FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Ute (administrator) on FUGENTECHNIK on 02-02-2015 10:29:40
Running from C:\Users\Ute\Desktop
Loaded Profiles: Ute & (Available profiles: Ute & admin & admin2 & Administrator & DefaultAppPool)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVM Berlin) C:\Program Files (x86)\Common Files\AVM\De_serv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(blue:solution software GmbH) C:\ProgramData\blue solution\Handwerk 5\TopAppService\TopDnsService.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Advantage 11.10\Server\ads.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.AppHost.Clr2.AnyCpu.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.AppHost.Clr4.x86.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Windows\Temp\40.0.2214.94_chrome_installer.exeb91e4fe
(Google Inc.) C:\Windows\Temp\CR_A0EA8.tmp\setup.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\Ute\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Bartels Media GmbH ) C:\Users\Ute\Desktop\PhraseExpressSetup.exe
() C:\Users\Ute\AppData\Local\Temp\is-K2DSP.tmp\PhraseExpressSetup.tmp
(Bartels Media GmbH ) C:\Users\Ute\Desktop\PhraseExpressSetup.exe
() C:\Users\Ute\AppData\Local\Temp\is-2B70N.tmp\PhraseExpressSetup.tmp
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Ute\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(blue:solution software GmbH) C:\Program Files (x86)\blue solution\Handwerk 5\Handwerk.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Run: [Amazon Music] => C:\Users\Ute\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Amazon Music] => C:\Users\Ute\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Amazon Music] => C:\Users\Ute\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Amazon Music] => C:\Users\Ute\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISDNWatch.lnk
ShortcutTarget: ISDNWatch.lnk -> C:\Program Files (x86)\FRITZ!\IWatch.exe (AVM Berlin)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\vrtoolcheckorder.exe (VR-NetWorld Software)
Startup: C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
URLSearchHook: [S-1-5-21-4278806244-3946690954-89611405-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-4278806244-3946690954-89611405-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-4278806244-3946690954-89611405-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-4278806244-3946690954-89611405-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3] ATTENTION ==> Default URLSearchHook is missing.
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Cisco WebEx-Produktivitätswerkzeuge -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Cisco WebEx-Produktivitätswerkzeuge - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Tcpip\..\Interfaces\{AD715C07-FA95-41CD-8547-8CF7B99D600E}: [NameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default
FF DefaultSearchEngine: Google
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Ute\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [Not Found]
FF Extension: No Name - C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://spiele.rtl.de/cms/index.html"
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-29]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-11-13]
CHR Extension: (Google Wallet) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-29]
CHR Profile: C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Profile 1
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Advantage; C:\Program Files (x86)\Advantage 11.10\Server\ADS.EXE [3530752 2012-11-27] (iAnywhere Solutions, Inc.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 de_serv; C:\Program Files (x86)\Common Files\AVM\de_serv.exe [206128 2007-10-25] (AVM Berlin)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
R2 TopDNS; C:\ProgramData\blue solution\Handwerk 5\TopAppService\TopDnsService.exe [2779648 2013-01-30] (blue:solution software GmbH) [File not signed]
R2 UltiDev Web Server Pro; C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe [64512 2012-09-29] (UltiDev LLC) [File not signed]
R2 UWS HiPriv Services; C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe [48128 2012-09-29] (UltiDev LLC) [File not signed]
R2 UWS LoPriv Services; C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe [44032 2012-09-29] (UltiDev LLC) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-11-14] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AVMCOWAN; C:\Windows\system32\DRIVERS\AVMCOWAN.sys [79872 2010-11-28] (AVM GmbH)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
S3 CYUSB3; C:\Windows\System32\Drivers\CYUSB3.sys [62712 2014-03-21] (Cypress Semiconductor)
R3 FUS2BASE; C:\Windows\system32\DRIVERS\fus2base.sys [696832 2010-11-28] (AVM Berlin)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [40392 2012-07-25] (Microsoft Corporation)
S3 csravrcp; \SystemRoot\System32\drivers\csravrcp.sys [X]
S3 CsrBtPort; \SystemRoot\system32\DRIVERS\CsrBtPort.sys [X]
S3 csrpan; \SystemRoot\system32\DRIVERS\csrpan.sys [X]
S3 csrserial; \SystemRoot\system32\DRIVERS\csrserial.sys [X]
S3 csrusb; \SystemRoot\System32\Drivers\csrusb.sys [X]
S3 csr_bthav; \SystemRoot\system32\drivers\csrbthav.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-02 10:29 - 2015-02-02 10:32 - 00029661 _____ () C:\Users\Ute\Desktop\FRST.txt
2015-02-02 10:28 - 2015-02-02 10:28 - 02131456 _____ (Farbar) C:\Users\Ute\Desktop\FRST64.exe
2015-02-02 10:06 - 2015-02-02 10:06 - 00000000 ____D () C:\Users\Ute\Desktop\Programme
2015-02-02 09:30 - 2015-02-02 10:07 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\AllDup
2015-02-02 09:30 - 2015-02-02 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllDup
2015-02-02 09:30 - 2015-02-02 09:30 - 00000000 ____D () C:\ProgramData\AllDup
2015-02-02 09:30 - 2015-02-02 09:30 - 00000000 ____D () C:\Program Files (x86)\AllDup
2015-02-02 09:30 - 2010-10-13 06:42 - 02369456 _____ (Codejock Software) C:\WINDOWS\SysWOW64\Codejock.CommandBars.v13.4.2.ocx
2015-02-02 09:30 - 2010-08-20 21:53 - 00086016 _____ (Michael Thummerer Software Design) C:\WINDOWS\SysWOW64\mtSplitter.ocx
2015-02-02 09:30 - 2010-06-11 10:50 - 00089888 _____ (Michael Thummerer Software Design) C:\WINDOWS\SysWOW64\mtFrame.ocx
2015-02-02 09:30 - 2010-06-01 14:45 - 01005088 _____ (Bennet-Tec Information Systems, Inc) C:\WINDOWS\SysWOW64\TList8.ocx
2015-02-02 09:30 - 2010-03-25 10:33 - 00171752 _____ (Michael Thummerer Software Design) C:\WINDOWS\SysWOW64\mtRTF2.ocx
2015-02-02 09:30 - 2009-10-13 00:02 - 00044736 _____ (Michael Thummerer Software Design) C:\WINDOWS\SysWOW64\mtSubclass.dll
2015-02-02 09:30 - 2009-10-13 00:01 - 00077504 _____ (Michael Thummerer Software Design) C:\WINDOWS\SysWOW64\mtScrollContainer.ocx
2015-02-02 09:30 - 2008-01-29 07:57 - 00450560 _____ (LogicNP Software (hxxp://www.ssware.com)) C:\WINDOWS\SysWOW64\fldrvw90.ocx
2015-02-02 08:37 - 2015-02-02 08:37 - 14129048 _____ (Bartels Media GmbH ) C:\Users\Ute\Desktop\PhraseExpressSetup.exe
2015-02-01 18:24 - 2015-02-01 18:24 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-30 23:01 - 2015-02-02 09:09 - 00000000 ___RD () C:\Users\Ute\Dropbox
2015-01-29 13:10 - 2015-01-29 13:10 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-01-28 20:57 - 2015-01-28 20:57 - 02194432 _____ () C:\Users\Ute\Desktop\AdwCleaner_4.109.exe
2015-01-25 18:22 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-25 18:22 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-14 08:02 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 08:02 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 08:02 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 08:02 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 08:02 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 08:02 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 08:02 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 08:02 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 08:02 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 08:02 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 08:02 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 08:02 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 08:02 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 08:02 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 08:02 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-09 14:45 - 2015-01-09 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advantage Database Server 11.10
2015-01-09 14:45 - 2015-01-09 14:45 - 00000000 ____D () C:\Program Files (x86)\Advantage 11.10
2015-01-09 14:32 - 2015-01-09 14:32 - 00000000 ____D () C:\Program Files\UltiDev
2015-01-09 14:31 - 2015-01-09 14:31 - 00002218 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\UltiDev Web App Explorer.lnk
2015-01-09 14:31 - 2015-01-09 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltiDev
2015-01-09 14:31 - 2015-01-09 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuWin32
2015-01-09 14:31 - 2015-01-09 14:31 - 00000000 ____D () C:\Program Files (x86)\GnuWin32
2015-01-09 14:30 - 2015-01-09 14:31 - 00026265 _____ () C:\WINDOWS\unins000.dat
2015-01-09 14:30 - 2015-01-09 14:30 - 01083233 _____ () C:\WINDOWS\unins000.exe
2015-01-09 14:04 - 2015-01-09 14:04 - 03999272 _____ (TeamViewer) C:\Users\Ute\Desktop\bss_support.exe
2015-01-07 16:43 - 2015-01-07 16:43 - 00000020 ___SH () C:\Users\DefaultAppPool.IIS APPPOOL\ntuser.ini
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Vorlagen
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Startmenü
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Netzwerkumgebung
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Lokale Einstellungen
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Eigene Dateien
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Druckumgebung
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Documents\Eigene Musik
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Documents\Eigene Bilder
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Verlauf
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Anwendungsdaten
2015-01-07 16:43 - 2015-01-07 16:43 - 00000000 _SHDL () C:\Users\DefaultAppPool.IIS APPPOOL\Anwendungsdaten
2015-01-07 16:43 - 2014-06-30 09:07 - 00000000 ____D () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Microsoft Help
2015-01-07 16:43 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-01-07 16:43 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-01-07 16:42 - 2015-01-07 16:43 - 00000000 ____D () C:\Users\DefaultAppPool.IIS APPPOOL
2015-01-07 16:42 - 2015-01-01 23:25 - 00000000 ___RD () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-07 16:42 - 2015-01-01 23:25 - 00000000 ___RD () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-07 16:42 - 2015-01-01 23:25 - 00000000 ___RD () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-07 16:42 - 2013-12-24 08:47 - 00000000 ____D () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Macromedia
2015-01-07 16:42 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-04 23:02 - 2015-01-04 23:02 - 00517413 _____ () C:\Users\Ute\Downloads\quickfolders_tabbed_folders-3.14.1-sm+tb.xpi
2015-01-04 22:47 - 2015-01-04 22:47 - 00321623 _____ () C:\Users\Ute\Downloads\sun_cult-1.3.20120620-fn+sm+fx+tb(1).xpi
2015-01-04 22:42 - 2015-01-04 22:42 - 00321623 _____ () C:\Users\Ute\Downloads\sun_cult-1.3.20120620-fn+sm+fx+tb.xpi
2015-01-04 18:04 - 2015-01-30 07:37 - 00000000 ____D () C:\Users\Ute\Desktop\Telekom Kundencenter_files
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-02 10:29 - 2014-09-07 17:19 - 00000000 ____D () C:\FRST
2015-02-02 10:26 - 2014-10-29 12:15 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 10:11 - 2014-10-10 11:05 - 00000576 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001.job
2015-02-02 10:09 - 2013-12-18 18:39 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\ClassicShell
2015-02-02 10:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-02 09:36 - 2014-04-07 08:14 - 01570510 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-02 09:36 - 2013-12-16 20:08 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4278806244-3946690954-89611405-1001
2015-02-02 09:34 - 2014-10-26 22:14 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 09:09 - 2013-12-20 13:14 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Dropbox
2015-02-02 08:26 - 2014-10-29 12:15 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 08:24 - 2014-09-24 16:48 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7191AC2D-2327-4099-A4A5-525ACFAC0F38}
2015-02-01 20:29 - 2014-10-17 10:57 - 00000000 ____D () C:\WINDOWS\uninstall
2015-02-01 19:18 - 2013-12-24 10:15 - 07521792 ___SH () C:\Users\Ute\Desktop\Thumbs.db
2015-02-01 07:54 - 2014-07-05 22:41 - 00000000 ____D () C:\Users\Ute\AppData\Local\CrashDumps
2015-01-31 20:25 - 2013-12-18 13:52 - 00000000 ___RD () C:\Users\Ute\Desktop\Stundenzettel
2015-01-31 14:38 - 2014-10-29 12:16 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-31 00:00 - 2013-12-18 13:50 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\PhotoScape
2015-01-30 23:28 - 2014-02-01 15:31 - 00027648 ____H () C:\Users\Ute\Desktop\photothumb.db
2015-01-30 23:28 - 2013-12-18 13:52 - 00000000 ____D () C:\Users\Ute\Desktop\BAM
2015-01-30 23:06 - 2013-12-20 13:15 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-30 23:01 - 2013-12-24 08:44 - 00000000 ____D () C:\Users\Ute
2015-01-30 22:02 - 2014-12-23 12:53 - 00000000 ____D () C:\AdwCleaner
2015-01-30 15:42 - 2014-03-25 18:38 - 00000000 ___RD () C:\Users\Ute\Desktop\Bendik
2015-01-30 07:42 - 2013-12-18 13:57 - 00000000 ____D () C:\Users\Ute\Documents\Dokumente
2015-01-30 07:31 - 2014-12-13 18:03 - 00000000 ____D () C:\Users\Ute\Desktop\Projekte-Angebote
2015-01-30 07:26 - 2013-11-14 08:27 - 01860582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-30 07:26 - 2013-11-14 08:11 - 00799978 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-30 07:26 - 2013-11-14 08:11 - 00168714 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-29 19:42 - 2014-04-30 07:16 - 00013180 _____ () C:\WINDOWS\setupact.log
2015-01-29 13:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-29 09:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-29 08:32 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-28 21:19 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-28 21:14 - 2014-09-04 14:11 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-28 19:57 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-28 12:39 - 2014-06-23 11:52 - 00193623 _____ () C:\ads_err.adt
2015-01-28 12:39 - 2014-06-23 11:52 - 00012844 _____ () C:\ads_err.adm
2015-01-28 12:39 - 2014-06-23 11:52 - 00006144 _____ () C:\ads_err.adi
2015-01-27 17:53 - 2013-12-16 18:35 - 00000000 ____D () C:\Users\Ute\AppData\Local\FRITZ!
2015-01-26 15:51 - 2014-10-10 11:05 - 00003580 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001
2015-01-24 21:20 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 20:53 - 2013-12-18 13:52 - 00000000 ___RD () C:\Users\Ute\Desktop\Verbrauchskalkulator
2015-01-22 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-18 14:12 - 2013-12-17 03:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-18 14:09 - 2013-12-17 03:17 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-15 21:07 - 2013-12-16 17:42 - 00000000 ____D () C:\Users\Ute\AppData\Local\VirtualStore
2015-01-15 18:13 - 2014-01-09 18:01 - 00000000 ____D () C:\ProgramData\WebEx
2015-01-15 08:29 - 2014-04-10 07:11 - 00935100 _____ () C:\WINDOWS\PFRO.log
2015-01-15 08:29 - 2013-12-18 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-14 23:34 - 2014-02-04 21:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-09 14:44 - 2014-06-23 11:48 - 00000000 ____D () C:\ADVANTAGE
2015-01-09 14:33 - 2014-12-02 14:19 - 00001024 _____ () C:\.rnd
2015-01-08 21:09 - 2014-01-09 18:02 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\webex
2015-01-05 18:57 - 2013-12-18 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-05 18:54 - 2013-12-20 14:51 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
==================== Files in the root of some directories =======
2013-12-18 14:03 - 2013-12-18 14:13 - 0000600 _____ () C:\Users\Ute\AppData\Roaming\winscp.rnd
2013-12-18 13:53 - 2013-12-18 13:56 - 0000600 _____ () C:\Users\Ute\AppData\Local\PUTTY.RND
2013-10-18 11:03 - 2013-10-18 11:03 - 0000198 ____H () C:\ProgramData\Lenovo-25838.vbs
Files to move or delete:
====================
C:\ProgramData\Lenovo-25838.vbs
Some content of TEMP:
====================
C:\Users\Ute\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprzvn6m.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-28 06:51
==================== End Of Log ============================
--- --- ---
FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Ute at 2015-02-02 10:34:14
Running from C:\Users\Ute\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.34 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advantage Database Server for Windows v11.10 (HKLM-x32\...\{8F7F5EAD-7785-4246-83F0-C6A9204AF971}) (Version: 11.10.0001 - Sybase, Inc.)
AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
Amazon Cloud Player (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden
Assessment and Deployment Kit (HKLM-x32\...\{fc46d1b2-9557-4c1f-baac-04af4d2db7e4}) (Version: 8.59.25584 - Microsoft Corporation)
Assessments on Client (x32 Version: 8.59.25584 - Microsoft) Hidden
AVM FRITZ! (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin)
AVM ISDN CAPI Port (HKLM-x32\...\AVM ISDN CAPI Port) (Version: - )
BUHL-Lizenzmanagement-Software (x32 Version: 1.01.0000 - Buhl Data Service GmbH) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Cisco WebEx-Produktivitätswerkzeuge (HKLM-x32\...\{EC4A8038-085D-4FB7-BF70-338296E33FE5}) (Version: 11.1.30800 - Cisco WebEx LLC)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Fotostory 3 für Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.15 - Microsoft Corporation)
GnuWin32: OpenSSL-0.9.8h-1 (HKLM-x32\...\OpenSSL-0.9.8h-1_is1) (Version: 0.9.8h-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
IIS 7.5 Express (HKLM-x32\...\{433E2032-D3E0-46FF-BAA4-0976F333C1E4}) (Version: 7.5.1070 - Microsoft Corporation)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Snagit 11 (HKLM-x32\...\{A7E2223E-4AE4-45C8-9B6C-1C893EDF11BD}) (Version: 11.4.0 - TechSmith Corporation)
Toolkit Documentation (x32 Version: 8.59.25584 - Microsoft) Hidden
TopApps Service (HKLM-x32\...\{B2BB7D05-F646-41C7-9CE4-CE77469C0899}_is1) (Version: 2.5.1 - )
TopKontor Handwerk Version 5 (HKLM-x32\...\{640A92A1-9B8B-4C80-B412-9595460EBC53}_is1) (Version: 5 - )
UltiDev Web Server Pro (x32 Version: 2.0.18 - UltiDev LLC) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
User State Migration Tool (x32 Version: 8.59.25584 - Microsoft) Hidden
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version: - )
WPT Redistributables (x32 Version: 8.59.25584 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.25584 - Microsoft) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
17-01-2015 18:59:36 Windows Update
23-01-2015 08:59:16 Windows Update
28-01-2015 07:15:43 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {10C464AB-F818-496E-9743-F105C3A2E2C0} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {28CD7355-CB57-4CC9-BDA7-6351E804957A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {2EC50909-A5B8-4061-900F-7FBAF516F26A} - System32\Tasks\Lenovo\Lenovo-25838 => C:\ProgramData\Lenovo-25838.vbs [2013-10-18] ()
Task: {3864244B-592B-4F61-8F7E-F61734C03B58} - System32\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001 => C:\Users\Ute\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-26] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4927924C-A5E3-47FF-B9E9-B80557B576DE} - System32\Tasks\{4DFDCA33-7855-42CE-A167-53B2FA91D197} => pcalua.exe -a "C:\Users\Ute\AppData\Roaming\1H1Q1V1N1N1O1R\PDF Creator Packages\uninstaller.exe" -c /Uninstall /NM="PDF Creator Packages" /AN="1H1Q1V1N1N1O1R" /MBN="PDF Creator Packages"
Task: {51A427BB-2B0C-4F4B-B3BE-A9A2FAD1E4DF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {57799BD6-455E-4C11-B681-1B5A10F1C796} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2013-10-04] (TechSmith Corporation)
Task: {76F82560-6DA7-4132-8EEA-034B4CEF1C14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {7A0A46B6-48C9-4E98-B0E1-58A92FC05B98} - System32\Tasks\{C0A3453F-F59B-41F6-AF5C-A7BF3415AF66} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Task: {7E83B592-067F-4486-9D07-E9250B9FCC71} - System32\Tasks\{8DC9A3B1-9955-4D2E-8E23-E1AD9817AA96} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {8D39BC23-CB47-408E-BE53-D89D35E46A7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {97F77BDD-D8DB-4943-BA5F-5338F7E8A21E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-18] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001.job => C:\Users\Ute\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-12-20 13:57 - 2006-02-23 11:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll
2013-12-20 13:57 - 2006-02-22 10:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll
2013-10-18 10:59 - 2011-08-16 19:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2013-10-18 11:15 - 2013-05-14 19:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-01-09 14:35 - 2015-01-09 14:35 - 00010752 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\07504d0b\fa6973ba\App_Web_a0d7vllk.dll
2015-01-09 14:35 - 2015-01-09 14:35 - 00049152 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\07504d0b\fa6973ba\App_Web_r9q6hagu.dll
2014-01-25 02:22 - 2014-10-03 17:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-01-31 15:13 - 2014-12-08 07:27 - 06277952 _____ () C:\Users\Ute\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-02-02 08:37 - 2015-02-02 08:37 - 00793088 _____ () C:\Users\Ute\AppData\Local\Temp\is-K2DSP.tmp\PhraseExpressSetup.tmp
2015-02-02 08:37 - 2015-02-02 08:37 - 00793088 _____ () C:\Users\Ute\AppData\Local\Temp\is-2B70N.tmp\PhraseExpressSetup.tmp
2015-01-30 14:34 - 2013-11-26 10:52 - 02698240 _____ () C:\ProgramData\blue solution\Handwerk 5\ServiceProcs069DBDC7.aep
2013-12-16 19:57 - 2013-01-23 08:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-02-04 21:20 - 2015-01-14 23:34 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-02-04 21:20 - 2015-01-14 23:34 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-02-04 21:20 - 2015-01-14 23:34 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-01-31 14:37 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-31 14:37 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-01-31 14:37 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2015-02-02 08:37 - 2015-02-02 08:37 - 00013312 _____ () C:\Users\Ute\AppData\Local\Temp\is-U8BFN.tmp\_isetup\_isdecmp.dll
2015-01-08 21:44 - 2015-01-08 21:44 - 00750080 _____ () C:\Users\Ute\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-02 09:09 - 2015-02-02 09:09 - 00043008 _____ () c:\users\ute\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprzvn6m.dll
2015-01-08 21:44 - 2015-01-08 21:44 - 00047616 _____ () C:\Users\Ute\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-01-08 21:44 - 2015-01-08 21:44 - 00863744 _____ () C:\Users\Ute\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-01-08 21:44 - 2015-01-08 21:44 - 00200704 _____ () C:\Users\Ute\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Ute\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Ute\Desktop\Ihr Gutschein für druckerzubehoer.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\Ute\Desktop\Ihr Jochen Schweizer Beleg.eml:OECustomProperty
AlternateDataStreams: C:\Users\Ute\Desktop\[Ticket#10297215] Ihre Buchung bei Jochen Schweizer Erlebnisse.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "ISDNWatch.lnk"
HKLM\...\StartupApproved\StartupFolder: => "VR-NetWorld Auftragsprüfung.lnk"
HKLM\...\StartupApproved\Run: => "vksts"
HKLM\...\StartupApproved\Run: => "TrayApplication"
HKLM\...\StartupApproved\Run: => "CsrAudioguiCtrl"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LVT"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "BrMfcWnd"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "PPort11reminder"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PSUAMain"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\Run: => "PTOneClick"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "PTOneClick"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "PTOneClick"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\Run: => "PTOneClick"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\StartupApproved\Run: => "PTOneClick"
========================= Accounts: ==========================
admin (S-1-5-21-4278806244-3946690954-89611405-1005 - Administrator - Enabled) => C:\Users\admin
admin2 (S-1-5-21-4278806244-3946690954-89611405-1006 - Limited - Enabled) => C:\Users\admin2
Administrator (S-1-5-21-4278806244-3946690954-89611405-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-4278806244-3946690954-89611405-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4278806244-3946690954-89611405-1004 - Limited - Enabled)
Ute (S-1-5-21-4278806244-3946690954-89611405-1001 - Administrator - Enabled) => C:\Users\Ute
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/02/2015 10:08:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1234
Startzeit: 01d03eb8d0528f9b
Endzeit: 0
Anwendungspfad: C:\WINDOWS\Explorer.EXE
Berichts-ID: dc484586-aaba-11e4-bf23-7427eae5d5e4
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/02/2015 09:09:45 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Error: (02/01/2015 07:21:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm PhotoStory3.exe, Version 3.0.1115.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c94
Startzeit: 01d03e4b130d61c2
Endzeit: 15
Anwendungspfad: C:\Program Files (x86)\Photo Story 3 for Windows\PhotoStory3.exe
Berichts-ID: 008922a7-aa3f-11e4-bf23-7427eae5d5e4
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/01/2015 06:24:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Error: (02/01/2015 06:24:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Error: (02/01/2015 06:24:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Error: (02/01/2015 06:24:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Error: (02/01/2015 06:24:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Error: (02/01/2015 07:54:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x64928b76
ID des fehlerhaften Prozesses: 0x2c8
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5
Error: (01/31/2015 08:50:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1a84
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5
System errors:
=============
Error: (02/01/2015 11:59:59 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (02/01/2015 11:59:59 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (02/01/2015 11:59:59 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (02/01/2015 11:59:59 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (02/01/2015 10:07:42 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (02/01/2015 10:07:12 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (02/01/2015 11:55:59 AM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (02/01/2015 11:55:29 AM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (02/01/2015 09:24:00 AM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (02/01/2015 09:23:30 AM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-02-02 08:56:07.806
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-02 08:56:07.697
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-02 08:56:07.588
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-02 08:56:04.149
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-02 08:56:04.040
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-02 08:56:03.024
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-01 22:22:12.303
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-01 22:22:12.131
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-01 22:22:11.959
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-01 22:22:11.771
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 66%
Total physical RAM: 4010.35 MB
Available physical RAM: 1332.11 MB
Total Pagefile: 5444.11 MB
Available Pagefile: 1709.58 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:439.16 GB) (Free:366.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A5C61E19)
Partition: GPT Partition Type.
==================== End Of Log ============================
--- --- --- |
Pande FW blockiert obwohl Programm deinstalliert
(https://www.trojaner-board.de/163472-pande-fw-blockiert-obwohl-programm-deinstalliert.html)
FRST 32-Bit | FRST 64-Bit
Lesestoff: