|
Plagegeister aller Art und deren Bekämpfung: Blauer Bildschirm, wenn ich im Internet bin, mit Fehlercode DRIVER-IRQL-NOT-LESS-OR-EQUALWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.02.2015, 14:06 | #1 |
| Blauer Bildschirm, wenn ich im Internet bin, mit Fehlercode DRIVER-IRQL-NOT-LESS-OR-EQUAL Hallo, hier wurde mir und meinem Rechner schon einmal so wunderbar geholfen, dass ich das jetzt wieder hoffe. Wenn ich kurze Zeit mit google chrome im Internet bin, rein über WLAN, dann kommt ein blauer Bildschirm, der mir sagt, das " a problem has been detected and windows has been shut down to prevent damage to your computer" Dann kommt der o.g. Code und Empfehlungen. Ist jetzt zweimal passiert. Ich habe gestern mit Malwarebytes einige Dinge entfernt, u.a. einen Trojaner und heute trat dieser Fehler mehrfach auf. Jetzt bin ich mir unsicher, ob es sich wirklich um ein Hardwareproblem handelt? Das Einzige, was mir sonst an ungewöhnlichem aufgefallen ist, war, dass ich heute in einem anderen wlan als sonst bin und das wlan Zeichen nicht mehr in der Leiste unten rechts angezeigt wurde sondern das Zeichen für LAN und das durchgestrichen war. Ich benutze so gut wie nie LAN. Wenn das bei meinem Rechner passiert, fliegen alle anderen aus dem WLAN und es dauert einige Sekunden bis sich das wieder aufbaut. Kann mir jemand weiterhelfen? Vielen Dank!! phinka |
06.02.2015, 14:14 | #2 |
/// the machine /// TB-Ausbilder | Blauer Bildschirm, wenn ich im Internet bin, mit Fehlercode DRIVER-IRQL-NOT-LESS-OR-EQUAL hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
06.02.2015, 16:45 | #3 |
| Blauer Bildschirm, wenn ich im Internet bin, mit Fehlercode DRIVER-IRQL-NOT-LESS-OR-EQUAL Mist, ich komme gar nicht erst soweit mit dem Rechner. Internet Explorer sagt immer "Programm schließen" und bei google chrome kann ich auf diese Seite gehen und 10 sec später kommt der blaue Bildschirm...
__________________Kann ich das irgendwie im abgesicherten Modus oder so machen? Oder mir einen USb Stick kaufen und das, was Du schreibst, erst mit einem anderen Rechner runterladen? Hallo, bevor ich das jetzt mache, eine Ergänzung: ich bin ja hier in ein mir fremdes WLAN eingeloggt, das über einen mobilen WLAN Router funktioniert. Alle anderen Geräte (Laptops und Handys meiner Familie) haben damit kein Problem. Jetzt hab ich mit meinem Handy einen WLAN Hotspot gemacht, den ich schon öfter genutzt habe und siehe da, derRechner stürzt nicht mehr ab. Scheint also ein Kommunikationsproblem mit diesem anderen WLAn zu sein? Was meinst Du, soll ich abwarten, ob das dann zuhause auch nochmal auftritt oder lieber jetzt schon irgendwas machen? Vielen Dank für Deine Hilfe! |
07.02.2015, 11:30 | #4 |
/// the machine /// TB-Ausbilder | Blauer Bildschirm, wenn ich im Internet bin, mit Fehlercode DRIVER-IRQL-NOT-LESS-OR-EQUAL Poste auf jeden Fall die FRST Logs. Zur NOt von einem andern Rechner laden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
09.02.2015, 17:41 | #5 |
| Blauer Bildschirm, wenn ich im Internet bin, mit Fehlercode DRIVER-IRQL-NOT-LESS-OR-EQUAL FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015 Ran by Eltern (ATTENTION: The logged in user is not administrator) on ELTERN-LAPTOP on 09-02-2015 16:34:56 Running from C:\Users\Eltern\Downloads Loaded Profiles: Eltern & admin (Available profiles: Eltern & admin) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> winlogon.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> lsm.exe Failed to access process -> svchost.exe Failed to access process -> nvvsvc.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> NvXDSync.exe Failed to access process -> nvvsvc.exe Failed to access process -> AvastSvc.exe Failed to access process -> wlanext.exe Failed to access process -> conhost.exe Failed to access process -> spoolsv.exe Failed to access process -> svchost.exe Failed to access process -> armsvc.exe Failed to access process -> AppleMobileDeviceService.exe Failed to access process -> devmonsrv.exe Failed to access process -> mDNSResponder.exe Failed to access process -> svchost.exe Failed to access process -> officeclicktorun.exe Failed to access process -> EvtEng.exe Failed to access process -> svchost.exe Failed to access process -> HerculesDJControlMP3.EXE Failed to access process -> ijplmsvc.exe Failed to access process -> mbamscheduler.exe Failed to access process -> mbamservice.exe Failed to access process -> PFNService.exe Failed to access process -> svchost.exe Failed to access process -> PSUService.exe Failed to access process -> RegSrvc.exe Failed to access process -> sftvsa.exe Failed to access process -> SmdmFService.exe Failed to access process -> TeamViewer_Service.exe Failed to access process -> SmdmFService.exe Failed to access process -> WLIDSVC.EXE Failed to access process -> obexsrv.exe Failed to access process -> WLIDSVCM.EXE Failed to access process -> sftlist.exe Failed to access process -> unsecapp.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> CVHSVC.EXE Failed to access process -> ngservice.exe Failed to access process -> mscorsvw.exe Failed to access process -> LMS.exe Failed to access process -> wmpnetwk.exe Failed to access process -> SearchIndexer.exe Failed to access process -> svchost.exe Failed to access process -> UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe Failed to access process -> mediasrv.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Citrix Systems, Inc.) C:\Users\Eltern\AppData\Local\Citrix\ICA Client\concentr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\old_chrome.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (Citrix Systems, Inc.) C:\Users\Eltern\AppData\Local\Citrix\ICA Client\wfcrun32.exe (Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin Failed to access process -> VSSVC.exe Failed to access process -> iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\splwow64.exe Failed to access process -> svchost.exe Failed to access process -> smdmfu.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE (Microsoft Corporation) C:\Windows\System32\wisptis.exe Failed to access process -> AvastVBoxSVC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Failed to access process -> SearchProtocolHost.exe Failed to access process -> SearchFilterHost.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> sppsvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2009-11-19] (Synaptics Incorporated) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED) HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [199528 2010-11-13] (FUJITSU LIMITED) HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6311424 2010-10-07] (FUJITSU LIMITED) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663464 2010-12-07] (Realtek Semiconductor) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel(R) Corporation) HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [162416 2010-07-16] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [21616 2010-07-09] (FUJITSU LIMITED) HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED) HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [102528 2012-09-25] (Fujitsu Technology Solutions) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Hercules DJ Series] => C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe [1675048 2011-04-26] (Hercules®) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1691136 2012-05-31] (Wondershare) HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\970262e3-1e0c-4f4e-adbe-91de3ec72024.exe [183232 2015-01-12] (AVAST Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1137129110-1800203016-1165673377-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-1137129110-1800203016-1165673377-1001\...\Run: [Smart PC Cleaner] => C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe HKU\S-1-5-21-1137129110-1800203016-1165673377-1001\...\Run: [DriverScanner] => "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000 HKU\S-1-5-21-1137129110-1800203016-1165673377-1001\...\Run: [ConnectionCenter] => C:\Users\Eltern\AppData\Local\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.) HKU\S-1-5-21-1137129110-1800203016-1165673377-1001\...\Run: [6DAAC6C454D885ED72250BD5B844006BEAA8E461._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.) AppInit_DLLs: C:\Users\admin\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => C:\Users\admin\AppData\Local\Linkey\IEEXTE~1\iedll64.dll File Not Found AppInit_DLLs-x32: C:\Users\admin\AppData\Local\Linkey\IEEXTE~1\iedll.dll => "C:\Users\admin\AppData\Local\Linkey\IEEXTE~1\iedll.dll" File Not Found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions) Startup: C:\Users\Eltern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll [488464 2014-09-02] () HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll [662032 2014-09-02] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1137129110-1800203016-1165673377-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true HKU\S-1-5-21-1137129110-1800203016-1165673377-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKU\S-1-5-21-1137129110-1800203016-1165673377-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Fujitsu CEMEA&I HKU\S-1-5-21-1137129110-1800203016-1165673377-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Google HKU\S-1-5-21-1137129110-1800203016-1165673377-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true HKU\S-1-5-21-1137129110-1800203016-1165673377-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype URLSearchHook: HKU\S-1-5-21-1137129110-1800203016-1165673377-1001 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File URLSearchHook: [S-1-5-21-1137129110-1800203016-1165673377-1004] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=101&itype=n&ver=13898&tm=462&src=ds&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=101&itype=n&ver=13898&tm=462&src=ds&p={searchTerms} SearchScopes: HKU\S-1-5-21-1137129110-1800203016-1165673377-1001 -> {154d339e-ccaa-49a5-9b38-6878ad4220bc} URL = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true SearchScopes: HKU\S-1-5-21-1137129110-1800203016-1165673377-1001 -> {27411759-B300-4F5A-98E4-E07E69153B21} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_NL&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^NL&apn_uid=17DA459C-8E09-47EE-AC59-629FDF1DAE13&apn_sauid=5C01AC05-7B74-4559-A37C-0D6977E0192E SearchScopes: HKU\S-1-5-21-1137129110-1800203016-1165673377-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=101&itype=n&ver=13898&tm=462&src=ds&p={searchTerms} BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\admin\AppData\Local\Linkey\IEExtension\iedll64.dll No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\admin\AppData\Local\Linkey\IEEXTE~1\iedll.dll No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKU\S-1-5-21-1137129110-1800203016-1165673377-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1137129110-1800203016-1165673377-1001 -> No Name - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No File Toolbar: HKU\S-1-5-21-1137129110-1800203016-1165673377-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File Toolbar: HKU\S-1-5-21-1137129110-1800203016-1165673377-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll (Skype) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll (Skype) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1137129110-1800203016-1165673377-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Eltern\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1137129110-1800203016-1165673377-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF Plugin ProgramFiles/Appdata: C:\Users\Eltern\AppData\Roaming\mozilla\plugins\CCMSDK.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Eltern\AppData\Roaming\mozilla\plugins\cgpcfg.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Eltern\AppData\Roaming\mozilla\plugins\CgpCore.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Eltern\AppData\Roaming\mozilla\plugins\confmgr.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Eltern\AppData\Roaming\mozilla\plugins\ctxlogging.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Eltern\AppData\Roaming\mozilla\plugins\ctxmui.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Eltern\AppData\Roaming\mozilla\plugins\icafile.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Eltern\AppData\Roaming\mozilla\plugins\icalogon.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Eltern\AppData\Roaming\mozilla\plugins\npicaN.dll () FF Plugin ProgramFiles/Appdata: C:\Users\Eltern\AppData\Roaming\mozilla\plugins\sslsdk_b.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Eltern\AppData\Roaming\mozilla\plugins\TcpPServ.dll (Citrix Systems, Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-29] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Profile: C:\Users\Eltern\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\Eltern\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-03] CHR Extension: (Google Drive) - C:\Users\Eltern\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-03] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Eltern\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06] CHR Extension: (FreeHDSport.TV) - C:\Users\Eltern\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok [2013-02-22] CHR Extension: (YouTube) - C:\Users\Eltern\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-03] CHR Extension: (Adblock Plus) - C:\Users\Eltern\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-26] CHR Extension: (Google Search) - C:\Users\Eltern\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-03] CHR Extension: (AdBlock) - C:\Users\Eltern\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-13] CHR Extension: (Avast Online Security) - C:\Users\Eltern\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-02] CHR Extension: (WEB.DE MailCheck) - C:\Users\Eltern\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2015-01-17] CHR Extension: (Skype Click to Call) - C:\Users\Eltern\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-11-01] CHR Extension: (Google Wallet) - C:\Users\Eltern\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09] CHR Extension: (Gmail) - C:\Users\Eltern\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-03] CHR Extension: (Nation Toolbar) - C:\Users\Eltern\AppData\Local\Google\Chrome\User Data\Default\Extensions\poodchbjlediohlnballdehklfnmaogp [2013-11-21] CHR HKLM-x32\...\Chrome\Extension: [bgnnidmnbdkmhfkjgdnngciimpdgohok] - C:\Program Files (x86)\FirstRowSportApp.com\stv12.crx [2013-02-19] CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Users\admin\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-02] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-18] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AISConnect; C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe [32768 2009-01-26] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-02] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-02] (Avast Software) R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed] R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed] R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [983104 2010-11-03] (Intel Corporation) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-11] (Microsoft Corporation) R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [20480 2011-06-07] () [File not signed] R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] () R2 lmhosts; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [21504 2011-03-01] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] () R2 NlaSvc; C:\Windows\System32\svchost.exe [27648 2011-03-01] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [21504 2011-03-01] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [21504 2011-03-01] (Microsoft Corporation) S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-10-27] (The OpenVPN Project) R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [331776 2010-10-07] (FUJITSU LIMITED) [File not signed] R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2010-06-17] (FUJITSU LIMITED) R2 SmdmFService; C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe [3572240 2014-09-02] (Aztec Media Inc) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-02] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-02] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-02] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-02] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-02] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-02] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-02] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-02] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-07-22] () S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [192000 2011-04-28] (© Guillemot R&D, 2010. All rights reserved.) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed] S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed] S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed] R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg [41872 2014-09-02] (Aztec Media Inc) R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED) R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED) R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) S3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [263168 2011-04-28] (© Guillemot R&D, 2010. All rights reserved.) S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [240640 2011-04-28] (© Guillemot R&D, 2011. All rights reserved.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-07-22] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1801216 2010-10-09] () S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed] R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-02] (Avast Software) S3 catchme; \??\C:\6774884_Setup\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-09 16:34 - 2015-02-09 16:36 - 00036052 _____ () C:\Users\Eltern\Downloads\FRST.txt 2015-02-09 16:34 - 2015-02-09 16:35 - 00000000 ____D () C:\FRST 2015-02-09 16:34 - 2015-02-09 16:34 - 02132992 _____ (Farbar) C:\Users\Eltern\Downloads\FRST64 (1).exe 2015-02-09 16:33 - 2015-02-09 16:34 - 02132992 _____ (Farbar) C:\Users\Eltern\Downloads\FRST64.exe 2015-02-09 10:10 - 2015-02-09 10:10 - 00000247 _____ () C:\Windows\system32\2015-02-09-10-10-38.067-aswFe.exe-1552.log 2015-02-09 10:02 - 2015-02-09 10:10 - 00000247 _____ () C:\Windows\system32\2015-02-09-10-02-22.020-aswFe.exe-6164.log 2015-02-09 10:02 - 2015-02-09 10:02 - 00000197 _____ () C:\Windows\system32\2015-02-09-10-02-11.065-AvastVBoxSVC.exe-7272.log 2015-02-09 09:16 - 2015-02-09 09:16 - 00000197 _____ () C:\Windows\system32\2015-02-09-09-16-39.032-AvastVBoxSVC.exe-1316.log 2015-02-09 08:35 - 2015-02-09 08:35 - 00000197 _____ () C:\Windows\system32\2015-02-09-08-35-37.038-AvastVBoxSVC.exe-1872.log 2015-02-06 13:52 - 2015-02-06 13:52 - 00000197 _____ () C:\Windows\system32\2015-02-06-13-52-12.052-AvastVBoxSVC.exe-3836.log 2015-02-06 12:07 - 2015-02-06 12:07 - 00000165 ____H () C:\Users\Eltern\Downloads\~$Klientenliste_04.02.2015.xlsx 2015-02-04 12:20 - 2015-02-04 12:21 - 03252731 _____ () C:\Users\Eltern\Downloads\(boox.bz)-GreenJohn-7891.zip 2015-02-02 12:34 - 2015-02-02 12:38 - 11314021 _____ () C:\Users\Eltern\Downloads\NSDLdS.rar 2015-02-02 07:47 - 2015-02-02 07:52 - 14619603 _____ () C:\Users\Eltern\Downloads\MJDTP.rar 2015-01-29 07:09 - 2015-01-29 07:09 - 00000197 _____ () C:\Windows\system32\2015-01-29-07-09-07.016-AvastVBoxSVC.exe-4160.log 2015-01-23 22:27 - 2015-01-23 22:27 - 00000197 _____ () C:\Windows\system32\2015-01-23-22-27-05.052-AvastVBoxSVC.exe-7324.log 2015-01-21 07:47 - 2015-01-21 07:47 - 00000197 _____ () C:\Windows\system32\2015-01-21-07-47-07.033-AvastVBoxSVC.exe-2136.log 2015-01-19 12:50 - 2015-01-19 12:50 - 00000000 ____D () C:\Users\Eltern\AppData\Local\{F86A2549-705C-4C9A-9398-799841DA3963} 2015-01-18 03:21 - 2015-01-18 03:21 - 00000197 _____ () C:\Windows\system32\2015-01-18-03-21-29.008-AvastVBoxSVC.exe-3420.log 2015-01-17 16:31 - 2015-01-17 16:31 - 00000197 _____ () C:\Windows\system32\2015-01-17-16-31-03.026-AvastVBoxSVC.exe-5364.log 2015-01-16 07:07 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-16 07:07 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-16 07:07 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-16 07:07 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-16 07:07 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-16 07:07 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-16 07:07 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-15 13:11 - 2015-01-15 13:12 - 00000197 _____ () C:\Windows\system32\2015-01-15-13-11-58.068-AvastVBoxSVC.exe-4064.log 2015-01-15 11:44 - 2015-01-15 11:44 - 00288689 _____ () C:\Users\Eltern\Downloads\Klientenliste_14.01.2015 (1).xlsx 2015-01-15 11:42 - 2015-01-15 13:03 - 00269110 _____ () C:\Users\Eltern\Downloads\Klientenliste_13.01.2015.xlsx 2015-01-15 10:12 - 2015-01-15 10:14 - 85533129 _____ () C:\Users\Eltern\Downloads\Urlaubsvertretung Till 01_2015.zip 2015-01-15 03:56 - 2015-01-15 03:56 - 00000197 _____ () C:\Windows\system32\2015-01-15-03-56-34.047-AvastVBoxSVC.exe-3280.log 2015-01-14 18:40 - 2015-01-14 18:41 - 00000000 ____D () C:\Users\Eltern\AppData\Local\{C47B58EC-9492-41FD-82FB-B4C232F89A00} 2015-01-14 16:45 - 2015-01-20 14:45 - 00356352 _____ () C:\Users\Eltern\Documents\Datenbank4.accdb 2015-01-14 16:27 - 2015-01-15 07:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-01-14 13:37 - 2015-01-14 13:41 - 11216644 _____ () C:\Users\Eltern\Downloads\MAUdeT.rar 2015-01-14 09:25 - 2015-01-14 09:25 - 00024285 _____ () C:\Users\Eltern\Downloads\TS102807928.dotx 2015-01-14 07:16 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 07:16 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 07:16 - 2014-12-11 17:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 07:16 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 07:16 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 07:16 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-13 20:37 - 2015-01-13 20:40 - 11214460 _____ () C:\Users\Eltern\Downloads\RLDE.rar 2015-01-13 19:15 - 2015-01-16 18:35 - 00192033 _____ () C:\Users\Eltern\Downloads\Therapeutenliste_Stand_30.12.2014_CoachID.xlsx 2015-01-13 08:49 - 2015-01-15 11:43 - 00267947 _____ () C:\Users\Eltern\Downloads\Klientenliste_12.01.2015 (1).xlsx 2015-01-12 18:32 - 2015-01-12 18:32 - 00284621 _____ () C:\Users\Eltern\Downloads\Klientenliste_12.01.2015.xlsx 2015-01-12 08:41 - 2015-01-12 08:41 - 00000000 ____D () C:\Users\Eltern\AppData\Local\{F55ADB88-D418-4526-A85D-49393D7419DC} 2015-01-12 08:39 - 2015-01-12 08:39 - 03181547 _____ () C:\Users\Eltern\Downloads\VKKD_Sept 2013_GF (1).pptx 2015-01-11 18:34 - 2015-01-13 11:04 - 00034117 _____ () C:\Users\Eltern\Downloads\20150111-209189-umsatz (1).CSV 2015-01-11 18:28 - 2015-01-13 11:04 - 00056776 _____ () C:\Users\Eltern\Downloads\20150111-209189-umsatz.CSV 2015-01-11 17:48 - 2015-01-11 17:51 - 00071477 _____ () C:\Users\Eltern\Downloads\Abrechnung_Q4_2014_06.01.14.xlsx 2015-01-10 22:52 - 2015-01-10 22:52 - 00000000 ____D () C:\Users\Eltern\AppData\Local\{5070E6B6-5A4F-4F26-9D81-E37440959D94} 2015-01-10 20:09 - 2015-01-10 20:11 - 03967155 _____ () C:\Users\Eltern\Downloads\Dillon.7z 2015-01-10 19:56 - 2015-01-10 20:00 - 10787467 _____ () C:\Users\Eltern\Downloads\SNZW.rar 2015-01-10 16:02 - 2015-01-10 16:03 - 00000197 _____ () C:\Windows\system32\2015-01-10-16-02-55.034-AvastVBoxSVC.exe-3340.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-09 16:35 - 2014-09-06 12:58 - 00000000 ____D () C:\ProgramData\smdmf 2015-02-09 16:35 - 2011-10-31 18:10 - 00000000 ____D () C:\Users\Eltern\AppData\Roaming\Skype 2015-02-09 16:11 - 2011-08-28 04:22 - 01786698 _____ () C:\Windows\WindowsUpdate.log 2015-02-09 15:42 - 2011-12-19 17:06 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-09 09:56 - 2011-12-19 17:06 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-09 09:21 - 2009-07-14 04:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-09 09:21 - 2009-07-14 04:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-09 09:13 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-09 09:13 - 2009-07-14 04:51 - 00168444 _____ () C:\Windows\setupact.log 2015-02-09 08:51 - 2013-06-29 16:40 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-09 08:46 - 2011-05-07 17:16 - 01594718 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-02-09 08:46 - 2011-04-11 17:26 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2015-02-09 08:46 - 2011-04-11 17:26 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2015-02-09 08:46 - 2009-07-14 05:13 - 01594718 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-07 17:44 - 2009-07-14 05:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-07 17:41 - 2013-06-23 15:54 - 00000000 ____D () C:\Windows\Minidump 2015-02-07 17:41 - 2013-06-23 15:53 - 719132114 _____ () C:\Windows\MEMORY.DMP 2015-02-06 13:25 - 2011-08-28 06:39 - 00000000 ____D () C:\Users\Eltern\AppData\Local\CrashDumps 2015-02-05 16:35 - 2014-08-31 07:51 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2015-02-05 14:05 - 2012-12-29 09:00 - 00000000 ____D () C:\Users\admin 2015-02-05 08:54 - 2013-08-04 15:34 - 00544768 ___SH () C:\Users\Eltern\Downloads\Thumbs.db 2015-01-27 20:08 - 2011-09-20 06:13 - 00000000 ____D () C:\Users\Eltern\Documents\Inken Arbeit 2015-01-15 13:06 - 2014-09-01 09:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-15 03:01 - 2013-07-20 12:06 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 03:01 - 2011-10-08 09:00 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 11:28 - 2014-12-13 18:34 - 00000000 ____D () C:\Users\Eltern\Documents\temp 2015-01-14 07:10 - 2014-08-16 07:50 - 00000000 ____D () C:\Users\Eltern\Documents\Portugal 2015-01-13 19:14 - 2014-12-08 07:48 - 00188642 _____ () C:\Users\Eltern\Downloads\Therapeutenliste_Stand_05.12.2014_CoachID.xlsx ==================== Files in the root of some directories ======= 2011-01-19 11:30 - 2011-01-19 11:30 - 142700671 _____ () C:\Program Files\openofficeorg1.cab 2011-01-19 11:34 - 2011-01-19 11:34 - 3003392 _____ () C:\Program Files\openofficeorg33.msi 2011-01-19 11:33 - 2011-01-19 11:33 - 0475016 _____ () C:\Program Files\setup.exe 2011-01-19 10:15 - 2011-01-19 10:15 - 0000290 _____ () C:\Program Files\setup.ini 2012-11-08 12:43 - 2012-11-08 12:48 - 0000077 _____ () C:\Users\Eltern\AppData\Roaming\Rim.Desktop.Exception.log 2012-11-08 12:41 - 2012-11-08 12:42 - 0001153 _____ () C:\Users\Eltern\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2012-11-08 12:43 - 2012-11-08 12:48 - 0000077 _____ () C:\Users\Eltern\AppData\Roaming\Rim.DesktopHelper.Exception.log 2012-10-07 14:56 - 2012-10-07 15:01 - 6312677 _____ (VIO ) C:\Users\Eltern\AppData\Roaming\vio_clean.exe 2011-09-15 15:01 - 2012-08-25 16:55 - 0001188 _____ () C:\Users\Eltern\AppData\Local\crc32list11.txt 2011-08-27 19:41 - 2011-08-27 19:41 - 0013952 _____ () C:\Users\Eltern\AppData\Local\IWDAudHelper.20110827.214114.txt 2011-08-27 19:41 - 2011-08-27 19:41 - 0000661 _____ () C:\Users\Eltern\AppData\Local\PDLSetup.20110827.214106.txt 2011-08-27 19:41 - 2011-08-27 19:41 - 0001579 _____ () C:\Users\Eltern\AppData\Local\PDLSetup.20110827.214107.txt 2011-08-27 19:41 - 2011-08-27 19:41 - 0001227 _____ () C:\Users\Eltern\AppData\Local\PDLSetup.20110827.214109.txt 2012-07-18 09:53 - 2012-07-18 09:53 - 0007597 _____ () C:\Users\Eltern\AppData\Local\Resmon.ResmonCfg Some content of TEMP: ==================== C:\Users\Eltern\AppData\Local\temp\MSETUP4.EXE ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015 Ran by Eltern at 2015-02-09 16:37:27 Running from C:\Users\Eltern\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 1&1 SmartFax (HKLM-x32\...\1&1 SmartFax) (Version: 2.00.231 - 1&1 Internet AG) 4TOPS Compare Spreadsheets using Excel 3.2.0.1 (HKLM-x32\...\xlcompare_is1) (Version: 3.2.0.1 - AGORA Software BV) 7-PDF Split & Merge Version 2.4.0 (Build 168) (HKLM-x32\...\7-PDF Split & Merge_is1) (Version: 7-PDF Split & Merge - Version 2.4.0 (Build 168) - 7-PDF, Germany - Thorsten Hodes) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH) Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - ) Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.) AIS Connect (HKLM-x32\...\AIS Connect) (Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) AIS Connect (x32 Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) Hidden Anytime USB Charge Utility (HKLM-x32\...\{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}) (Version: 1.00.00.001 - FUJITSU LIMITED) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software) BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.32 - Research in Motion Ltd.) BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.32 - Research in Motion Ltd.) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.) BrainSpeeder 3.2.105 (HKLM-x32\...\BrainSpeeder) (Version: 3.2.105 - Gehirnjogging Denkspiele kostenlos | Sudoku Denksport Brain Games) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.) Canon MG5500 series Benutzerregistrierung (HKLM-x32\...\Canon MG5500 series Benutzerregistrierung) (Version: - *Canon Inc.) Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.01 - Canon Inc.) Canon MG5500 series On-screen Manual (HKLM-x32\...\Canon MG5500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.) Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version: - ) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.) Citrix Online Plug-in - Web (HKU\S-1-5-21-1137129110-1800203016-1165673377-1001\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1908.7636 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.13.0116 - Fujitsu Technology Solutions) EASEUS Partition Master 9.1.1 Home Edition (HKLM-x32\...\EASEUS Partition Master Home Edition_is1) (Version: - EASEUS) eBay (HKLM-x32\...\{9983CD31-473F-4808-8317-5346119F0187}) (Version: 1.0.1 - eBay Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) FJ Camera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.52016.0 - Sonix) Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - Free PDF to Word Doc Converter - easy and powerful pdf converter software.) Free YouTube to MP3 Converter version 3.12.2.426 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.2.426 - DVDVideoSoft Ltd.) Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version: - ) Fujitsu Display Manager (Version: 7.01.20.212 - FUJITSU LIMITED) Hidden Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED) Fujitsu Hotkey Utility (x32 Version: 3.70.0.0 - FUJITSU LIMITED) Hidden Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 3.01.00.001 - FUJITSU LIMITED) Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.001 - FUJITSU LIMITED) Hidden Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.3.0.0 - FUJITSU LIMITED) Fujitsu System Extension Utility (Version: 3.3.0.0 - FUJITSU LIMITED) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Hercules DJ Products Series drivers (HKLM-x32\...\{33999F1F-EA46-4E55-A239-1BA803235396}) (Version: 3.HDJS.2011 - Hercules) Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version: - ) HMA! Pro VPN 2.8.11.2 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.11.2 - Privax Ltd) iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.) ImageJ 1.47v (HKLM-x32\...\ImageJ_is1) (Version: - NIH) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation) Intel(R) WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.) LibreOffice 4.1.2.3 (HKLM-x32\...\{DD3CB916-F91A-41B9-B276-CAC090E91021}) (Version: 4.1.2.3 - The Document Foundation) LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.2.1.0 - FUJITSU LIMITED) LifeBook Application Panel (Version: 8.2.1.0 - FUJITSU LIMITED) Hidden Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Med7 (HKLM-x32\...\{15DD8459-6E1B-4E21-A5AA-FE393E8EC543}) (Version: 7.82.0002 - Bitron GmbH) Med7 (HKLM-x32\...\{C09D663B-A9ED-4EEE-8CC3-2C7A3DB63514}) (Version: 7.85.0014 - Bitron GmbH) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft MapPoint Europa 2011 (HKLM-x32\...\{C82185E8-C27B-4EF4-2011-2222BC2C2B6D}) (Version: 18.0.29.1200 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4649.1003 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Might & Magic Heroes VI (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 1.8 - Ubisoft) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla) NAVIGON Fresh 3.4.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON) NVIDIA Graphics Driver 265.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 265.77 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 5.4.0.1 - FUJITSU LIMITED) Plugfree NETWORK (Version: 5.4.001 - FUJITSU LIMITED) Hidden Power Saving Utility (HKLM-x32\...\{49A588CF-5FD4-4774-BFBF-0764287DE82B}) (Version: 32.01.10.009 - FUJITSU LIMITED) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6263 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30120 - Realtek Semiconductor Corp.) Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.13898 - Aztec Media Inc) <==== ATTENTION Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.7.8524 - Skype Technologies S.A.) Skype Web Plugin (HKLM-x32\...\{69F300CB-D6BF-41DD-B7CC-983BAFF4EE15}) (Version: 3.1.15602.22612 - Skype Technologies S.A.) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Snagit 10.0.2 (HKLM-x32\...\{92D194E7-AEF9-4A9E-8620-8F3AE712E3F7}) (Version: 10.0.2 - TechSmith Corporation) SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - SopCast - Free P2P internet TV | live football, NBA, cricket) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.16.0 - Synaptics Incorporated) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Unity Web Player (HKU\S-1-5-21-1137129110-1800203016-1165673377-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS) VIO Player version 1.0.1 (HKLM-x32\...\{C8A17598-7F89-41EA-9876-0F89DA0B24F1}_is1) (Version: 1.0.1 - VIO) VirtualDJ LE (DJ4Set) (HKLM-x32\...\{787EAD29-5498-4BDB-BDF4-670A86F28DFB}) (Version: 7.0.5 - Atomix Productions) VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WISO Steuer-Sparbuch 2011 (HKLM-x32\...\{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}) (Version: 18.09.7121 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.03.7334 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.08.8317 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{843C3DDB-993A-4DBA-87AE-32F00D1235CE}) (Version: 21.08.8679 - Buhl Data Service GmbH) Wondershare PDF to Word (Build 4.0.1) (HKLM-x32\...\{90599D63-1879-4B90-BE4F-051CE70FA576}_is1) (Version: 4.0.1 - Wondershare Software) xlCompare (HKLM-x32\...\{30296F6A-A302-402E-8D9B-83FAB945BE72}) (Version: 3.3.6 - Spreadsheet Tools) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:34 - 2013-06-28 17:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ? ==================== Loaded Modules (whitelisted) ============== 2014-09-06 12:58 - 2014-09-02 08:21 - 00662032 _____ () C:\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll 2011-05-02 00:21 - 2011-04-15 01:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-01-05 19:53 - 2011-01-05 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2014-07-29 07:02 - 2014-07-02 08:13 - 01427736 ____N () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1137129110-1800203016-1165673377-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Eltern\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup MSCONFIG\startupreg: AIS_MessageForYou => "C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LoadFUJ02E3 => C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe MSCONFIG\startupreg: snp2uvc => C:\Windows\vsnp2uvc.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" MSCONFIG\startupreg: YouCam Mirror Tray icon => "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s ==================== Accounts: ============================= admin (S-1-5-21-1137129110-1800203016-1165673377-1004 - Administrator - Enabled) => C:\Users\admin Administrator (S-1-5-21-1137129110-1800203016-1165673377-500 - Administrator - Disabled) Eltern (S-1-5-21-1137129110-1800203016-1165673377-1001 - Limited - Enabled) => C:\Users\Eltern Gast (S-1-5-21-1137129110-1800203016-1165673377-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1137129110-1800203016-1165673377-1021 - Limited - Enabled) UpdatusUser (S-1-5-21-1137129110-1800203016-1165673377-1000 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/09/2015 01:07:22 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (02/09/2015 00:59:16 PM) (Source: SideBySide) (EventID: 75) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error: (02/09/2015 09:57:06 AM) (Source: MsiInstaller) (EventID: 1024) (User: Eltern-Laptop) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011010}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (02/09/2015 09:14:29 AM) (Source: Application Virtualization Client) (EventID: 3134) (User: ) Description: {tid=F28} Fehler beim Initialisieren des PerfMon-Anbieters für Application Virtualization Client (Fehler 0x80070002). Error: (02/09/2015 09:14:25 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/09/2015 08:36:44 AM) (Source: MsiInstaller) (EventID: 1024) (User: Eltern-Laptop) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011010}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (02/09/2015 08:34:13 AM) (Source: Application Virtualization Client) (EventID: 3134) (User: ) Description: {tid=169C} Fehler beim Initialisieren des PerfMon-Anbieters für Application Virtualization Client (Fehler 0x80070002). Error: (02/09/2015 08:33:53 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/09/2015 08:33:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: qsaMain.exe, Version: 0.0.0.0, Zeitstempel: 0x497e2fe7 Name des fehlerhaften Moduls: wbemprox.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdb2f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000333b ID des fehlerhaften Prozesses: 0x5f0 Startzeit der fehlerhaften Anwendung: 0xqsaMain.exe0 Pfad der fehlerhaften Anwendung: qsaMain.exe1 Pfad des fehlerhaften Moduls: qsaMain.exe2 Berichtskennung: qsaMain.exe3 Error: (02/07/2015 05:44:23 PM) (Source: Application Virtualization Client) (EventID: 3134) (User: ) Description: {tid=1420} Fehler beim Initialisieren des PerfMon-Anbieters für Application Virtualization Client (Fehler 0x80070002). System errors: ============= Error: (02/09/2015 09:56:24 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} Error: (02/09/2015 09:16:40 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: ) Description: 0x800700b7 Error: (02/09/2015 09:16:40 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: ) Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/ Error: (02/09/2015 09:16:40 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: ) Description: 0x800700b7 Error: (02/09/2015 09:16:40 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: ) Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/ Error: (02/09/2015 08:36:24 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 40. Error: (02/09/2015 08:34:59 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: ) Description: 0x800700b7 Error: (02/09/2015 08:34:59 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: ) Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/ Error: (02/09/2015 08:34:59 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: ) Description: 0x800700b7 Error: (02/09/2015 08:34:59 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: ) Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/ Microsoft Office Sessions: ========================= Error: (02/09/2015 01:07:22 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files\microsoft office 15\root\office15\lync.exe.Manifestc:\program files\microsoft office 15\root\office15\UccApi.DLL1 Error: (02/09/2015 00:59:16 PM) (Source: SideBySide) (EventID: 75) (User: ) Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe1 Error: (02/09/2015 09:57:06 AM) (Source: MsiInstaller) (EventID: 1024) (User: Eltern-Laptop) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL) Error: (02/09/2015 09:14:29 AM) (Source: Application Virtualization Client) (EventID: 3134) (User: ) Description: {tid=F28} 0x80070002 Error: (02/09/2015 09:14:25 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/09/2015 08:36:44 AM) (Source: MsiInstaller) (EventID: 1024) (User: Eltern-Laptop) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL) Error: (02/09/2015 08:34:13 AM) (Source: Application Virtualization Client) (EventID: 3134) (User: ) Description: {tid=169C} 0x80070002 Error: (02/09/2015 08:33:53 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/09/2015 08:33:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: qsaMain.exe0.0.0.0497e2fe7wbemprox.dll6.1.7600.163854a5bdb2fc00000050000333b5f001d04442e57a6ec3C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exeC:\Windows\system32\wbem\wbemprox.dll59ce7dd5-b036-11e4-b2ff-bc773732091e Error: (02/07/2015 05:44:23 PM) (Source: Application Virtualization Client) (EventID: 3134) (User: ) Description: {tid=1420} 0x80070002 CodeIntegrity Errors: =================================== Date: 2013-06-28 18:03:46.677 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\6774884_Setup\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-06-28 18:03:46.584 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\6774884_Setup\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-06-27 16:38:23.975 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\207415855_Setup\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-06-27 16:38:23.865 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\207415855_Setup\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-10-07 16:33:23.284 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvoptimusmft.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-10-07 16:33:21.213 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvoptimusmft.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-10-07 16:33:19.229 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvoptimusmft.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-10-07 16:33:17.370 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvoptimusmft.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-10-07 16:33:12.915 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvoptimusmft.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-10-07 16:33:10.939 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvoptimusmft.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz Percentage of memory in use: 37% Total physical RAM: 8104.62 MB Available physical RAM: 5047.47 MB Total Pagefile: 16207.43 MB Available Pagefile: 12767.05 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:147.66 GB) (Free:33.01 GB) NTFS Drive d: (Daten) (Fixed) (Total:530.34 GB) (Free:392.57 GB) NTFS ==================== MBR & Partition Table ================== Danke! |
09.02.2015, 20:14 | #6 |
/// the machine /// TB-Ausbilder | Blauer Bildschirm, wenn ich im Internet bin, mit Fehlercode DRIVER-IRQL-NOT-LESS-OR-EQUAL FRST bitte nochmal, unsere Tools brauchen immer ADminrechte.
__________________ --> Blauer Bildschirm, wenn ich im Internet bin, mit Fehlercode DRIVER-IRQL-NOT-LESS-OR-EQUAL |
Themen zu Blauer Bildschirm, wenn ich im Internet bin, mit Fehlercode DRIVER-IRQL-NOT-LESS-OR-EQUAL |
anderen, aufbau, bildschirm, blauer, blauer bildschirm, code, computer, detected, down, entfernt, fehler, fehlercode, google, internet, kurze, malwarebytes, nicht mehr, problem, rechner, sekunden, trojaner, windows, wirklich, wlan, zeichen |