|
Antiviren-, Firewall- und andere Schutzprogramme: Pande FW blockiert obwohl Programm deinstalliertWindows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
02.02.2015, 09:06 | #1 |
| Pande FW blockiert obwohl Programm deinstalliert Hallo und guten Morgen, habe heute etwas recht komisches erlebt. Vor einigen Monaten wurde Panda installiert. Da es mir und meinem Rechner nur Schwierigkeiten machte, ist es jetzt weg, ....dachte ich zumindest. Beim Installieren von Phrasen Express bekam ich folgenden Hinweis. "Sie verwenden auf Ihrem Rechner Panda Firewall, derartige Programme können...u.s.w. Wie kann das sein? Jetzt würde vieles einen Sinn machen. Wir haben eine AufmaßApp auf dem Tablet, mal hat sie Kontakt zum Hauptrechner, mal nicht. Der Support sucht sich schwindelig nach Fehlern. Schönen Gruß Ute |
02.02.2015, 10:26 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Pande FW blockiert obwohl Programm deinstalliert Hi,
__________________Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
02.02.2015, 10:39 | #3 |
| Pande FW blockiert obwohl Programm deinstalliertFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by Ute (administrator) on FUGENTECHNIK on 02-02-2015 10:29:40 Running from C:\Users\Ute\Desktop Loaded Profiles: Ute & (Available profiles: Ute & admin & admin2 & Administrator & DefaultAppPool) Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVM Berlin) C:\Program Files (x86)\Common Files\AVM\De_serv.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Windows\jmesoft\Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (blue:solution software GmbH) C:\ProgramData\blue solution\Handwerk 5\TopAppService\TopDnsService.exe (UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe (UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe (iAnywhere Solutions, Inc.) C:\Program Files (x86)\Advantage 11.10\Server\ads.exe (UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.AppHost.Clr2.AnyCpu.exe (UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.AppHost.Clr4.x86.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Google Inc.) C:\Windows\Temp\40.0.2214.94_chrome_installer.exeb91e4fe (Google Inc.) C:\Windows\Temp\CR_A0EA8.tmp\setup.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Users\Ute\AppData\Local\Amazon Music\Amazon Music Helper.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Bartels Media GmbH ) C:\Users\Ute\Desktop\PhraseExpressSetup.exe () C:\Users\Ute\AppData\Local\Temp\is-K2DSP.tmp\PhraseExpressSetup.tmp (Bartels Media GmbH ) C:\Users\Ute\Desktop\PhraseExpressSetup.exe () C:\Users\Ute\AppData\Local\Temp\is-2B70N.tmp\PhraseExpressSetup.tmp (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dropbox, Inc.) C:\Users\Ute\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (blue:solution software GmbH) C:\Program Files (x86)\blue solution\Handwerk 5\Handwerk.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation) HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC) HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Run: [Amazon Music] => C:\Users\Ute\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] () HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation) HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC) HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation) HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC) HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Amazon Music] => C:\Users\Ute\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] () HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation) HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC) HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Amazon Music] => C:\Users\Ute\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] () HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation) HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC) HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Amazon Music] => C:\Users\Ute\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISDNWatch.lnk ShortcutTarget: ISDNWatch.lnk -> C:\Program Files (x86)\FRITZ!\IWatch.exe (AVM Berlin) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\vrtoolcheckorder.exe (VR-NetWorld Software) Startup: C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4278806244-3946690954-89611405-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com URLSearchHook: [S-1-5-21-4278806244-3946690954-89611405-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: [S-1-5-21-4278806244-3946690954-89611405-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1] ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: [S-1-5-21-4278806244-3946690954-89611405-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2] ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: [S-1-5-21-4278806244-3946690954-89611405-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3] ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1] ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2] ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3] ATTENTION ==> Default URLSearchHook is missing. BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Cisco WebEx-Produktivitätswerkzeuge -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKLM-x32 - Cisco WebEx-Produktivitätswerkzeuge - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC) DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Tcpip\..\Interfaces\{AD715C07-FA95-41CD-8547-8CF7B99D600E}: [NameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default FF DefaultSearchEngine: Google FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin ProgramFiles/Appdata: C:\Users\Ute\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC) FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [Not Found] FF Extension: No Name - C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://spiele.rtl.de/cms/index.html" CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms} CHR Profile: C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-29] CHR Extension: (Cisco WebEx Extension) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-11-13] CHR Extension: (Google Wallet) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-29] CHR Profile: C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Profile 1 ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Advantage; C:\Program Files (x86)\Advantage 11.10\Server\ADS.EXE [3530752 2012-11-27] (iAnywhere Solutions, Inc.) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 de_serv; C:\Program Files (x86)\Common Files\AVM\de_serv.exe [206128 2007-10-25] (AVM Berlin) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation) R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] () R2 TopDNS; C:\ProgramData\blue solution\Handwerk 5\TopAppService\TopDnsService.exe [2779648 2013-01-30] (blue:solution software GmbH) [File not signed] R2 UltiDev Web Server Pro; C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe [64512 2012-09-29] (UltiDev LLC) [File not signed] R2 UWS HiPriv Services; C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe [48128 2012-09-29] (UltiDev LLC) [File not signed] R2 UWS LoPriv Services; C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe [44032 2012-09-29] (UltiDev LLC) [File not signed] S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-11-14] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AVMCOWAN; C:\Windows\system32\DRIVERS\AVMCOWAN.sys [79872 2010-11-28] (AVM GmbH) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited) S3 CYUSB3; C:\Windows\System32\Drivers\CYUSB3.sys [62712 2014-03-21] (Cypress Semiconductor) R3 FUS2BASE; C:\Windows\system32\DRIVERS\fus2base.sys [696832 2010-11-28] (AVM Berlin) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 WIMMount; C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [40392 2012-07-25] (Microsoft Corporation) S3 csravrcp; \SystemRoot\System32\drivers\csravrcp.sys [X] S3 CsrBtPort; \SystemRoot\system32\DRIVERS\CsrBtPort.sys [X] S3 csrpan; \SystemRoot\system32\DRIVERS\csrpan.sys [X] S3 csrserial; \SystemRoot\system32\DRIVERS\csrserial.sys [X] S3 csrusb; \SystemRoot\System32\Drivers\csrusb.sys [X] S3 csr_bthav; \SystemRoot\system32\drivers\csrbthav.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-02 10:29 - 2015-02-02 10:32 - 00029661 _____ () C:\Users\Ute\Desktop\FRST.txt 2015-02-02 10:28 - 2015-02-02 10:28 - 02131456 _____ (Farbar) C:\Users\Ute\Desktop\FRST64.exe 2015-02-02 10:06 - 2015-02-02 10:06 - 00000000 ____D () C:\Users\Ute\Desktop\Programme 2015-02-02 09:30 - 2015-02-02 10:07 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\AllDup 2015-02-02 09:30 - 2015-02-02 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllDup 2015-02-02 09:30 - 2015-02-02 09:30 - 00000000 ____D () C:\ProgramData\AllDup 2015-02-02 09:30 - 2015-02-02 09:30 - 00000000 ____D () C:\Program Files (x86)\AllDup 2015-02-02 09:30 - 2010-10-13 06:42 - 02369456 _____ (Codejock Software) C:\WINDOWS\SysWOW64\Codejock.CommandBars.v13.4.2.ocx 2015-02-02 09:30 - 2010-08-20 21:53 - 00086016 _____ (Michael Thummerer Software Design) C:\WINDOWS\SysWOW64\mtSplitter.ocx 2015-02-02 09:30 - 2010-06-11 10:50 - 00089888 _____ (Michael Thummerer Software Design) C:\WINDOWS\SysWOW64\mtFrame.ocx 2015-02-02 09:30 - 2010-06-01 14:45 - 01005088 _____ (Bennet-Tec Information Systems, Inc) C:\WINDOWS\SysWOW64\TList8.ocx 2015-02-02 09:30 - 2010-03-25 10:33 - 00171752 _____ (Michael Thummerer Software Design) C:\WINDOWS\SysWOW64\mtRTF2.ocx 2015-02-02 09:30 - 2009-10-13 00:02 - 00044736 _____ (Michael Thummerer Software Design) C:\WINDOWS\SysWOW64\mtSubclass.dll 2015-02-02 09:30 - 2009-10-13 00:01 - 00077504 _____ (Michael Thummerer Software Design) C:\WINDOWS\SysWOW64\mtScrollContainer.ocx 2015-02-02 09:30 - 2008-01-29 07:57 - 00450560 _____ (LogicNP Software (hxxp://www.ssware.com)) C:\WINDOWS\SysWOW64\fldrvw90.ocx 2015-02-02 08:37 - 2015-02-02 08:37 - 14129048 _____ (Bartels Media GmbH ) C:\Users\Ute\Desktop\PhraseExpressSetup.exe 2015-02-01 18:24 - 2015-02-01 18:24 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-30 23:01 - 2015-02-02 09:09 - 00000000 ___RD () C:\Users\Ute\Dropbox 2015-01-29 13:10 - 2015-01-29 13:10 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-01-28 20:57 - 2015-01-28 20:57 - 02194432 _____ () C:\Users\Ute\Desktop\AdwCleaner_4.109.exe 2015-01-25 18:22 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-01-25 18:22 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2015-01-14 08:02 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 08:02 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 08:02 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 08:02 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 08:02 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 08:02 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 08:02 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 08:02 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 08:02 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 08:02 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 08:02 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 08:02 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 08:02 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 08:02 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 08:02 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-09 14:45 - 2015-01-09 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advantage Database Server 11.10 2015-01-09 14:45 - 2015-01-09 14:45 - 00000000 ____D () C:\Program Files (x86)\Advantage 11.10 2015-01-09 14:32 - 2015-01-09 14:32 - 00000000 ____D () C:\Program Files\UltiDev 2015-01-09 14:31 - 2015-01-09 14:31 - 00002218 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\UltiDev Web App Explorer.lnk 2015-01-09 14:31 - 2015-01-09 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltiDev 2015-01-09 14:31 - 2015-01-09 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuWin32 2015-01-09 14:31 - 2015-01-09 14:31 - 00000000 ____D () C:\Program Files (x86)\GnuWin32 2015-01-09 14:30 - 2015-01-09 14:31 - 00026265 _____ () C:\WINDOWS\unins000.dat 2015-01-09 14:30 - 2015-01-09 14:30 - 01083233 _____ () C:\WINDOWS\unins000.exe 2015-01-09 14:04 - 2015-01-09 14:04 - 03999272 _____ (TeamViewer) C:\Users\Ute\Desktop\bss_support.exe 2015-01-07 16:43 - 2015-01-07 16:43 - 00000020 ___SH () C:\Users\DefaultAppPool.IIS APPPOOL\ntuser.ini 2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Vorlagen 2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Startmenü 2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Netzwerkumgebung 2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Lokale Einstellungen 2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Eigene Dateien 2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Druckumgebung 2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Documents\Eigene Musik 2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Documents\Eigene Bilder 2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Verlauf 2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Anwendungsdaten 2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Anwendungsdaten 2015-01-07 16:43 - 2014-06-30 09:07 - 00000000 ____D () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Microsoft Help 2015-01-07 16:43 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-01-07 16:43 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-01-07 16:42 - 2015-01-07 16:43 - 00000000 ____D () C:\Users\DefaultAppPool.IIS APPPOOL 2015-01-07 16:42 - 2015-01-01 23:25 - 00000000 ___RD () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-07 16:42 - 2015-01-01 23:25 - 00000000 ___RD () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-07 16:42 - 2015-01-01 23:25 - 00000000 ___RD () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-01-07 16:42 - 2013-12-24 08:47 - 00000000 ____D () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Macromedia 2015-01-07 16:42 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-04 23:02 - 2015-01-04 23:02 - 00517413 _____ () C:\Users\Ute\Downloads\quickfolders_tabbed_folders-3.14.1-sm+tb.xpi 2015-01-04 22:47 - 2015-01-04 22:47 - 00321623 _____ () C:\Users\Ute\Downloads\sun_cult-1.3.20120620-fn+sm+fx+tb(1).xpi 2015-01-04 22:42 - 2015-01-04 22:42 - 00321623 _____ () C:\Users\Ute\Downloads\sun_cult-1.3.20120620-fn+sm+fx+tb.xpi 2015-01-04 18:04 - 2015-01-30 07:37 - 00000000 ____D () C:\Users\Ute\Desktop\Telekom Kundencenter_files ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-02 10:29 - 2014-09-07 17:19 - 00000000 ____D () C:\FRST 2015-02-02 10:26 - 2014-10-29 12:15 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-02 10:11 - 2014-10-10 11:05 - 00000576 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001.job 2015-02-02 10:09 - 2013-12-18 18:39 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\ClassicShell 2015-02-02 10:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-02 09:36 - 2014-04-07 08:14 - 01570510 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-02 09:36 - 2013-12-16 20:08 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4278806244-3946690954-89611405-1001 2015-02-02 09:34 - 2014-10-26 22:14 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-02 09:09 - 2013-12-20 13:14 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Dropbox 2015-02-02 08:26 - 2014-10-29 12:15 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-02 08:24 - 2014-09-24 16:48 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7191AC2D-2327-4099-A4A5-525ACFAC0F38} 2015-02-01 20:29 - 2014-10-17 10:57 - 00000000 ____D () C:\WINDOWS\uninstall 2015-02-01 19:18 - 2013-12-24 10:15 - 07521792 ___SH () C:\Users\Ute\Desktop\Thumbs.db 2015-02-01 07:54 - 2014-07-05 22:41 - 00000000 ____D () C:\Users\Ute\AppData\Local\CrashDumps 2015-01-31 20:25 - 2013-12-18 13:52 - 00000000 ___RD () C:\Users\Ute\Desktop\Stundenzettel 2015-01-31 14:38 - 2014-10-29 12:16 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-31 00:00 - 2013-12-18 13:50 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\PhotoScape 2015-01-30 23:28 - 2014-02-01 15:31 - 00027648 ____H () C:\Users\Ute\Desktop\photothumb.db 2015-01-30 23:28 - 2013-12-18 13:52 - 00000000 ____D () C:\Users\Ute\Desktop\BAM 2015-01-30 23:06 - 2013-12-20 13:15 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-01-30 23:01 - 2013-12-24 08:44 - 00000000 ____D () C:\Users\Ute 2015-01-30 22:02 - 2014-12-23 12:53 - 00000000 ____D () C:\AdwCleaner 2015-01-30 15:42 - 2014-03-25 18:38 - 00000000 ___RD () C:\Users\Ute\Desktop\Bendik 2015-01-30 07:42 - 2013-12-18 13:57 - 00000000 ____D () C:\Users\Ute\Documents\Dokumente 2015-01-30 07:31 - 2014-12-13 18:03 - 00000000 ____D () C:\Users\Ute\Desktop\Projekte-Angebote 2015-01-30 07:26 - 2013-11-14 08:27 - 01860582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-30 07:26 - 2013-11-14 08:11 - 00799978 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-30 07:26 - 2013-11-14 08:11 - 00168714 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-29 19:42 - 2014-04-30 07:16 - 00013180 _____ () C:\WINDOWS\setupact.log 2015-01-29 13:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-29 09:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-01-29 08:32 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-28 21:19 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-28 21:14 - 2014-09-04 14:11 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-28 19:57 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-28 12:39 - 2014-06-23 11:52 - 00193623 _____ () C:\ads_err.adt 2015-01-28 12:39 - 2014-06-23 11:52 - 00012844 _____ () C:\ads_err.adm 2015-01-28 12:39 - 2014-06-23 11:52 - 00006144 _____ () C:\ads_err.adi 2015-01-27 17:53 - 2013-12-16 18:35 - 00000000 ____D () C:\Users\Ute\AppData\Local\FRITZ! 2015-01-26 15:51 - 2014-10-10 11:05 - 00003580 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001 2015-01-24 21:20 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-24 21:20 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-22 20:53 - 2013-12-18 13:52 - 00000000 ___RD () C:\Users\Ute\Desktop\Verbrauchskalkulator 2015-01-22 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-01-18 14:12 - 2013-12-17 03:17 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-18 14:09 - 2013-12-17 03:17 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-15 21:07 - 2013-12-16 17:42 - 00000000 ____D () C:\Users\Ute\AppData\Local\VirtualStore 2015-01-15 18:13 - 2014-01-09 18:01 - 00000000 ____D () C:\ProgramData\WebEx 2015-01-15 08:29 - 2014-04-10 07:11 - 00935100 _____ () C:\WINDOWS\PFRO.log 2015-01-15 08:29 - 2013-12-18 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-14 23:34 - 2014-02-04 21:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-01-09 14:44 - 2014-06-23 11:48 - 00000000 ____D () C:\ADVANTAGE 2015-01-09 14:33 - 2014-12-02 14:19 - 00001024 _____ () C:\.rnd 2015-01-08 21:09 - 2014-01-09 18:02 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\webex 2015-01-05 18:57 - 2013-12-18 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-05 18:54 - 2013-12-20 14:51 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk ==================== Files in the root of some directories ======= 2013-12-18 14:03 - 2013-12-18 14:13 - 0000600 _____ () C:\Users\Ute\AppData\Roaming\winscp.rnd 2013-12-18 13:53 - 2013-12-18 13:56 - 0000600 _____ () C:\Users\Ute\AppData\Local\PUTTY.RND 2013-10-18 11:03 - 2013-10-18 11:03 - 0000198 ____H () C:\ProgramData\Lenovo-25838.vbs Files to move or delete: ==================== C:\ProgramData\Lenovo-25838.vbs Some content of TEMP: ==================== C:\Users\Ute\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprzvn6m.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-28 06:51 ==================== End Of Log ============================ FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015 Ran by Ute at 2015-02-02 10:34:14 Running from C:\Users\Ute\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.34 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Advantage Database Server for Windows v11.10 (HKLM-x32\...\{8F7F5EAD-7785-4246-83F0-C6A9204AF971}) (Version: 11.10.0001 - Sybase, Inc.) AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design) Amazon Cloud Player (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC) Amazon Music (HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC) Amazon Music (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC) Amazon Music (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC) Amazon Music (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC) Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC) Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden Assessment and Deployment Kit (HKLM-x32\...\{fc46d1b2-9557-4c1f-baac-04af4d2db7e4}) (Version: 8.59.25584 - Microsoft Corporation) Assessments on Client (x32 Version: 8.59.25584 - Microsoft) Hidden AVM FRITZ! (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin) AVM ISDN CAPI Port (HKLM-x32\...\AVM ISDN CAPI Port) (Version: - ) BUHL-Lizenzmanagement-Software (x32 Version: 1.01.0000 - Buhl Data Service GmbH) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Cisco WebEx-Produktivitätswerkzeuge (HKLM-x32\...\{EC4A8038-085D-4FB7-BF70-338296E33FE5}) (Version: 11.1.30800 - Cisco WebEx LLC) Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft) CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo) Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.) Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.) Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.) Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.) Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.) Fotostory 3 für Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.15 - Microsoft Corporation) GnuWin32: OpenSSL-0.9.8h-1 (HKLM-x32\...\OpenSSL-0.9.8h-1_is1) (Version: 0.9.8h-1 - GnuWin32) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline) GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline) GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline) GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline) GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline) IIS 7.5 Express (HKLM-x32\...\{433E2032-D3E0-46FF-BAA4-0976F333C1E4}) (Version: 7.5.1070 - Microsoft Corporation) Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo) Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo) Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.) Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo) Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla) PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.) Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung) ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Snagit 11 (HKLM-x32\...\{A7E2223E-4AE4-45C8-9B6C-1C893EDF11BD}) (Version: 11.4.0 - TechSmith Corporation) Toolkit Documentation (x32 Version: 8.59.25584 - Microsoft) Hidden TopApps Service (HKLM-x32\...\{B2BB7D05-F646-41C7-9CE4-CE77469C0899}_is1) (Version: 2.5.1 - ) TopKontor Handwerk Version 5 (HKLM-x32\...\{640A92A1-9B8B-4C80-B412-9595460EBC53}_is1) (Version: 5 - ) UltiDev Web Server Pro (x32 Version: 2.0.18 - UltiDev LLC) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) User State Migration Tool (x32 Version: 8.59.25584 - Microsoft) Hidden VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version: - ) WPT Redistributables (x32 Version: 8.59.25584 - Microsoft) Hidden WPTx64 (x32 Version: 8.59.25584 - Microsoft) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 17-01-2015 18:59:36 Windows Update 23-01-2015 08:59:16 Windows Update 28-01-2015 07:15:43 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {10C464AB-F818-496E-9743-F105C3A2E2C0} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe Task: {28CD7355-CB57-4CC9-BDA7-6351E804957A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe Task: {2EC50909-A5B8-4061-900F-7FBAF516F26A} - System32\Tasks\Lenovo\Lenovo-25838 => C:\ProgramData\Lenovo-25838.vbs [2013-10-18] () Task: {3864244B-592B-4F61-8F7E-F61734C03B58} - System32\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001 => C:\Users\Ute\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-26] (Citrix Online, a division of Citrix Systems, Inc.) Task: {4927924C-A5E3-47FF-B9E9-B80557B576DE} - System32\Tasks\{4DFDCA33-7855-42CE-A167-53B2FA91D197} => pcalua.exe -a "C:\Users\Ute\AppData\Roaming\1H1Q1V1N1N1O1R\PDF Creator Packages\uninstaller.exe" -c /Uninstall /NM="PDF Creator Packages" /AN="1H1Q1V1N1N1O1R" /MBN="PDF Creator Packages" Task: {51A427BB-2B0C-4F4B-B3BE-A9A2FAD1E4DF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd) Task: {57799BD6-455E-4C11-B681-1B5A10F1C796} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2013-10-04] (TechSmith Corporation) Task: {76F82560-6DA7-4132-8EEA-034B4CEF1C14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.) Task: {7A0A46B6-48C9-4E98-B0E1-58A92FC05B98} - System32\Tasks\{C0A3453F-F59B-41F6-AF5C-A7BF3415AF66} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" Task: {7E83B592-067F-4486-9D07-E9250B9FCC71} - System32\Tasks\{8DC9A3B1-9955-4D2E-8E23-E1AD9817AA96} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" Task: {8D39BC23-CB47-408E-BE53-D89D35E46A7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.) Task: {97F77BDD-D8DB-4943-BA5F-5338F7E8A21E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-18] (Microsoft Corporation) Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001.job => C:\Users\Ute\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-20 13:57 - 2006-02-23 11:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll 2013-12-20 13:57 - 2006-02-22 10:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll 2013-10-18 10:59 - 2011-08-16 19:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe 2013-10-18 11:15 - 2013-05-14 19:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2015-01-09 14:35 - 2015-01-09 14:35 - 00010752 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\07504d0b\fa6973ba\App_Web_a0d7vllk.dll 2015-01-09 14:35 - 2015-01-09 14:35 - 00049152 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\07504d0b\fa6973ba\App_Web_r9q6hagu.dll 2014-01-25 02:22 - 2014-10-03 17:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe 2015-01-31 15:13 - 2014-12-08 07:27 - 06277952 _____ () C:\Users\Ute\AppData\Local\Amazon Music\Amazon Music Helper.exe 2015-02-02 08:37 - 2015-02-02 08:37 - 00793088 _____ () C:\Users\Ute\AppData\Local\Temp\is-K2DSP.tmp\PhraseExpressSetup.tmp 2015-02-02 08:37 - 2015-02-02 08:37 - 00793088 _____ () C:\Users\Ute\AppData\Local\Temp\is-2B70N.tmp\PhraseExpressSetup.tmp 2015-01-30 14:34 - 2013-11-26 10:52 - 02698240 _____ () C:\ProgramData\blue solution\Handwerk 5\ServiceProcs069DBDC7.aep 2013-12-16 19:57 - 2013-01-23 08:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-02-04 21:20 - 2015-01-14 23:34 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2014-02-04 21:20 - 2015-01-14 23:34 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2014-02-04 21:20 - 2015-01-14 23:34 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2015-01-31 14:37 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll 2015-01-31 14:37 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll 2015-01-31 14:37 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll 2015-02-02 08:37 - 2015-02-02 08:37 - 00013312 _____ () C:\Users\Ute\AppData\Local\Temp\is-U8BFN.tmp\_isetup\_isdecmp.dll 2015-01-08 21:44 - 2015-01-08 21:44 - 00750080 _____ () C:\Users\Ute\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-02-02 09:09 - 2015-02-02 09:09 - 00043008 _____ () c:\users\ute\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprzvn6m.dll 2015-01-08 21:44 - 2015-01-08 21:44 - 00047616 _____ () C:\Users\Ute\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-01-08 21:44 - 2015-01-08 21:44 - 00863744 _____ () C:\Users\Ute\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-01-08 21:44 - 2015-01-08 21:44 - 00200704 _____ () C:\Users\Ute\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Ute\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Ute\Desktop\Ihr Gutschein für druckerzubehoer.de.eml:OECustomProperty AlternateDataStreams: C:\Users\Ute\Desktop\Ihr Jochen Schweizer Beleg.eml:OECustomProperty AlternateDataStreams: C:\Users\Ute\Desktop\[Ticket#10297215] Ihre Buchung bei Jochen Schweizer Erlebnisse.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "ISDNWatch.lnk" HKLM\...\StartupApproved\StartupFolder: => "VR-NetWorld Auftragsprüfung.lnk" HKLM\...\StartupApproved\Run: => "vksts" HKLM\...\StartupApproved\Run: => "TrayApplication" HKLM\...\StartupApproved\Run: => "CsrAudioguiCtrl" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "LVT" HKLM\...\StartupApproved\Run32: => "mcpltui_exe" HKLM\...\StartupApproved\Run32: => "mcui_exe" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "ControlCenter3" HKLM\...\StartupApproved\Run32: => "AvastUI.exe" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "GrooveMonitor" HKLM\...\StartupApproved\Run32: => "BrMfcWnd" HKLM\...\StartupApproved\Run32: => "PDFPrint" HKLM\...\StartupApproved\Run32: => "PPort11reminder" HKLM\...\StartupApproved\Run32: => "IndexSearch" HKLM\...\StartupApproved\Run32: => "PaperPort PTD" HKLM\...\StartupApproved\Run32: => "PSUAMain" HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk" HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\Run: => "RESTART_STICKY_NOTES" HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\Run: => "Amazon Cloud Player" HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\Run: => "PTOneClick" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Dropbox.lnk" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "RESTART_STICKY_NOTES" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Amazon Cloud Player" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "PTOneClick" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\StartupFolder: => "Dropbox.lnk" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "RESTART_STICKY_NOTES" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "Amazon Cloud Player" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "PTOneClick" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\StartupFolder: => "Dropbox.lnk" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\Run: => "RESTART_STICKY_NOTES" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\Run: => "Amazon Cloud Player" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\Run: => "PTOneClick" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\StartupApproved\StartupFolder: => "Dropbox.lnk" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\StartupApproved\Run: => "RESTART_STICKY_NOTES" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\StartupApproved\Run: => "Amazon Cloud Player" HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\StartupApproved\Run: => "PTOneClick" ========================= Accounts: ========================== admin (S-1-5-21-4278806244-3946690954-89611405-1005 - Administrator - Enabled) => C:\Users\admin admin2 (S-1-5-21-4278806244-3946690954-89611405-1006 - Limited - Enabled) => C:\Users\admin2 Administrator (S-1-5-21-4278806244-3946690954-89611405-500 - Administrator - Disabled) => C:\Users\Administrator Gast (S-1-5-21-4278806244-3946690954-89611405-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-4278806244-3946690954-89611405-1004 - Limited - Enabled) Ute (S-1-5-21-4278806244-3946690954-89611405-1001 - Administrator - Enabled) => C:\Users\Ute ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/02/2015 10:08:15 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1234 Startzeit: 01d03eb8d0528f9b Endzeit: 0 Anwendungspfad: C:\WINDOWS\Explorer.EXE Berichts-ID: dc484586-aaba-11e4-bf23-7427eae5d5e4 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (02/02/2015 09:09:45 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (02/01/2015 07:21:00 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm PhotoStory3.exe, Version 3.0.1115.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c94 Startzeit: 01d03e4b130d61c2 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\Photo Story 3 for Windows\PhotoStory3.exe Berichts-ID: 008922a7-aa3f-11e4-bf23-7427eae5d5e4 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (02/01/2015 06:24:27 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (02/01/2015 06:24:26 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (02/01/2015 06:24:17 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (02/01/2015 06:24:10 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (02/01/2015 06:24:04 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (02/01/2015 07:54:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x64928b76 ID des fehlerhaften Prozesses: 0x2c8 Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Vollständiger Name des fehlerhaften Pakets: mbam.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5 Error: (01/31/2015 08:50:56 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x1a84 Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Vollständiger Name des fehlerhaften Pakets: mbam.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5 System errors: ============= Error: (02/01/2015 11:59:59 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (02/01/2015 11:59:59 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (02/01/2015 11:59:59 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (02/01/2015 11:59:59 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (02/01/2015 10:07:42 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/01/2015 10:07:12 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (02/01/2015 11:55:59 AM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/01/2015 11:55:29 AM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (02/01/2015 09:24:00 AM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/01/2015 09:23:30 AM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2015-02-02 08:56:07.806 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 08:56:07.697 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 08:56:07.588 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 08:56:04.149 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 08:56:04.040 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 08:56:03.024 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-01 22:22:12.303 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-01 22:22:12.131 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-01 22:22:11.959 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-01 22:22:11.771 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz Percentage of memory in use: 66% Total physical RAM: 4010.35 MB Available physical RAM: 1332.11 MB Total Pagefile: 5444.11 MB Available Pagefile: 1709.58 MB Total Virtual: 131072 MB Available Virtual: 131071.78 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:439.16 GB) (Free:366.51 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: A5C61E19) Partition: GPT Partition Type. ==================== End Of Log ============================ |
02.02.2015, 11:22 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Pande FW blockiert obwohl Programm deinstalliert Von Panda ist da nix mehr. Poste mal einen Screenshot von der Meldung.
__________________ Logfiles bitte immer in CODE-Tags posten |
02.02.2015, 11:53 | #5 |
| Pande FW blockiert obwohl Programm deinstalliertCode:
ATTFilter https://www.dropbox.com/sh/zs6g3939wwcmd33/AABESJ8fF_MMMSTCUne0yqjfa?dl=0 |
02.02.2015, 12:20 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Pande FW blockiert obwohl Programm deinstalliert Das ist keine Fehlermeldung sondern nur ein Hinweis. Und das ist auch irrelevant weil Panda nicht mehr aktiv bzw garnicht mehr installiert ist. Vermutlich sieht die Software noch irgendwelche übriggebliebenden Registyeinträge von Panda, die warum auch immer nicht gelöscht wurden. Wo ist da jetzt das Problem?
__________________ --> Pande FW blockiert obwohl Programm deinstalliert |
02.02.2015, 12:42 | #7 |
| Pande FW blockiert obwohl Programm deinstalliert Kein Problem, ich dachte es gäbe eins. Danke, überwiesen wird die Spende heute noch. Gruß Ute |
02.02.2015, 13:13 | #8 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Pande FW blockiert obwohl Programm deinstalliert ok... Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
02.02.2015, 15:09 | #9 |
| Pande FW blockiert obwohl Programm deinstalliert Soviel ich weiß gibt es die Panda-Firewall in der Free-Version gar nicht. Aber ich habe hier einen Panda-Uninstaller gefunden jage den einmal drüber vielleicht sind dann alle Reste weg: http://www.netzwelt.de/download/13484-panda-uninstaller.html |
02.02.2015, 17:55 | #10 |
| Pande FW blockiert obwohl Programm deinstalliertjetzt klappts. Nichts wird mehr angezeigt und der Download startet. Tschüß Cosino Ups, nix Cosino. Danke Kronos60 |
02.02.2015, 21:47 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Pande FW blockiert obwohl Programm deinstalliert stimmt, nix cosino, denn ich heiße cosinus Schön, dass der Uninstaller geholfen hat, aber unschön ist es, wenn die eigene Uninstallroutine nicht weiß, was sie alles löschen muss
__________________ Logfiles bitte immer in CODE-Tags posten |
02.02.2015, 22:43 | #12 |
| Pande FW blockiert obwohl Programm deinstalliert Tja, die Datei hat eben nur das Wissen, mit dem sie programmiert wird. Und keine Ahnung warum ich immer so´n Sch... habe. Vielleicht weils gut ist immer alles zu wissen? Bin ja schon Stammkunde hier. Vielleicht meint das Schicksal ich soll hier ne Ausbildung machen, So dann mal gurts Nächtle. Tschüssie Ute |
02.02.2015, 22:54 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Pande FW blockiert obwohl Programm deinstalliert Nö, du kannst da nix für...das Problem liegt z.T. auch an Windows...
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Pande FW blockiert obwohl Programm deinstalliert |
blockiert, deinstalliert, express, fehler, firewall, folge, folgende, folgenden, guten, heute, installieren, komisches, kontakt, monate, morgen, panda, pandafirewall, programm, programme, rechner, recht, sucht, support, tablet, verwenden, vieles, würde |