| Zugereister | 02.02.2015 16:20 |
positive finds ads Problem unter windows 7
Hallo,
jetzt hat es mich leider auch erwischt. Ich habe seit 2 Tagen das positive finds ads Problem.
Ich hoffe ich habe alle nötigen Informationen gesammelt und es kann mir jemand helfen! Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:44 on 02/02/2015 (Björn)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-02 16:01:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006f WDC_WD50 rev.01.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\BJRN~1\AppData\Local\Temp\pxldapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077681401 2 bytes JMP 754bb21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2512] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077681419 2 bytes JMP 754bb346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077681431 2 bytes JMP 75538ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007768144a 2 bytes CALL 754948ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2512] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776814dd 2 bytes JMP 755387a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776814f5 2 bytes JMP 75538978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007768150d 2 bytes JMP 75538698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077681525 2 bytes JMP 75538a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007768153d 2 bytes JMP 754afca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2512] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077681555 2 bytes JMP 754b68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007768156d 2 bytes JMP 75538f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077681585 2 bytes JMP 75538ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007768159d 2 bytes JMP 7553865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776815b5 2 bytes JMP 754afd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776815cd 2 bytes JMP 754bb2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776816b2 2 bytes JMP 75538e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776816bd 2 bytes JMP 755385f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077681401 2 bytes JMP 754bb21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077681419 2 bytes JMP 754bb346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077681431 2 bytes JMP 75538ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007768144a 2 bytes CALL 754948ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776814dd 2 bytes JMP 755387a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776814f5 2 bytes JMP 75538978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007768150d 2 bytes JMP 75538698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077681525 2 bytes JMP 75538a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007768153d 2 bytes JMP 754afca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077681555 2 bytes JMP 754b68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007768156d 2 bytes JMP 75538f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077681585 2 bytes JMP 75538ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007768159d 2 bytes JMP 7553865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776815b5 2 bytes JMP 754afd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776815cd 2 bytes JMP 754bb2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776816b2 2 bytes JMP 75538e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776816bd 2 bytes JMP 755385f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077681401 2 bytes JMP 754bb21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[1940] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077681419 2 bytes JMP 754bb346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077681431 2 bytes JMP 75538ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007768144a 2 bytes CALL 754948ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[1940] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776814dd 2 bytes JMP 755387a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776814f5 2 bytes JMP 75538978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[1940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007768150d 2 bytes JMP 75538698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077681525 2 bytes JMP 75538a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007768153d 2 bytes JMP 754afca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[1940] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077681555 2 bytes JMP 754b68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007768156d 2 bytes JMP 75538f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077681585 2 bytes JMP 75538ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[1940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007768159d 2 bytes JMP 7553865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776815b5 2 bytes JMP 754afd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776815cd 2 bytes JMP 754bb2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776816b2 2 bytes JMP 75538e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776816bd 2 bytes JMP 755385f1 C:\Windows\syswow64\kernel32.dll
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CC8D61D5-099B-CB93-D9E3-F06A6976AC03}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CC8D61D5-099B-CB93-D9E3-F06A6976AC03}@iagjjldllacaopjjfd 0x6B 0x61 0x6E 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CC8D61D5-099B-CB93-D9E3-F06A6976AC03}@hamlphneidmnhoji 0x6B 0x61 0x6E 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CC8D61D5-099B-CB93-D9E3-F06A6976AC03}@gabmdjdkefiimp 0x61 0x63 0x65 0x67 ...
---- EOF - GMER 2.1 ----
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Björn (administrator) on PC on 02-02-2015 15:49:30
Running from E:\Anhänge + downloads
Loaded Profiles: Björn (Available profiles: Björn & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1140688 2015-01-16] (AVG Technologies CZ, s.r.o.)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2359863272-3818781890-2117585832-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-2359863272-3818781890-2117585832-1000\...\MountPoints2: {3fee05ac-e1ce-11df-82d4-20cf30ab582a} - E:\pushinst.exe
HKU\S-1-5-21-2359863272-3818781890-2117585832-1000\...\MountPoints2: {637a62e2-e1dc-11df-b133-20cf30ab582a} - E:\pushinst.exe
HKU\S-1-5-21-2359863272-3818781890-2117585832-1000\...\MountPoints2: {766e497f-f6cb-11e3-b3ed-20cf30ab582a} - G:\pushinst.exe
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ncr
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2359863272-3818781890-2117585832-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2359863272-3818781890-2117585832-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
URLSearchHook: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000 -> {7ECD17DA-C928-4c6b-A800-B5837E885DA3} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
SearchScopes: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000 -> {8977FAA2-384E-472a-B692-D842303F699B} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000 -> {AC0BE2A1-A03E-4515-8B8B-842A6B6A4672} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Java\bin\jp2ssv.dll No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: DeLorme Send To GPS -> {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} -> C:\Program Files (x86)\DeLorme\SendToGPS\PNPluginForIE.dll (DeLorme)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/JavaPlugin -> E:\Java\bin\new_plugin\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2359863272-3818781890-2117585832-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Björn\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppnplugin.dll (DeLorme)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-11-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn [2015-02-02]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF [2013-10-11]
Chrome:
=======
CHR HomePage: Default -> https://mail.google.com/mail/u/0/#inbox
CHR StartupUrls: Default -> "https://mail.google.com/mail/u/0/#inbox"
CHR Profile: C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2012-05-17]
CHR Extension: (CacheList) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\amhhdbdhoghppijbjfdkiaconkmfbbpa [2012-07-15]
CHR Extension: (Embed WMPlayer inline) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bamkbfdmckphehgiafpenehgebjgdlli [2013-03-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-14]
CHR Extension: (SocialReviver) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfipfkeoidmndggnnpobeenlamiclald [2012-10-03]
CHR Extension: (YouTube) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-28]
CHR Extension: (Ad-blocker for Gmail) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coibnogmjcpbccgjofoiklnfpbbjbapo [2015-01-27]
CHR Extension: (Google-Suche) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-28]
CHR Extension: (Ultimate Google Docs Viewer) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\edgbhipncfdgcekflcoelhmnkcfdfjcl [2012-01-28]
CHR Extension: (Gmail offline) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2012-02-23]
CHR Extension: (Facebook Disconnect) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2012-01-28]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2012-01-28]
CHR Extension: (AdBlock) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-01-28]
CHR Extension: (SearchPreview) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo [2012-01-28]
CHR Extension: (Creatures & Castles (Kreaturen & Burgen)) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpeacgpdnhofhebmincihdelcemhagd [2012-04-01]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-03-06]
CHR Extension: (Gravity Duck) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma [2012-07-08]
CHR Extension: (Google Mail-Checker) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-05-12]
CHR Extension: (SndLatr Beta for Gmail™) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfddgbpdnaeliohhkbdbcmenpnkepkgn [2015-01-18]
CHR Extension: (Google Wallet) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Google Docs Viewer fr PDF/PowerPoint (von Google)) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2012-01-28]
CHR Extension: (Robot Theme, inspired by Android™) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeljdmeofcikjblcoehpmdnooimalbmj [2012-01-28]
CHR Extension: (Auto Login) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeoibdmcpaofjgcdncagknlmlmngkgfm [2012-01-28]
CHR Extension: (Google Mail) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-28]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-27]
CHR HKLM-x32\...\Chrome\Extension: [dbgalemaidlifaeappogmgmgifhkfkee] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [865744 2015-01-16] (AVG Technologies CZ, s.r.o.)
S4 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-01] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-01-14] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S4 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2014-11-24] (AVG Technologies)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-11-24] (AVG Technologies)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2014-11-24] (AVG Technologies)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [32768 2011-06-23] (Juniper Networks) [File not signed]
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2009-03-20] (AVM GmbH)
R3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20150130.001\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20150201.004\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20150201.004\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-09-09] (TuneUp Software)
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] ()
U2 ccEvtMgr; No ImagePath
U2 ccSetMgr; No ImagePath
S3 ListOpenedFileDrv; \??\C:\Users\BJRN~1\AppData\Local\Temp\ListOpenedFileDrv_64.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
U3 navapsvc; No ImagePath
U3 SAVRT; No ImagePath
U1 SAVRTPEL; No ImagePath
U3 TlntSvr; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-02 15:49 - 2015-02-02 15:49 - 00000000 ____D () C:\FRST
2015-02-02 15:44 - 2015-02-02 15:44 - 00000000 _____ () C:\Users\Björn\defogger_reenable
2015-02-02 14:50 - 2015-02-02 15:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 14:50 - 2015-02-02 14:50 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-02 14:50 - 2015-02-02 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-02 14:50 - 2015-02-02 14:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-02 14:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 14:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-02 14:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-01 18:52 - 2015-02-01 18:52 - 00001909 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-02-01 18:52 - 2015-02-01 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-02-01 18:52 - 2015-02-01 18:52 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-01 18:18 - 2015-02-01 18:18 - 00004736 _____ () C:\Windows\system32\.crusader
2015-02-01 17:58 - 2015-02-01 18:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-01 17:42 - 2015-02-01 17:43 - 11225840 _____ (SurfRight B.V.) C:\Users\Björn\Desktop\HitmanPro_x64.exe
2015-02-01 17:34 - 2015-02-01 17:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 17:31 - 2015-02-01 17:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Björn\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-31 10:24 - 2015-01-31 10:24 - 00001760 _____ () C:\Users\Björn\Desktop\AC_IMP_Schueler.csv
2015-01-31 10:09 - 2015-01-31 10:14 - 00012497 _____ () C:\Users\Björn\Desktop\AC_IMP_Schueler.csv.xlsx
2015-01-31 09:56 - 2015-01-31 10:05 - 00000000 ____D () C:\Users\Björn\Desktop\Katharina
2015-01-31 09:37 - 2015-01-31 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-31 09:37 - 2015-01-31 09:37 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-01-31 09:37 - 2015-01-31 09:37 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-27 19:57 - 2015-01-27 19:58 - 11914926 _____ () C:\Users\Björn\Desktop\Übung Wir runden.zip
2015-01-27 19:57 - 2015-01-27 19:58 - 11549452 _____ () C:\Users\Björn\Desktop\Wir runden - Einführung.zip
2015-01-27 19:57 - 2015-01-27 19:57 - 08502458 _____ () C:\Users\Björn\Desktop\Runden 4. Klasse.zip
2015-01-27 19:02 - 2015-02-02 14:38 - 00000000 ____D () C:\AdwCleaner
2015-01-27 19:02 - 2015-01-27 19:02 - 02194432 _____ () C:\Users\Björn\Desktop\adwcleaner_4.109.exe
2015-01-26 21:03 - 2015-02-01 17:52 - 00000000 ____D () C:\Program Files (x86)\1d96d1f8-0bb9-4241-a7b8-48acf7b2d860
2015-01-24 18:53 - 2015-01-24 18:53 - 00000000 ____D () C:\NVIDIA
2015-01-24 17:18 - 2015-01-24 17:23 - 00000000 ____D () C:\Users\Björn\Desktop\F Jugend
2015-01-24 17:10 - 2015-01-24 17:20 - 00000000 ____D () C:\Users\Björn\Desktop\Sylvia
2015-01-23 18:30 - 2015-01-23 18:31 - 00000000 ____D () C:\Users\Björn\Desktop\classics
2015-01-21 18:50 - 2015-01-21 18:50 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Neuratron
2015-01-16 15:54 - 2015-01-16 15:54 - 00000604 ____H () C:\Program Files (x86)\_F2a
2015-01-16 15:53 - 2015-01-16 15:53 - 00000000 ____D () C:\Users\Björn\AppData\Local\Downloaded Installations
2015-01-16 15:49 - 2015-01-29 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid
2015-01-16 15:49 - 2015-01-29 17:20 - 00000000 ____D () C:\Users\Björn\Documents\Partituren
2015-01-16 15:48 - 2015-01-29 17:22 - 00000000 ____D () C:\Program Files (x86)\Avid
2015-01-16 15:48 - 2015-01-29 17:21 - 00000000 ____D () C:\Program Files\Avid
2015-01-16 15:48 - 2015-01-16 19:25 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Avid
2015-01-16 15:48 - 2015-01-16 15:54 - 00000000 ____D () C:\ProgramData\Avid
2015-01-15 18:28 - 2015-01-15 18:39 - 00000000 ____D () C:\Users\Björn\AppData\Local\Microsoft Games
2015-01-15 18:26 - 2015-01-15 18:26 - 00000000 ____D () C:\Program Files\Microsoft Games
2015-01-15 17:47 - 2015-01-15 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GCH Guitar academy
2015-01-15 17:46 - 2015-01-15 17:47 - 10250969 _____ () C:\Users\Björn\Downloads\metronome.zip
2015-01-15 15:34 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 15:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 15:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 15:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 15:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 15:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 15:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 15:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 15:17 - 2015-01-15 15:17 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-14 16:30 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:30 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:30 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:30 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:30 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 15:08 - 2015-01-12 15:08 - 00000000 __SHD () C:\Users\Björn\AppData\Local\EmieBrowserModeList
2015-01-12 15:03 - 2015-01-12 15:07 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Opera Software
2015-01-12 15:03 - 2015-01-12 15:07 - 00000000 ____D () C:\Users\Björn\AppData\Local\Opera Software
2015-01-12 15:01 - 2015-01-12 15:08 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-12 15:01 - 2015-01-12 15:01 - 00683144 _____ (Opera Software) C:\Users\Björn\AppData\Local\5BFEE0EB_stp.EXE
2015-01-12 15:01 - 2015-01-12 15:01 - 00178814 _____ () C:\Users\Björn\AppData\Local\67A2DA49_stp.CIS
2015-01-12 15:01 - 2015-01-12 15:01 - 00000266 _____ () C:\Users\Björn\AppData\Local\67A2DA49_stp.CIS.part
2015-01-12 15:01 - 2015-01-12 15:01 - 00000203 _____ () C:\Users\Björn\AppData\Local\5BFEE0EB_stp.EXE.part
2015-01-12 15:01 - 2015-01-12 15:01 - 00000000 ____D () C:\Users\Björn\AppData\Local\67A2DA49_stp
2015-01-12 14:48 - 2015-01-12 14:48 - 00003532 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - fed0c6122c61419cba115501b9a6789e556e4d9ebc5e45e89ac7696a743755fe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-02 15:45 - 2010-10-27 13:52 - 01867201 _____ () C:\Windows\WindowsUpdate.log
2015-02-02 15:44 - 2010-10-27 13:59 - 00000000 ____D () C:\Users\Björn
2015-02-02 15:42 - 2009-07-14 05:45 - 00027088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-02 15:42 - 2009-07-14 05:45 - 00027088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-02 15:34 - 2014-11-10 13:55 - 00031094 _____ () C:\Windows\setupact.log
2015-02-02 15:33 - 2014-11-10 13:54 - 00097042 _____ () C:\Windows\PFRO.log
2015-02-02 15:33 - 2011-01-31 19:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 15:33 - 2010-10-27 14:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-02 15:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 15:19 - 2011-01-31 19:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 15:06 - 2010-10-27 18:50 - 00000000 ____D () C:\Users\Björn\AppData\Local\CrashDumps
2015-02-02 14:56 - 2012-06-23 07:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-02 14:44 - 2012-10-16 15:34 - 00000000 ___RD () C:\Users\Björn\Dropbox
2015-02-02 14:43 - 2011-06-10 16:44 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Dropbox
2015-02-01 17:52 - 2014-07-30 08:24 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-02-01 17:52 - 2012-07-01 10:56 - 00000000 ____D () C:\ProgramData\InstallMate
2015-02-01 14:19 - 2009-07-14 18:58 - 00769364 _____ () C:\Windows\system32\perfh007.dat
2015-02-01 14:19 - 2009-07-14 18:58 - 00173682 _____ () C:\Windows\system32\perfc007.dat
2015-02-01 14:19 - 2009-07-14 06:13 - 01795000 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-01 13:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-01 10:14 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-31 10:04 - 2011-04-27 18:34 - 02778624 ___SH () C:\Users\Björn\Desktop\Thumbs.db
2015-01-31 09:38 - 2013-07-13 10:53 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\DVDVideoSoft
2015-01-31 09:23 - 2014-04-03 14:48 - 00128256 _____ () C:\Users\Björn\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-29 17:31 - 2013-03-11 15:01 - 00541984 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-27 19:05 - 2010-10-27 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 15:56 - 2012-06-23 07:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 15:56 - 2012-06-23 07:31 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 15:56 - 2011-05-28 07:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-19 15:02 - 2010-10-28 19:06 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\vlc
2015-01-16 20:29 - 2010-10-27 16:19 - 00000000 ____D () C:\Users\Björn\AppData\Local\Google
2015-01-15 18:26 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-14 18:32 - 2013-09-10 07:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 18:05 - 2010-10-30 15:53 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 17:36 - 2014-11-17 18:56 - 00000000 ____D () C:\ProgramData\Avg
2015-01-12 15:07 - 2011-05-04 18:22 - 00001425 _____ () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-12 15:01 - 2014-11-19 20:44 - 00000000 ____D () C:\Program Files\FreeFileSync
2015-01-08 16:51 - 2014-11-30 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Worksheet Crafter
2015-01-06 04:36 - 2010-10-27 19:53 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 09:02 - 2014-12-06 16:22 - 00000000 ____D () C:\Users\Björn\Desktop\neue Musik
2015-01-05 08:52 - 2014-10-04 10:47 - 00000000 ____D () C:\Users\Björn\Desktop\Musik
==================== Files in the root of some directories =======
2012-08-13 10:11 - 2012-08-13 10:11 - 141421187 _____ () C:\Program Files (x86)\openofficeorg1.cab
2012-08-13 10:09 - 2012-08-13 10:09 - 3166208 _____ () C:\Program Files (x86)\openofficeorg341.msi
2012-08-13 10:09 - 2012-08-13 10:09 - 0473600 _____ () C:\Program Files (x86)\setup.exe
2012-08-13 10:09 - 2012-08-13 10:09 - 0000294 _____ () C:\Program Files (x86)\setup.ini
2015-01-16 15:54 - 2015-01-16 15:54 - 0000604 ____H () C:\Program Files (x86)\_F2a
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\7008831
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\778ec53
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\9e4eab99
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\9ec9fdb8
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\9f40be4b
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\9fb93a41
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\a0379136
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\a0a4c767
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\a708534a
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\a7826c7b
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\aa1f965d
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\aaa8a044
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\ad7c8792
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\adfad19c
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\ae694fb3
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\b2940b5e
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\b327708e
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\e15a43be
2011-07-03 08:01 - 2011-07-03 08:01 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\e2c57082
2011-07-03 08:04 - 2011-07-03 08:04 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\f2956e57
2011-07-03 08:04 - 2011-07-03 08:04 - 0004638 _____ () C:\Users\Björn\AppData\Roaming\f3f581f9
2014-12-10 19:36 - 2014-12-10 19:36 - 1290240 _____ () C:\Users\Björn\AppData\Local\34482A67_stp.CIS
2014-12-10 19:36 - 2014-12-10 19:36 - 0000300 _____ () C:\Users\Björn\AppData\Local\34482A67_stp.CIS.part
2015-01-12 15:01 - 2015-01-12 15:01 - 0683144 _____ (Opera Software) C:\Users\Björn\AppData\Local\5BFEE0EB_stp.EXE
2015-01-12 15:01 - 2015-01-12 15:01 - 0000203 _____ () C:\Users\Björn\AppData\Local\5BFEE0EB_stp.EXE.part
2015-01-12 15:01 - 2015-01-12 15:01 - 0178814 _____ () C:\Users\Björn\AppData\Local\67A2DA49_stp.CIS
2015-01-12 15:01 - 2015-01-12 15:01 - 0000266 _____ () C:\Users\Björn\AppData\Local\67A2DA49_stp.CIS.part
2014-12-10 19:36 - 2014-12-10 19:36 - 0382062 _____ () C:\Users\Björn\AppData\Local\6AC3B58C_stp.CIS
2014-12-10 19:36 - 2014-12-10 19:36 - 0000220 _____ () C:\Users\Björn\AppData\Local\6AC3B58C_stp.CIS.part
2010-11-26 09:00 - 2014-02-02 14:19 - 0012288 _____ () C:\Users\Björn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-24 17:49 - 2013-07-24 17:49 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\Björn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvrsg4a.dll
C:\Users\Björn\AppData\Local\Temp\HitmanPro.exe
C:\Users\Björn\AppData\Local\Temp\Quarantine.exe
C:\Users\Björn\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-01 13:51
==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Björn at 2015-02-02 15:50:48
Running from E:\Anhänge + downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 Premier Edition (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Airport Madness World Edition (HKLM-x32\...\com.bigfatsimulations.airportmadnessworldedition) (Version: 1.11 - UNKNOWN)
Airport Madness World Edition (x32 Version: 1.11 - UNKNOWN) Hidden
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-2359863272-3818781890-2117585832-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2359863272-3818781890-2117585832-1000\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
AMTM (HKLM-x32\...\AMTM) (Version: 1.11 - UNKNOWN)
AMTM (x32 Version: 1.11 - UNKNOWN) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
AVG (HKLM\...\AvgZen) (Version: 1.0.445 - AVG Technologies)
AVG PC TuneUp 2015 (de-DE) (x32 Version: 15.0.1001.238 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.238 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.238 - AVG Technologies) Hidden
AVG Zen (Version: 1.0.445 - AVG Technologies) Hidden
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
Bayerische Druckschriften (3.0) (HKLM-x32\...\Bayerische Druckschriften_is1) (Version: 3.0 - Medienwerkstatt Mühlacker)
Browser Configuration Utility (HKLM-x32\...\{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}) (Version: 1.0.12.1 - DeviceVM, Inc.) <==== ATTENTION
Creative Centrale (x32 Version: 1.18.03 - Creative Technology Ltd.) Hidden
Creative Software Update (x32 Version: 1.03.01 - Creative Technology Ltd.) Hidden
CrissCross 8.40 (HKLM-x32\...\{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}) (Version: 8.4.0.0 - )
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
DeLorme Send To GPS 1.2 (HKLM-x32\...\{0F60FD8E-3E58-4F8E-BF2C-DFA4C9987AE2}_is1) (Version: - DeLorme Publishing)
Dropbox (HKU\S-1-5-21-2359863272-3818781890-2117585832-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FMW 1 (Version: 1.0.308 - AVG Technologies) Hidden
Free AVI Video Converter version 5.0.26.628 (HKLM-x32\...\Free AVI Video Converter_is1) (Version: 5.0.26.628 - DVDVideoSoft Ltd.)
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Free MP3 Cutter and Editor 2.6 (HKLM-x32\...\Free MP3 Cutter and Editor_is1) (Version: - musetips.com)
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
FreeFileSync 6.13 (HKLM-x32\...\FreeFileSync_is1) (Version: 6.13 - www.FreeFileSync.org)
Garmin Communicator Plugin (HKLM-x32\...\{E883466C-77EC-44AC-8EC8-417A4A16AB3F}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{D2DB454C-645C-448A-A0B9-B6F6C1D75BA8}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6500 E710a-f Hilfe (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.2.0 - LIGHTNING UK!)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 18167) (Version: 18167 - Intel)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Java(TM) SE Development Kit 6 Update 22 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160220}) (Version: 1.6.0.220 - Oracle)
Logitech SetPoint 6.32 (HKLM\...\SP6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2359863272-3818781890-2117585832-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSI Afterburner 2.2.1 (HKLM-x32\...\Afterburner) (Version: 2.2.1 - MSI Co., LTD)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 8.0 - PlotSoft LLC)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Q2 Internet Radio (HKLM-x32\...\Q2 Internet Radio) (Version: - Armour)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
SchoolCraft Premium Content (HKLM-x32\...\{474EE743-9983-4765-9073-0143C3FEB0C4}_is1) (Version: 2014.1.5.1 - SchoolCraft GmbH)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
SolveigMM AVI Trimmer (HKLM-x32\...\SolveigMM AVI Trimmer 2.1.1306.26) (Version: 2.1.1306.26 - Solveig Multimedia)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.2160.11 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.179 - TuneUp Software) Hidden
Vereinfachte Ausgangsschrift (3.1) (HKLM-x32\...\Vereinfachte Ausgangsschrift_is1) (Version: 3.1.0 - Medienwerkstatt Mühlacker)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Worksheet Crafter (HKLM-x32\...\{BA0ADF97-5ED4-415F-AA1B-1716582FF267}_is1) (Version: 2014.3.3.148 - SchoolCraft GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Björn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Björn\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000_Classes\CLSID\{AFD6BFDC-F329-41BB-9C53-764B965DD483}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Björn\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Björn\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Björn\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Björn\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Björn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Björn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Björn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Björn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Björn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Björn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Björn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2359863272-3818781890-2117585832-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Björn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
23-01-2015 14:25:26 Windows Update
27-01-2015 15:30:41 Windows Update
27-01-2015 18:50:44 Removed Sibelius 7 OpenType Fonts
29-01-2015 17:21:22 Removed Sibelius 7 OpenType Fonts
29-01-2015 17:22:00 Removed Avid License Control.
30-01-2015 16:00:00 Windows Update
31-01-2015 09:39:02 Uniblue PC Mechanic installation
01-02-2015 18:17:36 Prüfpunkt von HitmanPro
01-02-2015 18:18:41 Prüfpunkt von HitmanPro
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-05-13 06:24 - 2012-05-13 11:39 - 00000000 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0754A77C-DF2C-47D5-B5B7-4B5E68F89C81} - System32\Tasks\{DB42BD30-D310-49CC-A850-7523013DAE3C} => pcalua.exe -a F:\Setup.exe -d F:\
Task: {0774CE97-0418-4D4C-8D7B-D015A65AF54E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {0B1CCCC0-AC7E-41CC-BF0A-5160095C98AF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {11A3A8E9-1AF8-416A-AFCE-0B96A64B366E} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {161E41A2-E5AF-4C6A-983B-8DC76FADC9DC} - System32\Tasks\Creative Software Automatic Updater => C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe [2008-08-13] (Creative Technology Ltd)
Task: {18BC4E0D-6340-4F00-AD34-2417DD2AAA25} - System32\Tasks\{28AA613B-C1AA-4152-8DF8-A3B5BE714677} => pcalua.exe -a "E:\Anhänge + downloads\burrrn_package.exe" -d "E:\Anhänge + downloads"
Task: {260FF363-0934-4DE6-9D49-CF9D6E82BDBF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {28D95592-5D72-4415-9BCA-EBE2FAA07978} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {2A182692-3123-416F-8619-5CFE6EBF2988} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {32D5283F-26EE-4140-B46C-6EB4ACD70F36} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {38DCC234-F972-442B-B6D9-86EBDE011E02} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {39274E1B-261A-489E-BB94-6DA38705DB4D} - System32\Tasks\HP AR Program Upload - fcd7a57692ea4132a592b1b83d93f630f6ebc0cc2e144826b2ec9eb95c91a9d7 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {42C62397-39F6-41B7-9A5C-730482AC353E} - System32\Tasks\{01FAE01A-802E-4189-8946-0DB29324BD22} => pcalua.exe -a C:\Users\Björn\Desktop\EclipseCrossword_1.2.57.exe -d C:\Users\Björn\Desktop
Task: {4BA5020B-1C43-4E0F-AA85-BD72012C7E27} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {5995502F-1BFF-4505-9F5C-4E727789773E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7DA8C7E0-15CF-48E3-895B-F1ED97ED66FD} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
Task: {84283BE2-E8AA-41A4-AFF5-FDEE81FE1F19} - System32\Tasks\{8C864B61-6C34-4C67-8F37-17CCC2697F65} => pcalua.exe -a F:\Driver\Setup_Afterburner.exe -d F:\Driver
Task: {88271FAB-E157-4FD9-95F0-FA589DA8EE2E} - System32\Tasks\HP AR Program Upload - e306f2aaba704f61b32e347ee883a42a9b3cfba736f649cd9c9a0c92e8514f4a => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {93CBCEDC-F3A0-4F94-A606-978B891A608B} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {93D64D0A-538D-4225-B955-CCA214FD51F8} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {9BD38256-BBE7-41BA-92A3-5D6DE691246D} - System32\Tasks\HP AR Program Upload - fed0c6122c61419cba115501b9a6789e556e4d9ebc5e45e89ac7696a743755fe => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {A5122023-A629-4936-88C4-E9F0665C8489} - System32\Tasks\{1D742893-0BC0-4C58-9935-D546F975E99B} => pcalua.exe -a C:\Users\Björn\Desktop\word-to-html-1.6.2.exe -d C:\Users\Björn\Desktop
Task: {ADA7FAF0-64C5-448B-A906-F1DB7917344B} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-11-24] (AVG Technologies)
Task: {BEF50224-6B7A-4406-8B75-94B0A15D6814} - System32\Tasks\{EFAD8EA8-C310-46F0-8A6C-785BE8A7FD2C} => pcalua.exe -a "E:\Anhänge + downloads\irfanview_plugins_437_setup.exe" -d "E:\Anhänge + downloads"
Task: {C91E3989-2700-403F-A9C9-85052F1F4F0F} - System32\Tasks\{D35DEE37-9450-46D0-B881-8E6478360CD6} => pcalua.exe -a "E:\Anhänge + downloads\wdbackup.exe" -d "E:\Anhänge + downloads"
Task: {D2122C13-6ED2-401C-A131-B74404DEB935} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {DF5500CA-13FB-4AF1-9AF1-1B7BD69C0121} - System32\Tasks\Google Updater and Installer => C:\Users\Björn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {E06A8B47-6057-4CD0-ADCB-50FB65FDB0B8} - System32\Tasks\{C31C9300-E645-4AB4-8D60-1200F8F596EA} => pcalua.exe -a C:\WINDOWS\st6unst.exe -c -n "E:\Björn\ST6UNST.LOG"
Task: {E3382A5C-06B4-4E1F-AD46-65567B5AA74D} - System32\Tasks\HP AR Program Upload - 3e0846c5c5c44ed99b1a4502ee25b292591d55bd58014df3b5b0cabf08b3409b => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {EC0476F3-6218-46A5-8092-D0A2BB546F06} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {ED1E8EC6-81A6-454C-8D5E-361D08053092} - System32\Tasks\HP AR Program Upload - d61d694694db46f18428d01f5b55c7f0024b8e3da5c6473d917279388d564d77 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-02-09 06:57 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-03-05 08:34 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2011-10-28 07:48 - 2010-06-17 20:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2011-07-04 18:20 - 2008-06-04 07:53 - 00027648 _____ () C:\Windows\System32\spd__l.dll
2011-06-21 07:42 - 2011-06-21 07:42 - 00034304 _____ () C:\Windows\System32\sst3cl6.dll
2014-06-17 16:56 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-10-07 10:39 - 2011-10-07 10:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2014-11-24 12:48 - 2014-11-24 12:48 - 00713528 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2014-11-24 12:49 - 2014-11-24 12:49 - 00856888 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2010-10-27 14:13 - 2009-03-19 21:35 - 00208896 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
2010-10-27 14:13 - 2009-03-19 21:35 - 00008704 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
2010-10-27 14:13 - 2009-01-15 13:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2010-10-27 14:13 - 2009-03-25 15:53 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2014-11-17 18:58 - 2014-11-17 18:58 - 31842816 _____ () C:\Program Files (x86)\AVG\Framework\Common\libcef.dll
2015-01-27 16:19 - 2015-01-25 07:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-27 16:19 - 2015-01-25 07:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-27 16:19 - 2015-01-25 07:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
2015-01-27 16:19 - 2015-01-25 07:08 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF
AlternateDataStreams: C:\ProgramData\TEMP:FB1B13D8
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: BCUService => 2
MSCONFIG\Services: CTDevice_Srv => 2
MSCONFIG\Services: CTUPnPSv => 3
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Björn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Björn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Björn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Officejet 6500 E710a-f.lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Officejet 6500 E710a-f.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe"
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Björn\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\wlangui.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: Google Update => "C:\Users\Björn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: NortonUtilities => C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /H
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Scotts Gmail Alert => C:\Program Files (x86)\Scott's Gmail Alert\scottsgmailalert.exe
MSCONFIG\startupreg: SoftAuto.exe => "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-2359863272-3818781890-2117585832-500 - Administrator - Disabled)
Björn (S-1-5-21-2359863272-3818781890-2117585832-1000 - Administrator - Enabled) => C:\Users\Björn
Gast (S-1-5-21-2359863272-3818781890-2117585832-501 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/02/2015 03:06:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec
Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.8.4.0, Zeitstempel: 0x51352df8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00042016
ID des fehlerhaften Prozesses: 0xac
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (02/01/2015 06:24:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: wiaservc.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ca0f
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000047a6b
ID des fehlerhaften Prozesses: 0x844
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
Error: (02/01/2015 06:18:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000184,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000001FBED40.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Error: (02/01/2015 06:18:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001c8,(null),0,REG_BINARY,0000000000EDE120.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {1461c504-5380-43c6-b790-f03da419a525}
Error: (02/01/2015 06:18:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x0000081c,(null),0,REG_BINARY,000000000331E0D0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {7a909f3b-a6c3-480c-9d56-084d42f114e9}
Error: (02/01/2015 06:18:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001c8,(null),0,REG_BINARY,0000000000EDE120.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {1461c504-5380-43c6-b790-f03da419a525}
Error: (02/01/2015 06:18:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x0000081c,(null),0,REG_BINARY,000000000331E0D0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {7a909f3b-a6c3-480c-9d56-084d42f114e9}
Error: (02/01/2015 06:18:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001bc,(null),0,REG_BINARY,000000000189F490.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Generatorname: COM+ REGDB Writer
Generatorinstanz-ID: {31dd2045-2843-4c2c-881a-5e866350f247}
Error: (02/01/2015 06:18:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001b0,(null),0,REG_BINARY,0000000001B1EC00.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Generatorname: Registry Writer
Generatorinstanz-ID: {53aaf796-41ef-40ce-81eb-648a50b19ba8}
Error: (02/01/2015 06:18:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001bc,(null),0,REG_BINARY,000000000189F490.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Generatorname: COM+ REGDB Writer
Generatorinstanz-ID: {31dd2045-2843-4c2c-881a-5e866350f247}
System errors:
=============
Error: (02/02/2015 03:34:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UimBus
Uim_DEVIM
Uim_IM
Error: (02/02/2015 02:48:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (02/02/2015 02:42:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UimBus
Uim_DEVIM
Uim_IM
Error: (02/02/2015 02:27:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (02/02/2015 02:21:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UimBus
Uim_DEVIM
Uim_IM
Error: (02/02/2015 02:20:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1053
Error: (02/02/2015 02:20:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Net.Tcp-Portfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/02/2015 02:20:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Net.Tcp-Portfreigabedienst erreicht.
Error: (02/01/2015 06:28:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (02/01/2015 06:24:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (02/02/2015 03:06:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53ecQtCore4.dll4.8.4.051352df8c000000500042016ac01d03eef3c0ffcf8C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\QtCore4.dlla6e58aa0-aae4-11e4-bbcf-20cf30ab582a
Error: (02/01/2015 06:24:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6b84401d03e43d267d740C:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dll209a4d80-aa37-11e4-b2e2-fe77305355cc
Error: (02/01/2015 06:18:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000184,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000001FBED40.72)0x80070005, Zugriff verweigert
Error: (02/01/2015 06:18:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001c8,(null),0,REG_BINARY,0000000000EDE120.72)0x80070005, Zugriff verweigert
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {1461c504-5380-43c6-b790-f03da419a525}
Error: (02/01/2015 06:18:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x0000081c,(null),0,REG_BINARY,000000000331E0D0.72)0x80070005, Zugriff verweigert
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {7a909f3b-a6c3-480c-9d56-084d42f114e9}
Error: (02/01/2015 06:18:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001c8,(null),0,REG_BINARY,0000000000EDE120.72)0x80070005, Zugriff verweigert
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {1461c504-5380-43c6-b790-f03da419a525}
Error: (02/01/2015 06:18:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x0000081c,(null),0,REG_BINARY,000000000331E0D0.72)0x80070005, Zugriff verweigert
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {7a909f3b-a6c3-480c-9d56-084d42f114e9}
Error: (02/01/2015 06:18:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001bc,(null),0,REG_BINARY,000000000189F490.72)0x80070005, Zugriff verweigert
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Generatorname: COM+ REGDB Writer
Generatorinstanz-ID: {31dd2045-2843-4c2c-881a-5e866350f247}
Error: (02/01/2015 06:18:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001b0,(null),0,REG_BINARY,0000000001B1EC00.72)0x80070005, Zugriff verweigert
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Generatorname: Registry Writer
Generatorinstanz-ID: {53aaf796-41ef-40ce-81eb-648a50b19ba8}
Error: (02/01/2015 06:18:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001bc,(null),0,REG_BINARY,000000000189F490.72)0x80070005, Zugriff verweigert
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Generatorname: COM+ REGDB Writer
Generatorinstanz-ID: {31dd2045-2843-4c2c-881a-5e866350f247}
CodeIntegrity Errors:
===================================
Date: 2015-01-16 15:52:11.389
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\BJRN~1\AppData\Local\Temp\ListOpenedFileDrv_64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-01-16 15:52:11.285
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\BJRN~1\AppData\Local\Temp\ListOpenedFileDrv_64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 245 Processor
Percentage of memory in use: 42%
Total physical RAM: 8191.23 MB
Available physical RAM: 4749.53 MB
Total Pagefile: 16380.64 MB
Available Pagefile: 12397.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive b: (Schule) (Fixed) (Total:97.66 GB) (Free:76.02 GB) NTFS
Drive c: () (Fixed) (Total:280.12 GB) (Free:186.22 GB) NTFS
Drive d: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:879.21 GB) NTFS
Drive e: (Björn) (Fixed) (Total:58.59 GB) (Free:33.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 96DC40A8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=97.7 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: BFC4BC7D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
Hinweis: 
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
AdwCleaner auf deinen Desktop.
Malwarebytes Anti-Malware 
SecurityCheck und:
dann auf 
und dann auf 
. 
