==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(ESTOS GmbH) C:\Windows\System32\EACuSrv.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\NTRTScan.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\TmListen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\TmCCSF.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Xerox Corporation) C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe
() C:\Windows\System32\xdnorbgnd.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Users\andreas.chudalla\AppData\Local\winengine\rkr0.exe
(PC Utilities Software Limited) C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9}\OptimizerProInstaller.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\PccNTMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Autodesk, Inc.) C:\Program Files\Autodesk\AutoCAD LT 2013\acadlt.exe
(Flexera Software, Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Autodesk, Inc.) C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\AutoCAD LT 2013\AdExchange\AcBrowserHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [XeroxScanUtility] => C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe [2390784 2010-09-16] (Xerox Corporation)
HKLM\...\Run: [XeroxEndeavorBackgroundTask] => C:\windows\system32\xdnorbgnd.exe [146176 2010-09-16] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [ECtiClient] => C:\Program Files (x86)\ESTOS\ProCall 4\eCtiClient.exe [21245240 2013-01-18] (ESTOS GmbH)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\Security Agent\pccntmon.exe [1989040 2014-02-17] (Trend Micro Inc.)
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\...\Run: [winengine] => C:\Users\andreas.chudalla\AppData\Local\winengine\rkr0.exe [511416 2014-12-12] ()
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\...\Run: [winengine2] => C:\Users\andreas.chudalla\AppData\Local\winengine\rkr1.exe [511416 2014-12-12] ()
Startup: C:\Users\andreas.chudalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerProInstaller.lnk
ShortcutTarget: OptimizerProInstaller.lnk -> C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9}\OptimizerProInstaller.exe (PC Utilities Software Limited)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll (Autodesk, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: browsersupport helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\browsersupport\browsersupport.dll (appllc)
BHO-x32: No Name -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: browsersupport helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\browsersupport\browsersupport.dll (appllc)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3409918318-3268832435-3554840575-1245 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.81.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\andreas.chudalla\AppData\Roaming\Mozilla\Firefox\Profiles\s2nhj9ft.default-1423134047471
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\andreas.chudalla\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\andreas.chudalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-22]
CHR Extension: (Google Docs) - C:\Users\andreas.chudalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-22]
CHR Extension: (Google Drive) - C:\Users\andreas.chudalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-22]
CHR Extension: (YouTube) - C:\Users\andreas.chudalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-22]
CHR Extension: (Google-Suche) - C:\Users\andreas.chudalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-22]
CHR Extension: (Google Tabellen) - C:\Users\andreas.chudalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-22]
CHR Extension: (Google Wallet) - C:\Users\andreas.chudalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-22]
CHR Extension: (Google Mail) - C:\Users\andreas.chudalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 EACUSrv; C:\Windows\system32\EACuSrv.exe [6876008 2014-01-15] (ESTOS GmbH)
S3 edsservice; C:\Program Files (x86)\ESTOS\ProCall 4\EDeskShareService.exe [652632 2013-01-18] (ESTOS GmbH)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\Security Agent\ntrtscan.exe [3747816 2014-02-17] (Trend Micro Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R3 TmCCSF; C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\TmCCSF.exe [661912 2014-02-17] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\Security Agent\tmlisten.exe [4041088 2014-02-17] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files (x86)\Trend Micro\Security Agent\TmProxy.exe [929328 2014-01-22] (Trend Micro Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 3wareDrv; C:\Windows\system32\drivers\3wareDrv.sys [125224 2011-08-11] (LSI)
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [51496 2012-01-17] (LSI Corporation)
S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-06-03] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 O2MDRDR; C:\Windows\system32\drivers\o2mdx64.sys [63264 2009-05-07] (O2Micro )
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [286232 2013-10-31] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\Security Agent\TmXPFlt.sys [351032 2014-08-30] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\Security Agent\TmPreFlt.sys [44856 2014-08-30] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2013-09-26] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\Security Agent\VSApiNt.sys [2316600 2014-08-30] (Trend Micro Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NmPar; \SystemRoot\system32\drivers\NmPar.sys [X]
S3 nmserial; \SystemRoot\system32\drivers\nmserial.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 14:13 - 2015-02-05 14:13 - 00000000 ____D () C:\FRST
2015-02-05 14:03 - 2015-02-05 14:03 - 00001124 _____ () C:\Users\andreas.chudalla\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-05 13:53 - 2015-02-05 13:53 - 00009271 _____ () C:\Users\andreas.chudalla\Desktop\hijackthis.log
2015-02-05 13:05 - 2015-02-05 13:05 - 00000085 _____ () C:\windows\wininit.ini
2015-02-05 12:55 - 2015-02-05 13:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-05 12:55 - 2015-02-05 13:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-05 12:55 - 2015-02-05 12:55 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-02-05 12:54 - 2015-02-05 12:54 - 05027328 _____ () C:\Users\andreas.chudalla\Desktop\stuttgart.dwg
2015-02-05 12:54 - 2015-02-05 12:54 - 01191200 _____ () C:\Users\andreas.chudalla\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-02-05 12:54 - 2015-02-05 12:54 - 00000213 ____H () C:\Users\andreas.chudalla\Desktop\stuttgart.dwl2
2015-02-05 12:54 - 2015-02-05 12:54 - 00000063 ____H () C:\Users\andreas.chudalla\Desktop\stuttgart.dwl
2015-02-05 12:52 - 2015-02-05 13:49 - 00018492 _____ () C:\windows\WindowsUpdate.log
2015-02-05 12:47 - 2015-02-05 12:47 - 02194432 _____ () C:\Users\andreas.chudalla\Downloads\AdwCleaner09(2).exe
2015-02-05 10:16 - 2015-02-05 10:16 - 02194432 _____ () C:\Users\andreas.chudalla\Downloads\adwcleaner_4.109(1).exe
2015-02-05 10:11 - 2015-02-05 10:11 - 02194432 _____ () C:\Users\andreas.chudalla\Downloads\adwcleaner_4.109.exe
2015-02-05 09:56 - 2015-02-05 09:56 - 02194432 _____ () C:\Users\andreas.chudalla\Downloads\AdwCleaner09(1).exe
2015-02-05 09:50 - 2015-02-05 09:50 - 02194432 _____ () C:\Users\andreas.chudalla\Downloads\AdwCleaner09.exe
2015-02-05 09:47 - 2015-02-05 13:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-05 08:16 - 2015-02-05 08:16 - 00000000 ____D () C:\Program Files (x86)\browsersupport
2015-02-05 08:05 - 2015-02-05 08:05 - 00000000 ____D () C:\shoplog
2015-02-05 08:00 - 2015-02-05 08:15 - 00000822 _____ () C:\windows\DCEBOOT.RST
2015-02-05 08:00 - 2015-02-05 08:00 - 00635102 _____ () C:\windows\system32\errordetails.xml
2015-02-05 07:58 - 2015-02-05 07:58 - 00000000 ____D () C:\Users\andreas.chudalla\AppData\Local\winengine
2015-02-05 07:57 - 2015-02-05 07:57 - 00003344 _____ () C:\windows\System32\Tasks\sondhschedule
2015-02-05 07:55 - 2015-02-05 08:02 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-02-05 07:55 - 2015-02-05 08:00 - 00025136 _____ (Trend Micro Inc.) C:\windows\DCEBoot64.exe
2015-02-05 07:55 - 2015-02-05 08:00 - 00000000 ____D () C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9}
2015-02-05 07:55 - 2015-02-05 07:56 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-05 07:55 - 2015-02-05 07:55 - 00240176 _____ (Trend Micro Inc.) C:\windows\RegBootClean64.exe
2015-02-05 07:49 - 2015-02-05 07:49 - 37968904 _____ (ICQ) C:\Users\andreas.chudalla\Downloads\icq_83rfrset.exe
2015-01-28 16:07 - 2015-01-28 17:23 - 00562028 ____N () C:\Users\andreas.chudalla\Bauleiterschulung Fa. Kollmer 29.1.15.pptx
2015-01-22 14:51 - 2015-01-22 14:51 - 00000000 __SHD () C:\Users\andreas.chudalla\AppData\Local\EmieUserList
2015-01-22 14:51 - 2015-01-22 14:51 - 00000000 __SHD () C:\Users\andreas.chudalla\AppData\Local\EmieSiteList
2015-01-22 14:48 - 2015-01-22 14:48 - 00880784 _____ (Google Inc.) C:\Users\andreas.chudalla\Downloads\ChromeSetup.exe
2015-01-21 08:15 - 2015-01-21 08:15 - 00000211 ____H () C:\Users\andreas.chudalla\Documents\Zeichnung1.dwl2
2015-01-21 08:15 - 2015-01-21 08:15 - 00000061 ____H () C:\Users\andreas.chudalla\Documents\Zeichnung1.dwl
2015-01-20 15:10 - 2015-02-03 07:36 - 00000000 ____D () C:\Users\andreas.chudalla\Desktop\Stunden
2015-01-09 09:01 - 2015-01-09 09:01 - 00000000 __SHD () C:\Users\Lena.Fraunholz\AppData\Local\EmieUserList
2015-01-09 09:01 - 2015-01-09 09:01 - 00000000 __SHD () C:\Users\Lena.Fraunholz\AppData\Local\EmieSiteList
2015-01-09 09:01 - 2015-01-09 09:01 - 00000000 ____D () C:\Users\Lena.Fraunholz\AppData\Roaming\Macromedia
2015-01-08 07:57 - 2015-01-08 07:57 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-08 07:56 - 2015-01-16 12:10 - 00001982 ____H () C:\Users\Lena.Fraunholz\Documents\Default.rdp
2015-01-08 07:56 - 2015-01-08 07:56 - 00001425 _____ () C:\Users\Lena.Fraunholz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-08 07:56 - 2015-01-08 07:56 - 00000842 __RSH () C:\Users\Lena.Fraunholz\ntuser.pol
2015-01-08 07:56 - 2015-01-08 07:56 - 00000020 ___SH () C:\Users\Lena.Fraunholz\ntuser.ini
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\Vorlagen
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\Startmenü
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\Netzwerkumgebung
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\Lokale Einstellungen
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\Eigene Dateien
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\Druckumgebung
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\Documents\Eigene Musik
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\Documents\Eigene Bilder
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\AppData\Local\Verlauf
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\AppData\Local\Anwendungsdaten
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\Anwendungsdaten
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 ___RD () C:\Users\Lena.Fraunholz\Virtual Machines
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 ____D () C:\Users\Lena.Fraunholz\AppData\Roaming\Windows Small Business Server
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 ____D () C:\Users\Lena.Fraunholz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Small Business Server 2008
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 ____D () C:\Users\Lena.Fraunholz\AppData\Roaming\ESTOS
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 ____D () C:\Users\Lena.Fraunholz\AppData\Roaming\Adobe
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 ____D () C:\Users\Lena.Fraunholz\AppData\Local\NVIDIA
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 ____D () C:\Users\Lena.Fraunholz\AppData\Local\Autodesk
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 ____D () C:\Users\Lena.Fraunholz
2015-01-08 07:56 - 2014-01-15 17:22 - 00000000 ____D () C:\Users\Lena.Fraunholz\AppData\Local\ESTOS
2015-01-08 07:56 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Lena.Fraunholz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-08 07:56 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Lena.Fraunholz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 14:01 - 2014-08-18 11:10 - 00010786 _____ () C:\windows\cfgall.ini
2015-02-05 13:39 - 2014-05-13 13:13 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 13:32 - 2013-03-25 14:24 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 13:16 - 2013-11-05 07:27 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 13:16 - 2009-07-14 06:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-02-05 12:57 - 2012-05-01 10:44 - 00735410 _____ () C:\windows\system32\perfh007.dat
2015-02-05 12:57 - 2012-05-01 10:44 - 00162808 _____ () C:\windows\system32\perfc007.dat
2015-02-05 12:57 - 2009-07-14 06:13 - 01715220 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-05 12:57 - 2009-07-14 05:45 - 00027344 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 12:57 - 2009-07-14 05:45 - 00027344 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 12:51 - 2014-08-18 11:10 - 00983160 _____ () C:\windows\SysWOW64\TmInstall.log
2015-02-05 12:51 - 2014-08-18 11:10 - 00543424 _____ () C:\windows\system32\TmInstall.log
2015-02-05 12:51 - 2013-03-25 14:24 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 12:50 - 2014-05-13 13:37 - 00000000 ____D () C:\AdwCleaner
2015-02-05 12:50 - 2012-06-06 08:04 - 00000128 _____ () C:\windows\system32\config\netlogon.ftl
2015-02-05 12:50 - 2012-05-31 09:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-05 12:50 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-05 12:43 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\IME
2015-02-05 12:35 - 2014-02-11 09:08 - 00035852 _____ () C:\Users\andreas.chudalla\Documents\plot.log
2015-02-05 12:32 - 2014-05-13 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-05 12:32 - 2014-05-13 13:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-05 10:17 - 2013-10-01 06:38 - 00002002 ____H () C:\Users\andreas.chudalla\Documents\Default.rdp
2015-02-05 09:22 - 2013-10-01 06:30 - 00001451 _____ () C:\Users\andreas.chudalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-05 08:15 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-02 14:07 - 2013-10-01 06:34 - 00000000 ____D () C:\Users\andreas.chudalla\AppData\Local\cache
2015-01-30 08:19 - 2013-10-01 06:30 - 00000000 ____D () C:\Users\andreas.chudalla
2015-01-30 07:48 - 2014-03-25 07:49 - 00000000 ____D () C:\Users\andreas.chudalla\Desktop\F5
2015-01-26 09:16 - 2013-11-05 07:27 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-26 09:16 - 2013-03-25 14:23 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 09:16 - 2013-03-25 14:23 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 08:18 - 2014-03-24 07:36 - 00000000 ____D () C:\Users\andreas.chudalla\Urlaub
2015-01-22 14:51 - 2013-03-25 14:23 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-22 14:49 - 2013-10-01 06:31 - 00000000 ____D () C:\Users\andreas.chudalla\AppData\Local\Google
2015-01-08 07:56 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
==================== Files in the root of some directories =======
2013-06-28 08:34 - 2013-06-28 08:34 - 0000949 _____ () C:\Program Files (x86)\Programme (x86) - Verknüpfung.lnk
2013-03-27 15:01 - 2013-03-27 15:01 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-03 00:11
==================== End Of Log ============================
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by andreas.chudalla at 2015-02-05 14:13:45
Running from C:\Users\andreas.chudalla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TP6WHV59
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Trend Micro Security Agent (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Trend Micro Security Agent Anti-Spyware (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AutoCAD LT 2013 - Deutsch (German) (HKLM\...\AutoCAD LT 2013 - Deutsch (German)) (Version: 19.0.55.0 - Autodesk)
AutoCAD LT 2013 - Deutsch (German) (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD LT 2013 Language Pack - Deutsch (German) (Version: 19.0.55.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
browsersupport (HKU\S-1-5-21-3409918318-3268832435-3554840575-1245 Version: 5 - ${CompanyName}) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
DigiTrakLWD (HKLM-x32\...\{D16E1774-E054-4684-815E-1D7E652327EF}) (Version: 2.012.00.000 - Digital-Control, Inc.)
ESS Energie Indikator (HKLM-x32\...\{6E83470B-5EE2-407D-ABFC-CC87E070ED8C}) (Version: 20.13.0 - Nemetschek Allplan GmbH)
ESTOS ProCall (HKLM-x32\...\{F2D50027-E910-4C2C-AC57-E7D806AAE64E}) (Version: 4.1.10.20036 - ESTOS)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM-x32\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
NVIDIA 3D Vision Controller-Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{6BC1F8BE-E812-43FC-B648-90770D1C8F34}) (Version: 6.3a - Silicon Laboratories, Inc.)
Trend Micro Worry-Free Business Security Agent (HKLM\...\Wofie) (Version: 19.0.1240 - Trend Micro Inc.)
Trend Micro Worry-Free Business Security Agent (Version: 9.0 - Trend Micro Inc.) Hidden
Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.6 - Microsoft Corporation)
Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports (10/18/2013 6.6.1.0) (HKLM\...\F92C2D6CB4EA0EE558BDF5F8BDD69083DFC62179) (Version: 10/18/2013 6.6.1.0 - Silicon Laboratories)
winengine (HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\...\winengine) (Version: 20.020 - Ad business Crown Solutions)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3409918318-3268832435-3554840575-1245_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD LT 2013\acadlt.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3409918318-3268832435-3554840575-1245_Classes\CLSID\{74F5CC00-49A9-11CF-A2F9-444553540000}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD LT 2013\de-DE\acadltficn.dll (Autodesk, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-05-13 13:31 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {309DDB9E-E5B2-49C4-A862-37419536E206} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-26] (Adobe Systems Incorporated)
Task: {386DF147-2C4A-43F7-BFBA-74BEECE839E6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {39CCE3F9-BEB4-4791-85E6-1F7E953517E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {3DBC1268-8B24-4A0D-B3C9-B0D747045405} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {462282DE-B532-47A9-9088-E092C9F7DD9B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {E144FE06-4742-4F39-904C-BCC78CF23486} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {F561A6DF-A3DF-43D0-87F0-D328B86A4C31} - System32\Tasks\sondhschedule => C:\Users\andreas.chudalla\AppData\Roaming\browsersupport\browsersupport-Installer.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2011-08-31 12:55 - 2011-08-31 12:55 - 00801792 _____ () C:\Program Files (x86)\Trend Micro\Security Agent\sqlite3.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00397824 _____ () C:\windows\system32\xiputil.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00465408 _____ () C:\windows\system32\xipinterp.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00204800 _____ () C:\windows\system32\xesup.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 01737728 _____ () C:\windows\system32\xeext.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00214016 _____ () C:\windows\system32\xipsup.DLL
2013-04-17 14:32 - 2009-08-14 04:02 - 00287232 _____ () C:\windows\system32\documentio.DLL
2013-04-17 14:32 - 2009-08-14 04:02 - 00080384 _____ () C:\windows\system32\diotifffx.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00009216 _____ () C:\windows\system32\xiplibxml.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 01341952 _____ () C:\windows\system32\xrx_xml2.dll
2013-04-17 14:32 - 2009-08-14 04:03 - 00207360 _____ () C:\windows\system32\xrx_xslt.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00587264 _____ () C:\windows\system32\xipxmlsec.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 04120064 _____ () C:\windows\system32\xeng.DLL
2013-04-17 14:32 - 2009-08-14 04:02 - 00223232 _____ () C:\windows\system32\lcms.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00204288 _____ () C:\windows\system32\xi.dll
2009-07-02 15:32 - 2009-07-02 15:32 - 00089088 _____ () C:\Program Files (x86)\Trend Micro\Security Agent\zlibwapi.dll
2012-05-31 09:03 - 2014-02-08 18:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-01-16 09:19 - 2013-01-16 09:19 - 00048128 _____ () C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\boost_date_time-vc110-mt-1_49.dll
2013-04-02 11:25 - 2013-04-02 11:25 - 00675840 _____ () C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\sqlite3.dll
2013-01-16 09:23 - 2013-01-16 09:23 - 00058368 _____ () C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\boost_thread-vc110-mt-1_49.dll
2013-04-17 14:32 - 2010-09-16 15:34 - 00146176 _____ () C:\Windows\System32\xdnorbgnd.exe
2013-04-17 14:32 - 2009-08-14 04:02 - 00397824 _____ () C:\Windows\System32\xiputil.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00465408 _____ () C:\Windows\System32\xipinterp.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00204800 _____ () C:\Windows\System32\xesup.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 01737728 _____ () C:\Windows\System32\xeext.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00214016 _____ () C:\Windows\System32\xipsup.DLL
2013-04-17 14:32 - 2009-08-14 04:02 - 00287232 _____ () C:\Windows\System32\documentio.DLL
2013-04-17 14:32 - 2009-08-14 04:02 - 00080384 _____ () C:\Windows\System32\diotifffx.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00009216 _____ () C:\Windows\System32\xiplibxml.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 01341952 _____ () C:\Windows\System32\xrx_xml2.dll
2013-04-17 14:32 - 2009-08-14 04:03 - 00207360 _____ () C:\Windows\System32\xrx_xslt.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00587264 _____ () C:\Windows\System32\xipxmlsec.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 04120064 _____ () C:\Windows\System32\xeng.DLL
2013-04-17 14:32 - 2009-08-14 04:02 - 00223232 _____ () C:\Windows\System32\lcms.dll
2013-04-17 14:32 - 2009-08-14 04:02 - 00204288 _____ () C:\Windows\System32\xi.dll
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-12-12 13:34 - 2014-12-12 13:34 - 00511416 _____ () C:\Users\andreas.chudalla\AppData\Local\winengine\rkr0.exe
2012-02-07 06:10 - 2012-02-07 06:10 - 00755624 _____ () C:\Program Files\Autodesk\AutoCAD LT 2013\acapp.crx
2012-02-07 06:10 - 2012-02-07 06:10 - 00184744 _____ () C:\Program Files\Autodesk\AutoCAD LT 2013\accloudconnect.crx
2012-02-07 06:10 - 2012-02-07 06:10 - 00181672 _____ () C:\Program Files\Autodesk\AutoCAD LT 2013\acismui.crx
2012-02-07 06:10 - 2012-02-07 06:10 - 01382312 _____ () C:\Program Files\Autodesk\AutoCAD LT 2013\acvmtools.crx
2012-02-07 06:10 - 2012-02-07 06:10 - 00826280 _____ () C:\Program Files\Autodesk\AutoCAD LT 2013\accmmgr.crx
2012-02-07 06:10 - 2012-02-07 06:10 - 00111016 _____ () C:\Program Files\Autodesk\AutoCAD LT 2013\acparameter.crx
2012-02-07 06:10 - 2012-02-07 06:10 - 00973736 _____ () C:\Program Files\Autodesk\AutoCAD LT 2013\acdim.crx
2011-04-29 20:23 - 2011-04-29 20:23 - 00125376 _____ () C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\axutil.dll
2011-04-29 20:23 - 2011-04-29 20:23 - 00385984 _____ () C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\axis2_engine.dll
2011-04-29 20:23 - 2011-04-29 20:23 - 00158144 _____ () C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\axiom.dll
2011-04-29 20:23 - 2011-04-29 20:23 - 00034752 _____ () C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\axis2_parser.dll
2011-04-29 20:27 - 2011-04-29 20:27 - 01315264 _____ () C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\libxml2.dll
2011-04-29 20:23 - 2011-04-29 20:23 - 00103360 _____ () C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\neethi.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\Control Panel\Desktop\\Wallpaper -> C:\Users\andreas.chudalla\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
admin (S-1-5-21-3572959257-616895921-2767358109-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3572959257-616895921-2767358109-500 - Administrator - Disabled)
Gast (S-1-5-21-3572959257-616895921-2767358109-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/05/2015 00:43:57 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (02/05/2015 00:43:57 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (02/05/2015 00:43:57 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (02/05/2015 00:43:57 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (02/05/2015 00:43:57 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (02/05/2015 00:43:57 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (02/05/2015 00:43:57 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (02/05/2015 00:43:57 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (02/05/2015 00:43:57 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
Error: (02/05/2015 00:43:57 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (4412) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00074.log.
System errors:
=============
Error: (02/05/2015 01:43:59 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (02/05/2015 01:43:59 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (02/05/2015 01:43:59 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (02/05/2015 01:35:03 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (02/05/2015 01:35:02 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (02/05/2015 01:35:02 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (02/05/2015 00:44:27 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (02/05/2015 00:43:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/05/2015 00:43:57 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Error: (02/05/2015 09:52:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "FLEXnet Licensing Service 64" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (02/05/2015 00:43:57 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (02/05/2015 00:43:57 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (02/05/2015 00:43:57 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (02/05/2015 00:43:57 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (02/05/2015 00:43:57 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
Error: (02/05/2015 00:43:57 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (02/05/2015 00:43:57 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (02/05/2015 00:43:57 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
4700
Error: (02/05/2015 00:43:57 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
Error: (02/05/2015 00:43:57 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows4412Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00074.log-1811
CodeIntegrity Errors:
===================================
Date: 2014-05-13 14:30:37.730
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-13 14:30:37.714
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 35%
Total physical RAM: 8154.33 MB
Available physical RAM: 5251.36 MB
Total Pagefile: 16306.84 MB
Available Pagefile: 13381.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:55.8 GB) (Free:8.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:465.76 GB) (Free:292.87 GB) NTFS
Drive g: (kollmerdaten) (Network) (Total:557.75 GB) (Free:241.45 GB) NTFS
Drive r: (Daten) (Network) (Total:309.4 GB) (Free:203.6 GB) NTFS
Drive u: (Daten) (Network) (Total:309.4 GB) (Free:203.6 GB) NTFS
Drive y: () (Network) (Total:400.19 GB) (Free:180.18 GB)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: E3B0152C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 495EDE2A)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
--- --- ---
Code:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(ESTOS GmbH) C:\Windows\System32\EACuSrv.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\NTRTScan.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\TmListen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\TmCCSF.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Xerox Corporation) C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe
() C:\Windows\System32\xdnorbgnd.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Users\andreas.chudalla\AppData\Local\winengine\rkr0.exe
(PC Utilities Software Limited) C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9}\OptimizerProInstaller.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\PccNTMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Autodesk, Inc.) C:\Program Files\Autodesk\AutoCAD LT 2013\acadlt.exe
(Flexera Software, Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Autodesk, Inc.) C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\AutoCAD LT 2013\AdExchange\AcBrowserHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [XeroxScanUtility] => C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe [2390784 2010-09-16] (Xerox Corporation)
HKLM\...\Run: [XeroxEndeavorBackgroundTask] => C:\windows\system32\xdnorbgnd.exe [146176 2010-09-16] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [ECtiClient] => C:\Program Files (x86)\ESTOS\ProCall 4\eCtiClient.exe [21245240 2013-01-18] (ESTOS GmbH)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\Security Agent\pccntmon.exe [1989040 2014-02-17] (Trend Micro Inc.)
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\...\Run: [winengine] => C:\Users\andreas.chudalla\AppData\Local\winengine\rkr0.exe [511416 2014-12-12] ()
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\...\Run: [winengine2] => C:\Users\andreas.chudalla\AppData\Local\winengine\rkr1.exe [511416 2014-12-12] ()
Startup: C:\Users\andreas.chudalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerProInstaller.lnk
ShortcutTarget: OptimizerProInstaller.lnk -> C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9}\OptimizerProInstaller.exe (PC Utilities Software Limited)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll (Autodesk, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-3409918318-3268832435-3554840575-1245\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: browsersupport helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\browsersupport\browsersupport.dll (appllc)
BHO-x32: No Name -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: browsersupport helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\browsersupport\browsersupport.dll (appllc)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3409918318-3268832435-3554840575-1245 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.81.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\andreas.chudalla\AppData\Roaming\Mozilla\Firefox\Profiles\s2nhj9ft.default-1423134047471
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\andreas.chudalla\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\andreas.chudalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-22]
CHR Extension: (Google Docs) - C:\Users\andreas.chudalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-22]
CHR Extension: (Google Drive) - C:\Users\andreas.chudalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-22]
CHR Extension: (YouTube) - C:\Users\andreas.chudalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-22]
CHR Extension: (Google-Suche) - C:\Users\andreas.chudalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-22]
CHR Extension: (Google Tabellen) - C:\Users\andreas.chudalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-22]
CHR Extension: (Google Wallet) - C:\Users\andreas.chudalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-22]
CHR Extension: (Google Mail) - C:\Users\andreas.chudalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 EACUSrv; C:\Windows\system32\EACuSrv.exe [6876008 2014-01-15] (ESTOS GmbH)
S3 edsservice; C:\Program Files (x86)\ESTOS\ProCall 4\EDeskShareService.exe [652632 2013-01-18] (ESTOS GmbH)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\Security Agent\ntrtscan.exe [3747816 2014-02-17] (Trend Micro Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R3 TmCCSF; C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\TmCCSF.exe [661912 2014-02-17] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\Security Agent\tmlisten.exe [4041088 2014-02-17] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files (x86)\Trend Micro\Security Agent\TmProxy.exe [929328 2014-01-22] (Trend Micro Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 3wareDrv; C:\Windows\system32\drivers\3wareDrv.sys [125224 2011-08-11] (LSI)
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [51496 2012-01-17] (LSI Corporation)
S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-06-03] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 O2MDRDR; C:\Windows\system32\drivers\o2mdx64.sys [63264 2009-05-07] (O2Micro )
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [286232 2013-10-31] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\Security Agent\TmXPFlt.sys [351032 2014-08-30] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\Security Agent\TmPreFlt.sys [44856 2014-08-30] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2013-09-26] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\Security Agent\VSApiNt.sys [2316600 2014-08-30] (Trend Micro Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NmPar; \SystemRoot\system32\drivers\NmPar.sys [X]
S3 nmserial; \SystemRoot\system32\drivers\nmserial.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 14:13 - 2015-02-05 14:13 - 00000000 ____D () C:\FRST
2015-02-05 14:03 - 2015-02-05 14:03 - 00001124 _____ () C:\Users\andreas.chudalla\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-05 13:53 - 2015-02-05 13:53 - 00009271 _____ () C:\Users\andreas.chudalla\Desktop\hijackthis.log
2015-02-05 13:05 - 2015-02-05 13:05 - 00000085 _____ () C:\windows\wininit.ini
2015-02-05 12:55 - 2015-02-05 13:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-05 12:55 - 2015-02-05 13:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-05 12:55 - 2015-02-05 12:55 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-02-05 12:54 - 2015-02-05 12:54 - 05027328 _____ () C:\Users\andreas.chudalla\Desktop\stuttgart.dwg
2015-02-05 12:54 - 2015-02-05 12:54 - 01191200 _____ () C:\Users\andreas.chudalla\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-02-05 12:54 - 2015-02-05 12:54 - 00000213 ____H () C:\Users\andreas.chudalla\Desktop\stuttgart.dwl2
2015-02-05 12:54 - 2015-02-05 12:54 - 00000063 ____H () C:\Users\andreas.chudalla\Desktop\stuttgart.dwl
2015-02-05 12:52 - 2015-02-05 13:49 - 00018492 _____ () C:\windows\WindowsUpdate.log
2015-02-05 12:47 - 2015-02-05 12:47 - 02194432 _____ () C:\Users\andreas.chudalla\Downloads\AdwCleaner09(2).exe
2015-02-05 10:16 - 2015-02-05 10:16 - 02194432 _____ () C:\Users\andreas.chudalla\Downloads\adwcleaner_4.109(1).exe
2015-02-05 10:11 - 2015-02-05 10:11 - 02194432 _____ () C:\Users\andreas.chudalla\Downloads\adwcleaner_4.109.exe
2015-02-05 09:56 - 2015-02-05 09:56 - 02194432 _____ () C:\Users\andreas.chudalla\Downloads\AdwCleaner09(1).exe
2015-02-05 09:50 - 2015-02-05 09:50 - 02194432 _____ () C:\Users\andreas.chudalla\Downloads\AdwCleaner09.exe
2015-02-05 09:47 - 2015-02-05 13:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-05 08:16 - 2015-02-05 08:16 - 00000000 ____D () C:\Program Files (x86)\browsersupport
2015-02-05 08:05 - 2015-02-05 08:05 - 00000000 ____D () C:\shoplog
2015-02-05 08:00 - 2015-02-05 08:15 - 00000822 _____ () C:\windows\DCEBOOT.RST
2015-02-05 08:00 - 2015-02-05 08:00 - 00635102 _____ () C:\windows\system32\errordetails.xml
2015-02-05 07:58 - 2015-02-05 07:58 - 00000000 ____D () C:\Users\andreas.chudalla\AppData\Local\winengine
2015-02-05 07:57 - 2015-02-05 07:57 - 00003344 _____ () C:\windows\System32\Tasks\sondhschedule
2015-02-05 07:55 - 2015-02-05 08:02 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-02-05 07:55 - 2015-02-05 08:00 - 00025136 _____ (Trend Micro Inc.) C:\windows\DCEBoot64.exe
2015-02-05 07:55 - 2015-02-05 08:00 - 00000000 ____D () C:\ProgramData\{55ad6f76-482a-c5b2-55ad-d6f76482bdd9}
2015-02-05 07:55 - 2015-02-05 07:56 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-05 07:55 - 2015-02-05 07:55 - 00240176 _____ (Trend Micro Inc.) C:\windows\RegBootClean64.exe
2015-02-05 07:49 - 2015-02-05 07:49 - 37968904 _____ (ICQ) C:\Users\andreas.chudalla\Downloads\icq_83rfrset.exe
2015-01-28 16:07 - 2015-01-28 17:23 - 00562028 ____N () C:\Users\andreas.chudalla\Bauleiterschulung Fa. Kollmer 29.1.15.pptx
2015-01-22 14:51 - 2015-01-22 14:51 - 00000000 __SHD () C:\Users\andreas.chudalla\AppData\Local\EmieUserList
2015-01-22 14:51 - 2015-01-22 14:51 - 00000000 __SHD () C:\Users\andreas.chudalla\AppData\Local\EmieSiteList
2015-01-22 14:48 - 2015-01-22 14:48 - 00880784 _____ (Google Inc.) C:\Users\andreas.chudalla\Downloads\ChromeSetup.exe
2015-01-21 08:15 - 2015-01-21 08:15 - 00000211 ____H () C:\Users\andreas.chudalla\Documents\Zeichnung1.dwl2
2015-01-21 08:15 - 2015-01-21 08:15 - 00000061 ____H () C:\Users\andreas.chudalla\Documents\Zeichnung1.dwl
2015-01-20 15:10 - 2015-02-03 07:36 - 00000000 ____D () C:\Users\andreas.chudalla\Desktop\Stunden
2015-01-09 09:01 - 2015-01-09 09:01 - 00000000 __SHD () C:\Users\Lena.Fraunholz\AppData\Local\EmieUserList
2015-01-09 09:01 - 2015-01-09 09:01 - 00000000 __SHD () C:\Users\Lena.Fraunholz\AppData\Local\EmieSiteList
2015-01-09 09:01 - 2015-01-09 09:01 - 00000000 ____D () C:\Users\Lena.Fraunholz\AppData\Roaming\Macromedia
2015-01-08 07:57 - 2015-01-08 07:57 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-08 07:56 - 2015-01-16 12:10 - 00001982 ____H () C:\Users\Lena.Fraunholz\Documents\Default.rdp
2015-01-08 07:56 - 2015-01-08 07:56 - 00001425 _____ () C:\Users\Lena.Fraunholz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-08 07:56 - 2015-01-08 07:56 - 00000842 __RSH () C:\Users\Lena.Fraunholz\ntuser.pol
2015-01-08 07:56 - 2015-01-08 07:56 - 00000020 ___SH () C:\Users\Lena.Fraunholz\ntuser.ini
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\Vorlagen
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\Startmenü
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\Netzwerkumgebung
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\Lokale Einstellungen
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\Eigene Dateien
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\Druckumgebung
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\Documents\Eigene Musik
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\Documents\Eigene Bilder
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\AppData\Local\Verlauf
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\AppData\Local\Anwendungsdaten
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 _SHDL () C:\Users\Lena.Fraunholz\Anwendungsdaten
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 ___RD () C:\Users\Lena.Fraunholz\Virtual Machines
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 ____D () C:\Users\Lena.Fraunholz\AppData\Roaming\Windows Small Business Server
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 ____D () C:\Users\Lena.Fraunholz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Small Business Server 2008
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 ____D () C:\Users\Lena.Fraunholz\AppData\Roaming\ESTOS
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 ____D () C:\Users\Lena.Fraunholz\AppData\Roaming\Adobe
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 ____D () C:\Users\Lena.Fraunholz\AppData\Local\NVIDIA
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 ____D () C:\Users\Lena.Fraunholz\AppData\Local\Autodesk
2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 ____D () C:\Users\Lena.Fraunholz
2015-01-08 07:56 - 2014-01-15 17:22 - 00000000 ____D () C:\Users\Lena.Fraunholz\AppData\Local\ESTOS
2015-01-08 07:56 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Lena.Fraunholz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-08 07:56 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Lena.Fraunholz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 14:01 - 2014-08-18 11:10 - 00010786 _____ () C:\windows\cfgall.ini
2015-02-05 13:39 - 2014-05-13 13:13 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 13:32 - 2013-03-25 14:24 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 13:16 - 2013-11-05 07:27 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 13:16 - 2009-07-14 06:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-02-05 12:57 - 2012-05-01 10:44 - 00735410 _____ () C:\windows\system32\perfh007.dat
2015-02-05 12:57 - 2012-05-01 10:44 - 00162808 _____ () C:\windows\system32\perfc007.dat
2015-02-05 12:57 - 2009-07-14 06:13 - 01715220 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-05 12:57 - 2009-07-14 05:45 - 00027344 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 12:57 - 2009-07-14 05:45 - 00027344 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 12:51 - 2014-08-18 11:10 - 00983160 _____ () C:\windows\SysWOW64\TmInstall.log
2015-02-05 12:51 - 2014-08-18 11:10 - 00543424 _____ () C:\windows\system32\TmInstall.log
2015-02-05 12:51 - 2013-03-25 14:24 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 12:50 - 2014-05-13 13:37 - 00000000 ____D () C:\AdwCleaner
2015-02-05 12:50 - 2012-06-06 08:04 - 00000128 _____ () C:\windows\system32\config\netlogon.ftl
2015-02-05 12:50 - 2012-05-31 09:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-05 12:50 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-05 12:43 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\IME
2015-02-05 12:35 - 2014-02-11 09:08 - 00035852 _____ () C:\Users\andreas.chudalla\Documents\plot.log
2015-02-05 12:32 - 2014-05-13 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-05 12:32 - 2014-05-13 13:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-05 10:17 - 2013-10-01 06:38 - 00002002 ____H () C:\Users\andreas.chudalla\Documents\Default.rdp
2015-02-05 09:22 - 2013-10-01 06:30 - 00001451 _____ () C:\Users\andreas.chudalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-05 08:15 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-02 14:07 - 2013-10-01 06:34 - 00000000 ____D () C:\Users\andreas.chudalla\AppData\Local\cache
2015-01-30 08:19 - 2013-10-01 06:30 - 00000000 ____D () C:\Users\andreas.chudalla
2015-01-30 07:48 - 2014-03-25 07:49 - 00000000 ____D () C:\Users\andreas.chudalla\Desktop\F5
2015-01-26 09:16 - 2013-11-05 07:27 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-26 09:16 - 2013-03-25 14:23 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 09:16 - 2013-03-25 14:23 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 08:18 - 2014-03-24 07:36 - 00000000 ____D () C:\Users\andreas.chudalla\Urlaub
2015-01-22 14:51 - 2013-03-25 14:23 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-22 14:49 - 2013-10-01 06:31 - 00000000 ____D () C:\Users\andreas.chudalla\AppData\Local\Google
2015-01-08 07:56 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
==================== Files in the root of some directories =======
2013-06-28 08:34 - 2013-06-28 08:34 - 0000949 _____ () C:\Program Files (x86)\Programme (x86) - Verknüpfung.lnk
2013-03-27 15:01 - 2013-03-27 15:01 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-03 00:11
==================== End Of Log ============================
FRST 32-Bit | FRST 64-Bit
So funktioniert es:
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
