} - \16d25320 No Task File <==== ATTENTION
Task: {71D6D7F1-71D0-43DB-A988-CF9201EA9BC8} - \575739e8 No Task File <==== ATTENTION
Task: {72CD3727-88FB-405C-94BB-23E4FE3FE617} - \ddd72840 No Task File <==== ATTENTION
Task: {7A4DF1FF-FD15-4061-A24A-F4F6148ADED8} - \a2002928 No Task File <==== ATTENTION
Task: {7AA01F0B-5604-4EF7-B09F-63AEB007B3A2} - \54da9420 No Task File <==== ATTENTION
Task: {7ECFCA4D-5ACA-44D4-9333-0D19E24A5AA5} - System32\Tasks\f5f36f24 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup4059328268.exe <==== ATTENTION
Task: {88BAC989-1324-4B59-9C75-54BE7B9646F6} - \9ea26a9c No Task File <==== ATTENTION
Task: {8A16775E-A772-4A3D-8F7E-45627DF4CB08} - \c039b47c No Task File <==== ATTENTION
Task: {8B268604-D0B2-477C-BE61-BA0AEB68A949} - System32\Tasks\{26F5BD3E-F422-4FAA-9FD1-D56CAAF3AD57} => pcalua.exe -a "C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe"
Task: {92DA3894-AF54-4C1A-ABC4-E562DE68330D} - \da240da0 No Task File <==== ATTENTION
Task: {A03FF811-E18E-48D3-8B7E-A45553F7B140} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated)
Task: {A62CF9AE-CEB2-4475-9CDB-4C7A0B76883B} - System32\Tasks\{335CA652-06A0-4C90-B11F-106466CCE734} => pcalua.exe -a "C:\Users\David Engel\Desktop\setup.exe" -d "C:\Users\David Engel\Desktop"
Task: {A82B83D3-41D0-46F1-B5EE-DD6B6C1B6931} - \e8bd60 No Task File <==== ATTENTION
Task: {B2FF72F8-2491-489D-9EB0-C60DEAC65581} - \da4afbb0 No Task File <==== ATTENTION
Task: {BE2E2CB0-4E3D-4BE2-833D-BB08C64D8E6B} - System32\Tasks\e8d3af80 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup3906187136.exe <==== ATTENTION
Task: {BFD675EC-58D8-4F98-993C-9B1D2E1E9FAB} - \6bdc3698 No Task File <==== ATTENTION
Task: {CA5E6FDD-DEE3-472B-A779-DC221523F209} - System32\Tasks\{A36728D1-C91B-49A3-8728-BABA5743CED5} => pcalua.exe -a "D:\Sonstiges\European Code Manager PC software\Setup.exe" -d "D:\Sonstiges\European Code Manager PC software"
Task: {D3F11C58-6191-4441-B9CD-A3DD00302089} - System32\Tasks\{44221F18-D3DE-4777-9286-F3A22E0BBC24} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {D62FF945-FED7-4B79-98E9-7D1E6254F800} - \889d9f2c No Task File <==== ATTENTION
Task: {D942E5D6-9803-4E79-80BD-6A7E5740D353} - \11015950 No Task File <==== ATTENTION
Task: {DB6F1920-AE35-413F-9EB4-EBC2A3D9C97D} - System32\Tasks\f409e070 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup3021004544.exe <==== ATTENTION
Task: {E14534E0-FB7A-41FA-86E1-CA8FD695F3E7} - System32\Tasks\ff3efb40 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup2275163168.exe <==== ATTENTION
Task: {EA27474F-86DD-43D8-A893-780467D1161C} - System32\Tasks\{2BF3C3A4-A032-46D5-8E6C-20C23974797E} => c:\program files\opera\opera.exe [2014-04-27] (Opera Software)
Task: {EDDD8E7E-DF80-4F61-BD60-E82B6AFD3738} - \13d83880 No Task File <==== ATTENTION
Task: {EF8B3455-FBD6-4ACF-A646-6BE89587B4F8} - \517999a8 No Task File <==== ATTENTION
Task: {EF961023-A4AB-4ACC-BC3D-B1DB17149720} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-05-15] (Samsung Electronics Co., Ltd.)
Task: {F514247D-FC72-4E10-99A0-DBBE91B7BE72} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2008-12-03] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2012-08-19 21:09 - 2010-06-17 20:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2009-09-01 05:31 - 2009-09-01 05:31 - 00022723 _____ () C:\Windows\System32\ssp2ml3.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-08 13:30 - 2015-01-12 13:55 - 00091304 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2010-11-21 02:01 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\David Engel\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-21 19:54 - 2015-01-21 19:54 - 00043008 _____ () c:\Users\David Engel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyotk9h.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\David Engel\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\David Engel\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\David Engel\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-08 13:30 - 2015-01-08 21:51 - 51252392 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2015-01-08 13:31 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2015-01-08 13:31 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libegl.dll
2015-01-08 13:31 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2015-01-08 13:31 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll
2010-11-21 02:20 - 2009-12-12 15:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2015-01-17 12:12 - 2015-01-17 12:13 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2508884068-3804397540-1067786986-500 - Administrator - Disabled)
David Engel (S-1-5-21-2508884068-3804397540-1067786986-1000 - Administrator - Enabled) => C:\Users\David Engel
Gast (S-1-5-21-2508884068-3804397540-1067786986-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2508884068-3804397540-1067786986-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-01-21 17:32:07.272
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-20 18:10:24.050
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-14 12:05:07.496
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-13 21:48:54.378
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-13 20:44:39.625
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-13 20:12:56.550
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-13 20:01:59.492
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 17:27:42.457
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-09 10:11:24.501
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-07 13:47:45.441
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 71%
Total physical RAM: 3036.61 MB
Available physical RAM: 869.51 MB
Total Pagefile: 6069.46 MB
Available Pagefile: 3515.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.51 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:142.09 GB) (Free:47.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:96.38 GB) (Free:10.76 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: 91AC48D6)
Partition 1: (Active) - (Size=142.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=96.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
21.01.2015, 20:41
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {10332AD8-1A6D-48A3-8E38-E346CACF7EE3} - \7842eb70 No Task File <==== ATTENTION
Task: {11530222-9822-4EAA-BFB9-5925E06C72A3} - \d88be1c No Task File <==== ATTENTION
Task: {1A01F8A6-86EA-4569-BA32-608D06521C06} - \ceb89d40 No Task File <==== ATTENTION
Task: {22C6D372-FC50-4519-B5C5-A2B56F42B3C2} - \7a3ef47c No Task File <==== ATTENTION
Task: {2F4D318B-F369-4C98-B304-F5A8E18C93A2} - \ace63bf0 No Task File <==== ATTENTION
Task: {323FDAEF-12A7-4C6E-B6B8-1EFEA42F5001} - \b0e63a68 No Task File <==== ATTENTION
Task: {34C690D4-20C4-4ABC-8BA0-AF2364492543} - \becf0200 No Task File <==== ATTENTION
Task: {42F4DE03-5E7C-445A-9867-C04F63F31EE6} - \ad3af7c8 No Task File <==== ATTENTION
Task: {4913859C-17B0-4960-BE76-779215D91849} - \4c86bc0c No Task File <==== ATTENTION
Task: {4B6023C5-EDD2-4C66-831F-48FFEE52CACE} - \b1538c78 No Task File <==== ATTENTION
Task: {4FACD718-1A45-4290-A96F-0B663F59C4C4} - System32\Tasks\45026eb0 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup4076733968.exe <==== ATTENTION
Task: {56CDA0D3-78A0-421E-ABB9-418C91501505} - \df070e80 No Task File <==== ATTENTION
Task: {5A46ACF8-4B69-4FE3-8BAE-EE0CC0BCEE56} - \b6f52770 No Task File <==== ATTENTION
Task: {5E6792EE-0A3D-46FB-AE22-EA8F8E5C503D} - \16d25320 No Task File <==== ATTENTION
Task: {71D6D7F1-71D0-43DB-A988-CF9201EA9BC8} - \575739e8 No Task File <==== ATTENTION
Task: {72CD3727-88FB-405C-94BB-23E4FE3FE617} - \ddd72840 No Task File <==== ATTENTION
Task: {7A4DF1FF-FD15-4061-A24A-F4F6148ADED8} - \a2002928 No Task File <==== ATTENTION
Task: {7AA01F0B-5604-4EF7-B09F-63AEB007B3A2} - \54da9420 No Task File <==== ATTENTION
Task: {7ECFCA4D-5ACA-44D4-9333-0D19E24A5AA5} - System32\Tasks\f5f36f24 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup4059328268.exe <==== ATTENTION
Task: {88BAC989-1324-4B59-9C75-54BE7B9646F6} - \9ea26a9c No Task File <==== ATTENTION
Task: {8A16775E-A772-4A3D-8F7E-45627DF4CB08} - \c039b47c No Task File <==== ATTENTION
Task: {92DA3894-AF54-4C1A-ABC4-E562DE68330D} - \da240da0 No Task File <==== ATTENTION
Task: {A62CF9AE-CEB2-4475-9CDB-4C7A0B76883B} - System32\Tasks\{335CA652-06A0-4C90-B11F-106466CCE734} => pcalua.exe -a "C:\Users\David Engel\Desktop\setup.exe" -d "C:\Users\David Engel\Desktop"
Task: {A82B83D3-41D0-46F1-B5EE-DD6B6C1B6931} - \e8bd60 No Task File <==== ATTENTION
Task: {B2FF72F8-2491-489D-9EB0-C60DEAC65581} - \da4afbb0 No Task File <==== ATTENTION
Task: {BE2E2CB0-4E3D-4BE2-833D-BB08C64D8E6B} - System32\Tasks\e8d3af80 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup3906187136.exe <==== ATTENTION
Task: {BFD675EC-58D8-4F98-993C-9B1D2E1E9FAB} - \6bdc3698 No Task File <==== ATTENTION
Task: {D62FF945-FED7-4B79-98E9-7D1E6254F800} - \889d9f2c No Task File <==== ATTENTION
Task: {D942E5D6-9803-4E79-80BD-6A7E5740D353} - \11015950 No Task File <==== ATTENTION
Task: {DB6F1920-AE35-413F-9EB4-EBC2A3D9C97D} - System32\Tasks\f409e070 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup3021004544.exe <==== ATTENTION
Task: {E14534E0-FB7A-41FA-86E1-CA8FD695F3E7} - System32\Tasks\ff3efb40 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup2275163168.exe <==== ATTENTION
Task: {EDDD8E7E-DF80-4F61-BD60-E82B6AFD3738} - \13d83880 No Task File <==== ATTENTION
Task: {EF8B3455-FBD6-4ACF-A646-6BE89587B4F8} - \517999a8 No Task File <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: Avira Browser Safety - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\abs@avira.com [2015-01-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\David Engel\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-10-10]
CHR HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\David Engel\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-30]
CHR HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\David Engel\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-10-10]
C:\Users\David Engel\AppData\Local\nsr324A.tmp
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
C:\Users\Default\AppData\Roaming\Compatibility Verifier
C:\ProgramData\Y4Ki2D2g0.dat
C:\Users\David Engel\MTGOinstall.exe
C:\Users\David Engel\AppData\Local\Temp\avgnt.exe
C:\Users\David Engel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyotk9h.dll
C:\Users\David Engel\AppData\Local\Temp\ose00000.exe
C:\Users\David Engel\AppData\Local\Temp\Quarantine.exe
C:\Users\David Engel\AppData\Local\Temp\sqlite3.dll
C:\Users\David Engel\AppData\Local\Temp\_isC6DA.exe
EmptyTemp:
Hosts:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.01.2015, 20:58
| #15 |
| | Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung FRST ist beim Fixing leider hängen geblieben und hat nicht mehr reagiert. als ich den Prozess beendet hatte und FRST neu gestartet hab sagte es mir direkt der Fixlog sei fertig. Ich poste ihn mal: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2015
Ran by David Engel at 2015-01-21 20:44:52 Run:1
Running from C:\Users\David Engel\Desktop
Loaded Profiles: David Engel (Available profiles: David Engel)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {10332AD8-1A6D-48A3-8E38-E346CACF7EE3} - \7842eb70 No Task File <==== ATTENTION
Task: {11530222-9822-4EAA-BFB9-5925E06C72A3} - \d88be1c No Task File <==== ATTENTION
Task: {1A01F8A6-86EA-4569-BA32-608D06521C06} - \ceb89d40 No Task File <==== ATTENTION
Task: {22C6D372-FC50-4519-B5C5-A2B56F42B3C2} - \7a3ef47c No Task File <==== ATTENTION
Task: {2F4D318B-F369-4C98-B304-F5A8E18C93A2} - \ace63bf0 No Task File <==== ATTENTION
Task: {323FDAEF-12A7-4C6E-B6B8-1EFEA42F5001} - \b0e63a68 No Task File <==== ATTENTION
Task: {34C690D4-20C4-4ABC-8BA0-AF2364492543} - \becf0200 No Task File <==== ATTENTION
Task: {42F4DE03-5E7C-445A-9867-C04F63F31EE6} - \ad3af7c8 No Task File <==== ATTENTION
Task: {4913859C-17B0-4960-BE76-779215D91849} - \4c86bc0c No Task File <==== ATTENTION
Task: {4B6023C5-EDD2-4C66-831F-48FFEE52CACE} - \b1538c78 No Task File <==== ATTENTION
Task: {4FACD718-1A45-4290-A96F-0B663F59C4C4} - System32\Tasks\45026eb0 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup4076733968.exe <==== ATTENTION
Task: {56CDA0D3-78A0-421E-ABB9-418C91501505} - \df070e80 No Task File <==== ATTENTION
Task: {5A46ACF8-4B69-4FE3-8BAE-EE0CC0BCEE56} - \b6f52770 No Task File <==== ATTENTION
Task: {5E6792EE-0A3D-46FB-AE22-EA8F8E5C503D} - \16d25320 No Task File <==== ATTENTION
Task: {71D6D7F1-71D0-43DB-A988-CF9201EA9BC8} - \575739e8 No Task File <==== ATTENTION
Task: {72CD3727-88FB-405C-94BB-23E4FE3FE617} - \ddd72840 No Task File <==== ATTENTION
Task: {7A4DF1FF-FD15-4061-A24A-F4F6148ADED8} - \a2002928 No Task File <==== ATTENTION
Task: {7AA01F0B-5604-4EF7-B09F-63AEB007B3A2} - \54da9420 No Task File <==== ATTENTION
Task: {7ECFCA4D-5ACA-44D4-9333-0D19E24A5AA5} - System32\Tasks\f5f36f24 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup4059328268.exe <==== ATTENTION
Task: {88BAC989-1324-4B59-9C75-54BE7B9646F6} - \9ea26a9c No Task File <==== ATTENTION
Task: {8A16775E-A772-4A3D-8F7E-45627DF4CB08} - \c039b47c No Task File <==== ATTENTION
Task: {92DA3894-AF54-4C1A-ABC4-E562DE68330D} - \da240da0 No Task File <==== ATTENTION
Task: {A62CF9AE-CEB2-4475-9CDB-4C7A0B76883B} - System32\Tasks\{335CA652-06A0-4C90-B11F-106466CCE734} => pcalua.exe -a "C:\Users\David Engel\Desktop\setup.exe" -d "C:\Users\David Engel\Desktop"
Task: {A82B83D3-41D0-46F1-B5EE-DD6B6C1B6931} - \e8bd60 No Task File <==== ATTENTION
Task: {B2FF72F8-2491-489D-9EB0-C60DEAC65581} - \da4afbb0 No Task File <==== ATTENTION
Task: {BE2E2CB0-4E3D-4BE2-833D-BB08C64D8E6B} - System32\Tasks\e8d3af80 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup3906187136.exe <==== ATTENTION
Task: {BFD675EC-58D8-4F98-993C-9B1D2E1E9FAB} - \6bdc3698 No Task File <==== ATTENTION
Task: {D62FF945-FED7-4B79-98E9-7D1E6254F800} - \889d9f2c No Task File <==== ATTENTION
Task: {D942E5D6-9803-4E79-80BD-6A7E5740D353} - \11015950 No Task File <==== ATTENTION
Task: {DB6F1920-AE35-413F-9EB4-EBC2A3D9C97D} - System32\Tasks\f409e070 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup3021004544.exe <==== ATTENTION
Task: {E14534E0-FB7A-41FA-86E1-CA8FD695F3E7} - System32\Tasks\ff3efb40 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup2275163168.exe <==== ATTENTION
Task: {EDDD8E7E-DF80-4F61-BD60-E82B6AFD3738} - \13d83880 No Task File <==== ATTENTION
Task: {EF8B3455-FBD6-4ACF-A646-6BE89587B4F8} - \517999a8 No Task File <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: Avira Browser Safety - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\abs@avira.com [2015-01-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\David Engel\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-10-10]
CHR HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\David Engel\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-30]
CHR HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\David Engel\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-10-10]
C:\Users\David Engel\AppData\Local\nsr324A.tmp
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
C:\Users\Default\AppData\Roaming\Compatibility Verifier
C:\ProgramData\Y4Ki2D2g0.dat
C:\Users\David Engel\MTGOinstall.exe
C:\Users\David Engel\AppData\Local\Temp\avgnt.exe
C:\Users\David Engel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyotk9h.dll
C:\Users\David Engel\AppData\Local\Temp\ose00000.exe
C:\Users\David Engel\AppData\Local\Temp\Quarantine.exe
C:\Users\David Engel\AppData\Local\Temp\sqlite3.dll
C:\Users\David Engel\AppData\Local\Temp\_isC6DA.exe
EmptyTemp:
Hosts:
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10332AD8-1A6D-48A3-8E38-E346CACF7EE3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10332AD8-1A6D-48A3-8E38-E346CACF7EE3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7842eb70" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11530222-9822-4EAA-BFB9-5925E06C72A3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11530222-9822-4EAA-BFB9-5925E06C72A3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d88be1c" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A01F8A6-86EA-4569-BA32-608D06521C06}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A01F8A6-86EA-4569-BA32-608D06521C06}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ceb89d40" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22C6D372-FC50-4519-B5C5-A2B56F42B3C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22C6D372-FC50-4519-B5C5-A2B56F42B3C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7a3ef47c" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F4D318B-F369-4C98-B304-F5A8E18C93A2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F4D318B-F369-4C98-B304-F5A8E18C93A2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ace63bf0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{323FDAEF-12A7-4C6E-B6B8-1EFEA42F5001}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{323FDAEF-12A7-4C6E-B6B8-1EFEA42F5001}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b0e63a68" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34C690D4-20C4-4ABC-8BA0-AF2364492543}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34C690D4-20C4-4ABC-8BA0-AF2364492543}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\becf0200" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42F4DE03-5E7C-445A-9867-C04F63F31EE6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42F4DE03-5E7C-445A-9867-C04F63F31EE6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ad3af7c8" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4913859C-17B0-4960-BE76-779215D91849}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4913859C-17B0-4960-BE76-779215D91849}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4c86bc0c" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B6023C5-EDD2-4C66-831F-48FFEE52CACE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B6023C5-EDD2-4C66-831F-48FFEE52CACE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b1538c78" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FACD718-1A45-4290-A96F-0B663F59C4C4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FACD718-1A45-4290-A96F-0B663F59C4C4}" => Key deleted successfully.
C:\Windows\System32\Tasks\45026eb0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\45026eb0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56CDA0D3-78A0-421E-ABB9-418C91501505}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56CDA0D3-78A0-421E-ABB9-418C91501505}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\df070e80" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A46ACF8-4B69-4FE3-8BAE-EE0CC0BCEE56}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A46ACF8-4B69-4FE3-8BAE-EE0CC0BCEE56}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b6f52770" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E6792EE-0A3D-46FB-AE22-EA8F8E5C503D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E6792EE-0A3D-46FB-AE22-EA8F8E5C503D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\16d25320" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71D6D7F1-71D0-43DB-A988-CF9201EA9BC8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71D6D7F1-71D0-43DB-A988-CF9201EA9BC8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\575739e8" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72CD3727-88FB-405C-94BB-23E4FE3FE617}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72CD3727-88FB-405C-94BB-23E4FE3FE617}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ddd72840" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A4DF1FF-FD15-4061-A24A-F4F6148ADED8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A4DF1FF-FD15-4061-A24A-F4F6148ADED8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a2002928" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AA01F0B-5604-4EF7-B09F-63AEB007B3A2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AA01F0B-5604-4EF7-B09F-63AEB007B3A2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\54da9420" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7ECFCA4D-5ACA-44D4-9333-0D19E24A5AA5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ECFCA4D-5ACA-44D4-9333-0D19E24A5AA5}" => Key deleted successfully.
C:\Windows\System32\Tasks\f5f36f24 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f5f36f24" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88BAC989-1324-4B59-9C75-54BE7B9646F6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88BAC989-1324-4B59-9C75-54BE7B9646F6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9ea26a9c" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A16775E-A772-4A3D-8F7E-45627DF4CB08}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A16775E-A772-4A3D-8F7E-45627DF4CB08}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c039b47c" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92DA3894-AF54-4C1A-ABC4-E562DE68330D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92DA3894-AF54-4C1A-ABC4-E562DE68330D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\da240da0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A62CF9AE-CEB2-4475-9CDB-4C7A0B76883B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A62CF9AE-CEB2-4475-9CDB-4C7A0B76883B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{335CA652-06A0-4C90-B11F-106466CCE734} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{335CA652-06A0-4C90-B11F-106466CCE734}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A82B83D3-41D0-46F1-B5EE-DD6B6C1B6931}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A82B83D3-41D0-46F1-B5EE-DD6B6C1B6931}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e8bd60" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2FF72F8-2491-489D-9EB0-C60DEAC65581}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2FF72F8-2491-489D-9EB0-C60DEAC65581}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\da4afbb0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE2E2CB0-4E3D-4BE2-833D-BB08C64D8E6B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE2E2CB0-4E3D-4BE2-833D-BB08C64D8E6B}" => Key deleted successfully.
C:\Windows\System32\Tasks\e8d3af80 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e8d3af80" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFD675EC-58D8-4F98-993C-9B1D2E1E9FAB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFD675EC-58D8-4F98-993C-9B1D2E1E9FAB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6bdc3698" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D62FF945-FED7-4B79-98E9-7D1E6254F800}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D62FF945-FED7-4B79-98E9-7D1E6254F800}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\889d9f2c" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D942E5D6-9803-4E79-80BD-6A7E5740D353}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D942E5D6-9803-4E79-80BD-6A7E5740D353}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\11015950" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB6F1920-AE35-413F-9EB4-EBC2A3D9C97D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB6F1920-AE35-413F-9EB4-EBC2A3D9C97D}" => Key deleted successfully.
C:\Windows\System32\Tasks\f409e070 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f409e070" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E14534E0-FB7A-41FA-86E1-CA8FD695F3E7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E14534E0-FB7A-41FA-86E1-CA8FD695F3E7}" => Key deleted successfully.
C:\Windows\System32\Tasks\ff3efb40 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ff3efb40" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDDD8E7E-DF80-4F61-BD60-E82B6AFD3738}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDDD8E7E-DF80-4F61-BD60-E82B6AFD3738}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\13d83880" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF8B3455-FBD6-4ACF-A646-6BE89587B4F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF8B3455-FBD6-4ACF-A646-6BE89587B4F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\517999a8" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\abs@avira.com => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\pickdmmkcajdddggmoaommkkoafandof" => Key deleted successfully.
C:\Users\David Engel\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx => Moved successfully.
"HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp" => Key deleted successfully.
C:\Users\David Engel\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx => Moved successfully.
"HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\SOFTWARE\Google\Chrome\Extensions\pickdmmkcajdddggmoaommkkoafandof" => Key deleted successfully.
"C:\Users\David Engel\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx" => File/Directory not found.
C:\Users\David Engel\AppData\Local\nsr324A.tmp => Moved successfully.
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4} => Moved successfully.
"C:\Users\Default\AppData\Roaming\Compatibility Verifier" directory move:
Could not move "C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak" => Scheduled to move on reboot.
Could not move "C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak" => Scheduled to move on reboot.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak => Moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe => Moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe => Moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll => Moved successfully.
Could not move "C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log" => Scheduled to move on reboot.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll => Moved successfully.
Could not move "C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat" => Scheduled to move on reboot.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll => Moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll => Moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll => Moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe => Moved successfully.
Could not move "C:\Users\Default\AppData\Roaming\Compatibility Verifier" directory. => Scheduled to move on reboot.
C:\ProgramData\Y4Ki2D2g0.dat => Moved successfully.
C:\Users\David Engel\MTGOinstall.exe => Moved successfully.
C:\Users\David Engel\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\David Engel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyotk9h.dll => Moved successfully.
C:\Users\David Engel\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\David Engel\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\David Engel\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\David Engel\AppData\Local\Temp\_isC6DA.exe => Moved successfully.
Hosts was reset successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-21 20:56:26)<=
==> ATTENTION: System is not rebooted.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak => Moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak => Moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log => Is moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat => Moved successfully.
"C:\Users\Default\AppData\Roaming\Compatibility Verifier" => Directory could not move.
==== End of Fixlog 20:56:29 ====
|
|
| Themen zu Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung |
| antivir, antivirus, avira, bonjour, browser, compatibilitycheck.exe, converter, dvdvideosoft ltd., excel, failed, firefox, flash player, home, homepage, object, problem, programm, realtek, scan, security, sekunden, svchost.exe, system, taskmanager, teredo, updates, vista, windows |
Linear-Darstellung
