| hatschi80 | 24.01.2015 17:55 |
Ui, das war ja eine schnelle Antwort! Danke schonmal dafür! Hier die beiden gewünschten Dateien:
FRST.txt
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Nadia (administrator) on NADIA-PC on 24-01-2015 17:44:02
Running from C:\Users\Nadia\Desktop
Loaded Profiles: Nadia (Available profiles: Nadia)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Spotify Ltd) C:\Users\Nadia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dropbox, Inc.) C:\Users\Nadia\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-18] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2806026202-95748070-3344758458-1000\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [896912 2011-03-17] (Samsung)
HKU\S-1-5-21-2806026202-95748070-3344758458-1000\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3370296 2011-01-05] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-2806026202-95748070-3344758458-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [13824 2011-04-30] ()
HKU\S-1-5-21-2806026202-95748070-3344758458-1000\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [367016 2014-08-28] (IncrediMail, Ltd.)
HKU\S-1-5-21-2806026202-95748070-3344758458-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-18] (SUPERAntiSpyware)
HKU\S-1-5-21-2806026202-95748070-3344758458-1000\...\Run: [Spotify Web Helper] => C:\Users\Nadia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-12-07] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nadia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nadia\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nadia\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nadia\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nadia\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2806026202-95748070-3344758458-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2806026202-95748070-3344758458-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-2806026202-95748070-3344758458-1000 - AudioGrabber Toolbar - {8ABDE36A-41BD-4248-8C43-F8B35B86D9D8} - C:\Program Files (x86)\AudioGrabber Toolbar\IE\4.6\audiograbberToolbarIE.dll (Spigot, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2806026202-95748070-3344758458-1000 -> {3F649136-F6DA-4083-8203-0938103A1C3D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKU\S-1-5-21-2806026202-95748070-3344758458-1000 -> {B01D2F72-BF2D-46D7-AF2F-F68D9CCED2D6} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AudioGrabber Toolbar -> {8ABDE36A-41BD-4248-8C43-F8B35B86D9D8} -> C:\Program Files (x86)\AudioGrabber Toolbar\IE\4.6\audiograbberToolbarIE.dll (Spigot, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - AudioGrabber Toolbar - {8ABDE36A-41BD-4248-8C43-F8B35B86D9D8} - C:\Program Files (x86)\AudioGrabber Toolbar\IE\4.6\audiograbberToolbarIE.dll (Spigot, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellExecuteHooks-x32: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Nadia\AppData\Roaming\Mozilla\Firefox\Profiles\sg8a4eyn.default-1388401495139
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2806026202-95748070-3344758458-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Nadia\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2806026202-95748070-3344758458-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Nadia\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Nadia\AppData\Roaming\Mozilla\Firefox\Profiles\sg8a4eyn.default-1388401495139\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Nadia\AppData\Roaming\Mozilla\Firefox\Profiles\sg8a4eyn.default-1388401495139\searchplugins\google-maps.xml
FF Extension: Garmin Communicator - C:\Users\Nadia\AppData\Roaming\Mozilla\Firefox\Profiles\sg8a4eyn.default-1388401495139\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-06-23]
FF Extension: Cliqz Beta - C:\Users\Nadia\AppData\Roaming\Mozilla\Firefox\Profiles\sg8a4eyn.default-1388401495139\Extensions\cliqz@cliqz.com.xpi [2014-10-12]
FF Extension: Download YouTube Videos, Easy,Fast And Simple - C:\Users\Nadia\AppData\Roaming\Mozilla\Firefox\Profiles\sg8a4eyn.default-1388401495139\Extensions\jid1-cHKBMlArKdIVEg@jetpack.xpi [2014-12-12]
FF Extension: Greasemonkey - C:\Users\Nadia\AppData\Roaming\Mozilla\Firefox\Profiles\sg8a4eyn.default-1388401495139\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-05-26]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-11-25]
FF HKU\S-1-5-21-2806026202-95748070-3344758458-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Nadia\AppData\Roaming\Mozilla\Firefox\Profiles\sg8a4eyn.default-1388401495139\extensions\cliqz@cliqz.com
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Nadia\AppData\Local\Google\Chrome\Application\37.0.2062.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Nadia\AppData\Local\Google\Chrome\Application\37.0.2062.102\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Nadia\AppData\Local\Google\Chrome\Application\37.0.2062.102\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Babylon Chrome Plugin) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Zylom Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Nadia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-30]
CHR Extension: (YouTube) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-09]
CHR Extension: (Google-Suche) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-09]
CHR Extension: (Google Wallet) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-29]
CHR Extension: (Google Mail) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-09]
StartMenuInternet: Google Chrome.TTOK3J565H4NE2Q3O2CTZHTZHE - C:\Users\Nadia\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-18] (Avira Operations GmbH & Co. KG)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 Aspi32; C:\Windows\SysWow64\Drivers\Aspi32.sys [25244 1999-05-10] (Adaptec)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-12-15] (Windows (R) 2003 DDK 3790 provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-24 17:44 - 2015-01-24 17:49 - 00021579 _____ () C:\Users\Nadia\Desktop\FRST.txt
2015-01-24 17:43 - 2015-01-24 17:44 - 00000000 ___DC () C:\FRST
2015-01-24 17:41 - 2015-01-24 17:42 - 02129920 _____ (Farbar) C:\Users\Nadia\Desktop\FRST64.exe
2015-01-24 16:51 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-24 16:24 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-24 16:24 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-24 16:24 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-24 16:24 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-24 16:24 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-12-26 09:34 - 2014-12-26 09:34 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-24 17:46 - 2009-07-14 05:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 17:46 - 2009-07-14 05:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 17:45 - 2010-11-24 03:09 - 01219624 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 17:38 - 2013-07-21 15:34 - 00000000 ___RD () C:\Users\Nadia\Dropbox
2015-01-24 17:38 - 2013-07-21 15:23 - 00000000 ____D () C:\Users\Nadia\AppData\Roaming\Dropbox
2015-01-24 17:34 - 2011-08-04 11:46 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-24 17:33 - 2013-10-17 12:48 - 00027596 _____ () C:\Windows\setupact.log
2015-01-24 17:33 - 2012-08-09 21:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 17:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 17:30 - 2013-08-14 21:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-24 17:22 - 2011-04-04 14:40 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-24 17:20 - 2011-05-04 18:02 - 00000000 ____D () C:\Users\Nadia\AppData\Roaming\SoftGrid Client
2015-01-24 16:58 - 2012-08-09 21:08 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 16:58 - 2012-04-04 07:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 16:58 - 2011-05-24 19:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 16:07 - 2011-04-18 19:09 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-23 06:57 - 2010-11-24 20:40 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-01-23 06:57 - 2010-11-24 20:40 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-01-23 06:57 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 06:46 - 2013-01-14 12:50 - 00001222 _____ () C:\Users\Public\Desktop\Flinky Zeugnis.lnk
2015-01-23 06:46 - 2013-01-14 12:50 - 00000000 ____D () C:\Program Files (x86)\[DS'n'] Schule
2015-01-23 06:45 - 2013-01-14 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flinky Zeugnis
2015-01-20 15:15 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-13 15:24 - 2013-01-16 18:34 - 00000000 ____D () C:\Users\Nadia\Documents\Flinky Zeugnis Pdf
2015-01-10 21:30 - 2011-06-13 15:08 - 00000000 ____D () C:\Users\Nadia\AppData\Roaming\vlc
2015-01-10 14:32 - 2013-01-14 12:52 - 00000000 ____D () C:\Users\Nadia\AppData\Roaming\Flinky-Zeugnis
2015-01-08 09:55 - 2011-04-10 00:52 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 23:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-27 12:56 - 2014-09-06 17:00 - 00000000 ____D () C:\Users\Nadia\Desktop\OSM Karten
2014-12-27 11:21 - 2009-07-14 05:45 - 00403120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-27 10:49 - 2011-04-02 16:12 - 00145560 _____ () C:\Users\Nadia\AppData\Local\GDIPFONTCACHEV1.DAT
==================== Files in the root of some directories =======
2011-04-30 11:44 - 2014-03-23 12:13 - 0008704 _____ () C:\Users\Nadia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-04-02 23:47 - 2011-04-02 23:47 - 0000056 _____ () C:\ProgramData\ezsidmv.dat
Some content of TEMP:
====================
C:\Users\Nadia\AppData\Local\Temp\avgnt.exe
C:\Users\Nadia\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyzh4of.dll
C:\Users\Nadia\AppData\Local\Temp\FZUpd-79902028-7b48-4c3f-9230-0a44a8079e39.exe
C:\Users\Nadia\AppData\Local\Temp\FZUpd-c546f958-b2f9-46e3-8104-8ed95d60a655.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-04 23:27
==================== End Of Log ============================
--- --- ---
Addition.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Nadia at 2015-01-24 17:50:18
Running from C:\Users\Nadia\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Messenger“ pagalbinė priemonė (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Ashampoo Burning Studio 2012 v.10.0.15 (HKLM-x32\...\Ashampoo Burning Studio 2012_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.5.0621 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{5635224E-675C-B94C-43EE-70BCD39BF30B}) (Version: 3.0.782.0 - ATI Technologies, Inc.)
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
AudioGrabber Toolbar v4.6 (HKLM-x32\...\{6BDAA20E-A079-43ad-8835-C00AE9AE2F77}) (Version: 4.6 - Spigot, Inc.) <==== ATTENTION
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
BatteryLifeExtender (HKLM-x32\...\{74A579FB-EB06-497D-B194-01590D6FE51A}) (Version: 1.0.5 - Samsung)
BCool Gadget (HKLM\...\{0E931A51-A183-4E66-8562-D82896E74C67}) (Version: 1.0 - WebPick)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.44 - Broadcom Corporation)
ccc-core-static (x32 Version: 2010.0706.2128.36662 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.05 - Piriform)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Doplnok programu Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Dropbox (HKU\S-1-5-21-2806026202-95748070-3344758458-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.11 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
EasyBits GO (HKU\S-1-5-21-2806026202-95748070-3344758458-1000\...\Game Organizer) (Version: - EasyBits Media)
ETDWare PS/2-x64 7.0.7.0_WHQL (HKLM\...\Elantech) (Version: 7.0.7.0 - ELAN Microelectronics Corp.)
Fences (Version: 1.0 - Stardock Corporation) Hidden
Fences 2 (HKLM-x32\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)
Flinky Zeugnis (HKLM-x32\...\{5573691E-F76A-4221-92C4-8EB50EC9025C}_is1) (Version: 14.1.10.0 - [DS'n'] soft)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Video to MP3 Converter version 5.0.40.514 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.40.514 - DVDVideoSoft Ltd.)
G DATA Logox4 Speechengine (HKLM-x32\...\lgx4.lgx.server) (Version: - G DATA Software AG)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin BaseCamp (HKLM-x32\...\{81EF7DBD-909A-455B-8B32-24B8CDC75039}) (Version: 4.3.3 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKU\S-1-5-21-2806026202-95748070-3344758458-1000\...\Google Chrome) (Version: 37.0.2062.102 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
IncrediMail (x32 Version: 6.3.9.5274 - IncrediMail) Hidden
IncrediMail 2.0 (HKLM-x32\...\IncrediMail) (Version: 6.3.9.5274 - IncrediMail Ltd.)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lernwerkstatt 7 (HKLM-x32\...\InstallShield_{3A714E01-1F68-4DE5-BA35-CD687F7A8606}) (Version: 7.00.0000 - Medienwerkstatt Mühlacker Verlagsgesellschaft mbH)
Lernwerkstatt 7 (x32 Version: 7.00.0000 - Medienwerkstatt Mühlacker Verlagsgesellschaft mbH) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Assistent (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger kísérő (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Pratilac (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Suradnik (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 사이트 공유 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 浏览器插件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger-kumppani (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
OSM generic routable (HKLM-x32\...\OSM generic routable) (Version: - )
Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pomocnik Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{0F796312-289C-40CA-856C-9FBCF5E83342}) (Version: 0133.09.1202 - REALTEK Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11011_16 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.0.11011_16 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.0.2 - Samsung)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2250.0 - SAMSUNG Electronics Co., Ltd.)
Schlaumäuse Windows 7 (HKLM-x32\...\{7E8AF486-F2A3-47A3-91AC-D2AEC9EE04B5}) (Version: 1.00.0000 - Schlaumäuse)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype Toolbars (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SPG-Verein 3.1 (HKLM-x32\...\{6738D11F-DF64-445B-80A4-B6B32F297059}) (Version: 3.1.18 - Software Peter Große)
Spotify (HKU\S-1-5-21-2806026202-95748070-3344758458-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Spremljevalec Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1108 - SUPERAntiSpyware.com)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
TubeBox (HKLM-x32\...\{ea583457-af36-4f59-8e38-c663c08e13b0}) (Version: 4.4.0.0 - Freetec)
TubeBox (x32 Version: 4.4.0.0 - Freetec) Hidden
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.179 - TuneUp Software) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2806026202-95748070-3344758458-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Компаньон Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Помощник на Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2806026202-95748070-3344758458-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nadia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2806026202-95748070-3344758458-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nadia\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2806026202-95748070-3344758458-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nadia\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2806026202-95748070-3344758458-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nadia\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2806026202-95748070-3344758458-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nadia\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
09-01-2015 21:11:12 Geplanter Prüfpunkt
10-01-2015 11:35:06 Windows Update
24-01-2015 16:15:12 Windows Update
24-01-2015 17:21:21 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-03-07 13:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {029FE556-C92F-471F-9E2E-460C0EB0256D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2806026202-95748070-3344758458-1000UA => C:\Users\Nadia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09] (Google Inc.)
Task: {08F86179-B1C3-4123-85EF-18B867525166} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2806026202-95748070-3344758458-1000UA => C:\Users\Nadia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {132FC2A2-A687-4726-8F9E-3A282BF7C534} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2806026202-95748070-3344758458-1000
Task: {135A8C8A-0BC5-4DF6-9F1C-6F0D381F24DD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1751B37D-C0EC-43F4-B464-43BE7E4E6D1B} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {19DB60BB-1E68-45F9-B6BA-E087832AAD97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14] (Google Inc.)
Task: {2A2C85BF-68AD-48B2-9C8F-57276FACAC95} - System32\Tasks\{CEB63F80-B02A-4AF1-9AB1-1EDB1A68E2E8} => C:\Program Files (x86)\PDFCreator\PDFCreator.exe
Task: {323E4187-C278-4F45-A033-9FB52B984380} - System32\Tasks\{4D44C310-BF48-441F-A827-A30C676DBA37} => pcalua.exe -a "C:\Program Files (x86)\Game Pack\Insaniquarium Deluxe\Uninstall.exe" -d "C:\Program Files (x86)\TuneUp Utilities 2013" -c "C:\Program Files (x86)\Game Pack\Insaniquarium Deluxe\install.log"
Task: {344196F0-AC7A-4BC5-A8BC-69329EA37A1A} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {3C5B9320-CDB1-405D-8148-47F4DE5FD1FC} - System32\Tasks\{A32B29DB-4A93-4B57-888E-B06541952E93} => pcalua.exe -a "C:\Program Files (x86)\Game Pack\Flip Words\Uninstall.exe" -c "C:\Program Files (x86)\Game Pack\Flip Words\install.log"
Task: {40BE9C7F-EFFA-4C17-87DD-BFE0745ED9ED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {47FD8FEA-3D78-43EA-A164-2E021CF3826C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2806026202-95748070-3344758458-1000Core => C:\Users\Nadia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {51F96C21-51EB-495C-9450-161668A8B9E7} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {55B7B65A-9157-4775-AF83-5EC22B6A1CF0} - System32\Tasks\{362BA3C4-9F08-425C-BCF2-FBBA2B6C1F9B} => C:\Program Files (x86)\PDFCreator\PDFCreator.exe
Task: {568C8DD9-A2F2-411F-BE11-DB8850A0FAE2} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {5DE6AB41-6373-460A-8031-7044F3E9DD65} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe
Task: {5F27B5C2-8E82-4683-812B-878AB6166B1B} - System32\Tasks\{0F0DE232-ED27-481E-BB7D-88D29EEC63B0} => pcalua.exe -a "C:\Program Files (x86)\Game Pack\Slingo\Uninstall.exe" -c "C:\Program Files (x86)\Game Pack\Slingo\install.log"
Task: {64AB889C-1F99-43EE-A8BC-D0EAB5533102} - System32\Tasks\Google Updater and Installer => C:\Users\Nadia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09] (Google Inc.)
Task: {67CE7FD1-F978-4DFF-A339-B78D03546F07} - System32\Tasks\{5C311270-3105-4C69-BF5A-8B1962470E08} => pcalua.exe -a "C:\Program Files (x86)\Game Pack\Alice Greenfingers\Uninstall.exe" -c "C:\Program Files (x86)\Game Pack\Alice Greenfingers\install.log"
Task: {74C620BF-56BD-4664-BDA5-BD165DCE5570} - System32\Tasks\{078E4A00-A787-4710-8DE5-4F08A369F3DD} => pcalua.exe -a "C:\Program Files (x86)\Game Pack\Daycare Nightmare\Uninstall.exe" -d "C:\Program Files (x86)\TuneUp Utilities 2013" -c "C:\Program Files (x86)\Game Pack\Daycare Nightmare\install.log"
Task: {806DD1AE-07E1-4E65-8E51-D99DB2AB674B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14] (Google Inc.)
Task: {849217B7-F6A7-41BE-9B0C-9A9638CADD33} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {9453D3C8-BA20-479E-AC9F-E3A1C4BA1A80} - System32\Tasks\{F59A5EFE-FD89-4E0E-A49B-68FFDBDFD1D2} => pcalua.exe -a "C:\Program Files (x86)\Game Pack\Bonbon Quest\Uninstall.exe" -d "C:\Program Files (x86)\TuneUp Utilities 2013" -c "C:\Program Files (x86)\Game Pack\Bonbon Quest\install.log"
Task: {968A2F62-5535-4A17-AF29-71C4C794BDD6} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)
Task: {A451CA96-B0CC-4C3A-9D1E-939383FD47C7} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.)
Task: {A53C31EB-84E3-4119-A2CB-58D5E8F56EB8} - System32\Tasks\{EC759541-613B-4FF1-9FC8-6EE1C3CC62BD} => pcalua.exe -a C:\Users\Nadia\Downloads\color_cross-setup.exe -d C:\Users\Nadia\Downloads
Task: {A8D30652-FF4F-4EC5-9254-8B90D2C5E4D4} - System32\Tasks\{DABF096A-4EAC-424A-BAA3-51EC615D2663} => pcalua.exe -a "C:\Program Files (x86)\Game Pack\Cake Mania\Uninstall.exe" -c "C:\Program Files (x86)\Game Pack\Cake Mania\install.log"
Task: {AD82CDE6-74C4-4248-94AB-CECE38F0E837} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2806026202-95748070-3344758458-1000Core => C:\Users\Nadia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09] (Google Inc.)
Task: {AF31104C-A335-49ED-9C70-72ADAC38836C} - System32\Tasks\{FAAB517E-12C4-4B78-8D45-80E186294F1E} => pcalua.exe -a "C:\Program Files (x86)\Game Pack\Mahjong Escape Ancient China\Uninstall.exe" -c "C:\Program Files (x86)\Game Pack\Mahjong Escape Ancient China\install.log"
Task: {B1F5EA2C-0C00-4973-BB1E-3F0FC775B74F} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-05-06] (Samsung Electronics)
Task: {BAEDACD9-5474-45B4-AB10-0C5478D0D18E} - System32\Tasks\{07CA9E12-ECDD-453A-AA37-B873CD37973C} => pcalua.exe -a "C:\Program Files (x86)\Game Pack\Gem Shop\Uninstall.exe" -d "C:\Program Files (x86)\TuneUp Utilities 2013" -c "C:\Program Files (x86)\Game Pack\Gem Shop\install.log"
Task: {D2C40146-459E-4737-8C67-8F333BBA74AF} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-06-01] (Samsung Electronics. Co. Ltd.)
Task: {DBA5A433-5802-4B79-BF0F-EA06E6B38B7A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {F0FFA1C5-06D7-499E-B48D-455DDE073CFF} - System32\Tasks\{369856CE-007A-44AA-BE39-815141CD6BD9} => pcalua.exe -a "C:\Program Files (x86)\Game Pack\Galapago\Uninstall.exe" -d "C:\Program Files (x86)\TuneUp Utilities 2013" -c "C:\Program Files (x86)\Game Pack\Galapago\install.log"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2806026202-95748070-3344758458-1000Core.job => C:\Users\Nadia\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2806026202-95748070-3344758458-1000UA.job => C:\Users\Nadia\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2806026202-95748070-3344758458-1000Core.job => C:\Users\Nadia\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2806026202-95748070-3344758458-1000UA.job => C:\Users\Nadia\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-07-16 09:24 - 2014-07-16 09:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2009-02-12 06:32 - 2009-02-12 06:32 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-07-06 13:26 - 2010-07-06 13:26 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-11-24 03:14 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2014-08-28 22:30 - 2014-08-28 22:30 - 00033128 _____ () C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll
2014-08-28 22:30 - 2014-08-28 22:30 - 00072104 _____ () C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
2014-08-28 22:30 - 2014-08-28 22:30 - 00268712 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
2013-07-21 10:54 - 2013-07-21 10:54 - 00108888 _____ () C:\Program Files (x86)\IncrediMail\Bin\pmc.dll
2014-08-28 22:30 - 2014-08-28 22:30 - 00133544 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Nadia\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-24 17:35 - 2015-01-24 17:35 - 00043008 _____ () c:\users\nadia\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyzh4of.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Nadia\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Nadia\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Nadia\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-08-28 22:30 - 2014-08-28 22:30 - 00080296 _____ () C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0A4F19B7
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2806026202-95748070-3344758458-500 - Administrator - Disabled)
Gast (S-1-5-21-2806026202-95748070-3344758458-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2806026202-95748070-3344758458-1002 - Limited - Enabled)
Nadia (S-1-5-21-2806026202-95748070-3344758458-1000 - Administrator - Enabled) => C:\Users\Nadia
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/22/2015 03:24:36 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/21/2015 03:46:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FlinkyZeugnis.exe, Version 14.1.4.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 444
Startzeit: 01d0357e2adcd51e
Endzeit: 374
Anwendungspfad: C:\Program Files (x86)\[DS'n'] Schule\Flinky Zeugnis\14.1.4.0\FlinkyZeugnis.exe
Berichts-ID: 28a03e2a-a17c-11e4-9efc-e811320472b0
Error: (01/21/2015 02:32:19 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/20/2015 03:25:25 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/19/2015 03:44:17 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/13/2015 03:12:38 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/10/2015 07:01:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1062, Zeitstempel: 0x4c33dd9e
Name des fehlerhaften Moduls: atiadlxx.dll, Version: 6.14.10.1054, Zeitstempel: 0x4c33d557
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001f078
ID des fehlerhaften Prozesses: 0x4e0
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3
Error: (12/27/2014 09:25:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1062, Zeitstempel: 0x4c33dd9e
Name des fehlerhaften Moduls: atiadlxx.dll, Version: 6.14.10.1054, Zeitstempel: 0x4c33d557
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001f078
ID des fehlerhaften Prozesses: 0x4e4
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3
Error: (12/25/2014 05:36:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1550
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (12/25/2014 05:36:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 34.0.5.5443 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f70
Startzeit: 01d01dd012cad365
Endzeit: 8744
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: fed85e8b-8c53-11e4-a443-e811320472b0
System errors:
=============
Error: (01/24/2015 05:39:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (01/24/2015 05:37:22 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (01/24/2015 05:37:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/24/2015 05:36:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error: (01/24/2015 05:35:46 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (01/24/2015 05:33:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/24/2015 05:33:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (01/24/2015 05:33:28 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\Aspi32.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (01/24/2015 05:21:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F2F6A7B0-0E74-49BF-ABDF-8A0778554472}
Error: (01/24/2015 04:23:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.191.3067.0)
Microsoft Office Sessions:
=========================
Error: (01/22/2015 03:24:36 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/21/2015 03:46:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FlinkyZeugnis.exe14.1.4.044401d0357e2adcd51e374C:\Program Files (x86)\[DS'n'] Schule\Flinky Zeugnis\14.1.4.0\FlinkyZeugnis.exe28a03e2a-a17c-11e4-9efc-e811320472b0
Error: (01/21/2015 02:32:19 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/20/2015 03:25:25 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/19/2015 03:44:17 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/13/2015 03:12:38 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/10/2015 07:01:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.10624c33dd9eatiadlxx.dll6.14.10.10544c33d557c0000005000000000001f0784e001d02c28d7b1fc8aC:\Windows\system32\atieclxx.exeC:\Windows\system32\atiadlxx.dllac71ad6b-98f2-11e4-a18b-e811320472b0
Error: (12/27/2014 09:25:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.10624c33dd9eatiadlxx.dll6.14.10.10544c33d557c0000005000000000001f0784e401d021bedeec5146C:\Windows\system32\atieclxx.exeC:\Windows\system32\atiadlxx.dll8d0842cd-8e06-11e4-b645-e811320472b0
Error: (12/25/2014 05:36:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425155001d02027fc04b280C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll2ef1ee5d-8c54-11e4-a443-e811320472b0
Error: (12/25/2014 05:36:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe34.0.5.5443f7001d01dd012cad3658744C:\Program Files (x86)\Mozilla Firefox\firefox.exefed85e8b-8c53-11e4-a443-e811320472b0
CodeIntegrity Errors:
===================================
Date: 2014-03-07 13:29:24.146
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-07 13:29:23.912
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-04-15 22:57:56.752
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Cofi\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-04-15 22:57:56.736
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Cofi\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz
Percentage of memory in use: 61%
Total physical RAM: 1962.17 MB
Available physical RAM: 751.91 MB
Total Pagefile: 3924.34 MB
Available Pagefile: 2049.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:112 GB) (Free:19.36 GB) NTFS
Drive d: () (Fixed) (Total:165.99 GB) (Free:81.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 02FC8BF3)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=166 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
FRST 32-Bit | FRST 64-Bit
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
