| |
| |||||||
Alles rund um Windows: Windows 8.1 - selbstinstallierende Programm spamen PC vollWindows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows. |
 |
19.07.2015, 16:11
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst] Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.07.2015, 16:33
| #17 |
 | Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst] hier das FRST:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01 Ran by ADMIN (administrator) on WELLER´S on 19-07-2015 17:23:02 Running from C:\Users\ADMIN\Downloads Loaded Profiles: ADMIN (Available Profiles: ADMIN & Johannes Weller & Sabine Weller & Admin_2) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oacat.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files (x86)\Polar\Daemon\polard.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncservice.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserverui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe () C:\Program Files (x86)\Polar\WebSync\WebSync.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamresearch.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard ) HKLM\...\Run: [WrtMon.exe] => C:\windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [WISO Mein Geld 2015 Professional .NET] => C:\Program Files (x86)\Buhl\WISO Mein Geld 2015\mg.exe [1120568 2015-06-03] (Buhl Data Service) HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-04-30] (TomTom) HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) Startup: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2015-07-11] ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-04-20] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-01-05] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2013-10-23] ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Polar WebSync.lnk [2013-05-07] ShortcutTarget: Polar WebSync.lnk -> C:\Program Files (x86)\Polar\WebSync\WebSync.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2013-01-06] ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKLM -> {5C066E4E-BF62-492A-99B2-2FE1F400FF94} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION) Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-04] (Belarc, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{cc0cfdc2-38b0-11e3-8250-806e6f6e6963}: [NameServer] 52.17.204.69,8.8.8.8 Tcpip\..\Interfaces\{F820D289-A089-4FF2-8FAB-FB08B96BF856}: [NameServer] 52.17.204.69,8.8.8.8 Tcpip\..\Interfaces\{F820D289-A089-4FF2-8FAB-FB08B96BF856}: [DhcpNameServer] 192.168.0.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] () FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2009-11-12] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-28] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-28] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2824886842-1903998303-2860717336-1011: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\testlog.txt [2013-12-13] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahootc.xml [2013-05-27] FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-09-17] FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\searchffv2@gmail.com [not found] FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com [not found] FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [not found] FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\AVJYFVOD75109374@HCDE39471360.com [not found] FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4907232 2014-12-02] (Emsisoft GmbH) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH) R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] () R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed] S3 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH) R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [639808 2015-01-28] (RealVNC Ltd) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-19] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH) S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R1 OADevice; C:\WINDOWS\SysWow64\Drivers\OADriver.sys [64720 2013-10-11] () R1 oahlpXX; C:\WINDOWS\syswow64\drivers\oahlp64.sys [62008 2013-10-11] () R1 OAmon; C:\WINDOWS\SysWOW64\Drivers\OAmon.sys [52360 2013-10-11] (Emsisoft) R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [35368 2013-10-11] (Emsisoft) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-19 17:22 - 2015-07-19 17:22 - 00000000 ____D C:\Users\ADMIN\Downloads\FRST-OlderVersion 2015-07-19 16:55 - 2015-07-19 16:55 - 02248704 _____ C:\Users\ADMIN\Desktop\AdwCleaner_4.208.exe 2015-07-18 16:33 - 2015-07-18 16:33 - 00026564 _____ C:\Users\ADMIN\Desktop\mbam-1.txt 2015-07-17 22:25 - 2015-07-17 22:25 - 00001196 _____ C:\Users\ADMIN\Desktop\tesz.txt 2015-07-17 16:04 - 2015-07-17 16:04 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\NewSoft 2015-07-16 17:21 - 2015-07-16 17:21 - 00047808 _____ C:\Users\ADMIN\Downloads\FRST-1.txt 2015-07-16 17:19 - 2015-07-16 17:19 - 00004604 _____ C:\Users\ADMIN\Desktop\JRT.txt 2015-07-16 17:10 - 2015-07-16 17:11 - 01797576 _____ (Malwarebytes Corporation) C:\Users\ADMIN\Downloads\JRT.exe 2015-07-16 17:05 - 2015-07-16 17:05 - 00028632 _____ C:\Users\ADMIN\Desktop\AdwCleaner[S0].txt 2015-07-16 16:57 - 2015-07-19 17:04 - 00000000 ____D C:\AdwCleaner 2015-07-16 16:50 - 2015-07-16 16:50 - 00003452 _____ C:\Users\ADMIN\Desktop\mbam.txt 2015-07-16 16:50 - 2015-07-16 16:50 - 00001587 _____ C:\Users\ADMIN\Desktop\mbam.exe - Verknüpfung.lnk 2015-07-16 16:42 - 2015-07-16 16:42 - 00003842 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1437057596 2015-07-16 16:42 - 2015-07-16 16:42 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Opera Software 2015-07-16 16:42 - 2015-07-16 16:42 - 00000000 ____D C:\Users\ADMIN\AppData\Local\Opera Software 2015-07-16 16:39 - 2015-07-16 16:39 - 00001153 _____ C:\Users\Public\Desktop\Opera.lnk 2015-07-16 16:39 - 2015-07-16 16:39 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-07-16 16:38 - 2015-07-16 16:52 - 00000000 ____D C:\Program Files (x86)\Opera 2015-07-16 16:38 - 2015-07-16 16:38 - 00001089 _____ C:\Users\ADMIN\Desktop\DocToPDFConverter.lnk 2015-07-16 16:38 - 2015-07-16 16:38 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DocToPDFConverter 2015-07-16 16:38 - 2015-07-16 16:38 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\DocToPDFConverter 2015-07-16 16:37 - 2015-07-16 16:37 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Browser-Security 2015-07-16 16:33 - 2015-07-16 16:33 - 00000000 ____D C:\Program Files (x86)\FriendlyError 2015-07-16 16:28 - 2015-07-19 17:09 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-07-16 16:28 - 2015-07-19 17:08 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-07-16 16:28 - 2015-07-19 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-07-16 16:28 - 2015-07-19 17:08 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-07-16 16:28 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-07-16 16:28 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-07-16 16:28 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-07-16 16:26 - 2015-07-16 16:27 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\ADMIN\Downloads\mbam-setup-2.1.6.1022.exe 2015-07-16 16:02 - 2015-07-19 17:01 - 00029636 _____ C:\WINDOWS\PFRO.log 2015-07-16 15:50 - 2015-07-16 15:50 - 00001286 _____ C:\Users\ADMIN\Desktop\Revo Uninstaller.lnk 2015-07-16 15:50 - 2015-07-16 15:50 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-07-16 15:49 - 2015-07-16 15:49 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ADMIN\Downloads\revosetup95.exe 2015-07-16 13:32 - 2015-07-18 16:54 - 00051532 _____ C:\Users\ADMIN\Downloads\Addition.txt 2015-07-16 13:31 - 2015-07-19 17:23 - 00021245 _____ C:\Users\ADMIN\Downloads\FRST.txt 2015-07-16 13:28 - 2015-07-19 17:23 - 00000000 ____D C:\FRST 2015-07-16 13:27 - 2015-07-19 17:22 - 02134528 _____ (Farbar) C:\Users\ADMIN\Downloads\FRST64.exe 2015-07-16 07:44 - 2015-07-16 07:44 - 00003434 _____ C:\Users\ADMIN\Desktop\cc_20150716_074412.reg 2015-07-16 07:41 - 2015-07-19 17:16 - 01056054 _____ C:\WINDOWS\WindowsUpdate.log 2015-07-16 07:34 - 2015-07-16 07:34 - 00000000 _____ C:\Users\ADMIN\AppData\Local\Temp.dat 2015-07-16 07:33 - 2015-07-16 07:33 - 00004690 _____ C:\Users\ADMIN\Desktop\cc_20150716_073306.reg 2015-07-16 07:32 - 2015-07-16 07:32 - 00036178 _____ C:\Users\ADMIN\Desktop\cc_20150716_073209.reg 2015-07-16 07:31 - 2015-07-16 07:31 - 00220346 _____ C:\Users\ADMIN\Desktop\cc_20150716_073114.reg 2015-07-16 06:33 - 2015-07-17 18:33 - 00000354 _____ C:\WINDOWS\Tasks\WalkingBuddy.job 2015-07-16 06:33 - 2015-07-16 06:33 - 00003240 _____ C:\WINDOWS\System32\Tasks\WalkingBuddy 2015-07-16 06:32 - 2015-07-16 06:32 - 00000000 _____ C:\dummy.htm 2015-07-16 06:23 - 2015-07-16 06:23 - 00003962 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{13B30299-8D40-4641-B727-461FBD9BAD98} 2015-07-16 06:23 - 2015-07-16 06:23 - 00000000 __SHD C:\Users\Sabine Weller\AppData\Local\EmieUserList 2015-07-16 06:23 - 2015-07-16 06:23 - 00000000 __SHD C:\Users\Sabine Weller\AppData\Local\EmieSiteList 2015-07-16 06:23 - 2015-07-16 06:23 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Macromedia 2015-07-16 06:14 - 2015-07-16 06:47 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2824886842-1903998303-2860717336-1016 2015-07-16 06:11 - 2015-07-16 06:11 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Buhl Data Service GmbH 2015-07-16 06:11 - 2015-07-16 06:11 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\Buhl Data Service GmbH 2015-07-15 22:01 - 2015-07-15 22:01 - 00000881 _____ C:\Users\Johannes Weller.WELLER´S\Desktop\Weller, Johannes - Einkommensteuer 2014.lnk 2015-07-15 22:00 - 2015-07-15 22:00 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Desktop\ESt Johannes 2015-07-15 21:59 - 2015-07-15 22:02 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Desktop\Steuer-Sparbuch 2015-07-15 21:59 - 2015-07-15 21:59 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Desktop\JOHANNES 2015-07-15 21:53 - 2015-07-15 21:53 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Documents\ESt Johannes 2015-07-15 21:52 - 2015-07-15 21:52 - 00001004 _____ C:\Users\Johannes Weller.WELLER´S\Desktop\MeinGeld_2015.lnk 2015-07-15 21:52 - 2015-07-15 21:52 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Documents\WISO Mein Geld 2015-07-15 21:49 - 2015-07-15 22:04 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2824886842-1903998303-2860717336-1015 2015-07-15 21:45 - 2015-07-15 21:53 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Documents\WISO Mein Geld_neu 2015-07-15 21:33 - 2015-07-16 06:47 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\ClassicShell 2015-07-15 21:32 - 2015-07-16 06:47 - 00002563 _____ C:\Users\Sabine Weller\Sti_Trace.log 2015-07-15 21:32 - 2015-07-16 06:08 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\.oit 2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\Polar WebSync 2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\Documents\My PageManager 2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\NewSoft 2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Hewlett-Packard 2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Epson 2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Apple Computer 2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\Power2Go8 2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\NewSoft 2015-07-15 21:31 - 2015-07-15 21:35 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\RealVNC 2015-07-15 21:31 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\VirtualStore 2015-07-15 21:31 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\Packages 2015-07-15 21:31 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller 2015-07-15 21:31 - 2015-07-15 21:31 - 00001456 _____ C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-15 21:31 - 2015-07-15 21:31 - 00000020 ___SH C:\Users\Sabine Weller\ntuser.ini 2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Vorlagen 2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Startmenü 2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Netzwerkumgebung 2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Lokale Einstellungen 2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Eigene Dateien 2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Druckumgebung 2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Documents\Eigene Musik 2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Documents\Eigene Bilder 2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\AppData\Local\Verlauf 2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\AppData\Local\Anwendungsdaten 2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Anwendungsdaten 2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Adobe 2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Buhl Data Service GmbH 2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\Buhl Data Service GmbH 2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\Buhl Data Service 2015-07-15 21:31 - 2014-11-16 18:28 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\EurekaLab s.a.s 2015-07-15 21:31 - 2014-09-17 20:27 - 00000000 ___RD C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-07-15 21:31 - 2014-05-15 06:20 - 00000000 ___RD C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-07-15 21:31 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-07-15 21:31 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-07-15 21:31 - 2014-01-17 12:10 - 00000000 ____D C:\Users\Sabine Weller\Documents\Anti-Malware 2015-07-15 21:31 - 2013-10-19 13:33 - 00000000 ____D C:\Users\Sabine Weller\Documents\hp.system.package.metadata 2015-07-15 21:31 - 2013-10-19 13:33 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\Microsoft Help 2015-07-15 21:31 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-07-15 21:31 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-07-15 21:30 - 2015-07-15 21:54 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\Buhl 2015-07-15 21:29 - 2015-07-15 22:03 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\ClassicShell 2015-07-15 21:28 - 2015-07-15 21:59 - 00001101 _____ C:\Users\Johannes Weller.WELLER´S\Sti_Trace.log 2015-07-15 21:28 - 2015-07-15 21:45 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\.oit 2015-07-15 21:28 - 2015-07-15 21:29 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\Packages 2015-07-15 21:28 - 2015-07-15 21:28 - 00001456 _____ C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-15 21:28 - 2015-07-15 21:28 - 00000020 ___SH C:\Users\Johannes Weller.WELLER´S\ntuser.ini 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Vorlagen 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Startmenü 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Netzwerkumgebung 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Lokale Einstellungen 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Eigene Dateien 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Druckumgebung 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Documents\Eigene Musik 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Documents\Eigene Bilder 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\AppData\Local\Verlauf 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\AppData\Local\Anwendungsdaten 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Anwendungsdaten 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Polar WebSync 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\NewSoft 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Hewlett-Packard 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Epson 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Apple Computer 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Adobe 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\VirtualStore 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\RealVNC 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\Power2Go8 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\NewSoft 2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S 2015-07-15 21:28 - 2014-11-16 18:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\EurekaLab s.a.s 2015-07-15 21:28 - 2014-09-17 20:27 - 00000000 ___RD C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-07-15 21:28 - 2014-05-15 06:20 - 00000000 ___RD C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-07-15 21:28 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-07-15 21:28 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-07-15 21:28 - 2013-10-19 13:33 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\Microsoft Help 2015-07-15 21:28 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-07-15 21:28 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-07-15 21:27 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\ClassicShell 2015-07-15 21:26 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Admin_2\AppData\Local\RealVNC 2015-07-15 21:26 - 2015-07-15 21:27 - 00000000 ____D C:\Users\Admin_2\AppData\Local\Packages 2015-07-15 21:26 - 2015-07-15 21:26 - 00001456 _____ C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-15 21:26 - 2015-07-15 21:26 - 00000364 _____ C:\Users\Admin_2\Sti_Trace.log 2015-07-15 21:26 - 2015-07-15 21:26 - 00000020 ___SH C:\Users\Admin_2\ntuser.ini 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Vorlagen 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Startmenü 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Netzwerkumgebung 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Lokale Einstellungen 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Eigene Dateien 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Druckumgebung 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Documents\Eigene Musik 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Documents\Eigene Bilder 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\AppData\Local\Verlauf 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\AppData\Local\Anwendungsdaten 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Anwendungsdaten 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\Polar WebSync 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\Documents\My PageManager 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\NewSoft 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\Hewlett-Packard 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\Epson 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\Apple Computer 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\Adobe 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\.oit 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Local\VirtualStore 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Local\Power2Go8 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Local\NewSoft 2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2 2015-07-15 21:26 - 2014-11-16 18:28 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\EurekaLab s.a.s 2015-07-15 21:26 - 2014-09-17 20:27 - 00000000 ___RD C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-07-15 21:26 - 2014-05-15 06:20 - 00000000 ___RD C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-07-15 21:26 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-07-15 21:26 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-07-15 21:26 - 2014-01-17 12:10 - 00000000 ____D C:\Users\Admin_2\Documents\Anti-Malware 2015-07-15 21:26 - 2013-10-19 13:33 - 00000000 ____D C:\Users\Admin_2\Documents\hp.system.package.metadata 2015-07-15 21:26 - 2013-10-19 13:33 - 00000000 ____D C:\Users\Admin_2\AppData\Local\Microsoft Help 2015-07-15 21:26 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-07-15 21:26 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-07-15 21:21 - 2015-07-15 21:21 - 00000000 ____D C:\Users\ADMIN\Documents\My Games 2015-07-15 21:21 - 2015-07-15 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-07-15 21:03 - 2015-07-15 21:03 - 00003152 _____ C:\WINDOWS\System32\Tasks\{6555F7B7-4FEF-4B98-9DFB-E29E1E1B96CE} 2015-07-15 20:16 - 2013-08-22 15:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2015-07-15 20:15 - 2015-07-15 20:15 - 00000000 _____ C:\WINDOWS\prleth.sys 2015-07-15 20:15 - 2015-07-15 20:15 - 00000000 _____ C:\WINDOWS\hgfs.sys 2015-07-15 20:14 - 2015-07-15 20:56 - 00000000 ____D C:\WINDOWS\System32\Tasks\OptiSpace 2015-07-15 20:14 - 2015-07-15 20:14 - 00003088 _____ C:\WINDOWS\System32\Tasks\tet3008 2015-07-15 20:06 - 2015-07-15 20:06 - 00000000 ____D C:\ppsfile 2015-07-15 20:05 - 2015-07-15 21:05 - 00000000 ____D C:\Users\ADMIN\AppData\Local\Unity 2015-07-15 20:05 - 2015-07-15 20:05 - 00000000 ____D C:\Users\Public\QiYi 2015-07-15 20:04 - 2015-07-15 20:04 - 00000000 ____D C:\Program Files (x86)\baidu 2015-07-11 14:52 - 2015-07-11 14:52 - 00000000 ____D C:\Users\ADMIN\Documents\OneNote-Notizbücher 2015-07-08 17:27 - 2015-07-12 12:30 - 00073800 _____ C:\Users\ADMIN\Documents\M.pptx ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-19 17:14 - 2013-10-20 11:07 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2824886842-1903998303-2860717336-1011 2015-07-19 17:05 - 2013-12-13 17:01 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware 2015-07-19 17:05 - 2013-10-25 13:14 - 00290109 _____ C:\Users\ADMIN\Sti_Trace.log 2015-07-19 17:05 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-07-19 17:02 - 2013-10-22 07:11 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-07-19 17:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru 2015-07-19 16:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\System 2015-07-19 16:48 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\TAPI 2015-07-18 17:18 - 2013-10-20 11:03 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\ClassicShell 2015-07-18 16:40 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-07-18 16:39 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-07-16 17:04 - 2013-10-19 15:51 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\.oit 2015-07-16 17:01 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System 2015-07-16 16:48 - 2013-10-20 12:14 - 00000000 ____D C:\Users\ADMIN\Documents\Mein Steuer-Sparbuch Heute 2015-07-16 16:28 - 2013-12-12 20:34 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-07-16 16:08 - 2013-09-30 06:14 - 01980934 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-07-16 16:08 - 2013-09-30 05:56 - 00841326 _____ C:\WINDOWS\system32\perfh007.dat 2015-07-16 16:08 - 2013-09-30 05:56 - 00191558 _____ C:\WINDOWS\system32\perfc007.dat 2015-07-16 16:04 - 2013-11-11 20:48 - 00238080 ___SH C:\Users\ADMIN\Desktop\Thumbs.db 2015-07-16 07:28 - 2013-11-22 19:59 - 00000000 ____D C:\WINDOWS\Minidump 2015-07-16 07:03 - 2013-08-22 15:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI 2015-07-16 06:09 - 2013-01-05 18:29 - 00000400 _____ C:\WINDOWS\ODBC.INI 2015-07-16 06:01 - 2013-01-06 08:53 - 00000000 ____D C:\Program Files\Google 2015-07-16 06:01 - 2013-01-05 17:32 - 00000000 ____D C:\Program Files (x86)\Google 2015-07-15 21:32 - 2012-11-13 15:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD 2015-07-15 21:22 - 2013-11-11 20:31 - 00000000 ____D C:\Users\ADMIN\AppData\Local\Google 2015-07-15 21:21 - 2014-08-05 19:07 - 00000000 ____D C:\Aerosoft 2015-07-15 21:21 - 2012-11-01 23:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-07-15 21:20 - 2014-08-05 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft 2015-07-15 21:18 - 2013-12-15 19:57 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-07-15 21:18 - 2013-10-19 15:51 - 00001009 _____ C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-15 21:12 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2015-07-15 21:12 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2015-07-15 21:08 - 2013-08-22 16:44 - 00508896 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-07-15 21:03 - 2014-02-08 09:57 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2015-07-15 20:57 - 2013-01-09 12:54 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-07-15 18:56 - 2013-10-20 12:15 - 00000000 ____D C:\Users\ADMIN\Documents\Steuer-Sparbuch 2015-07-15 18:45 - 2013-10-20 11:08 - 00000000 ____D C:\Users\ADMIN\Documents\WISO Mein Geld_neu 2015-07-14 19:02 - 2013-10-22 07:11 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-07-14 17:38 - 2014-09-20 18:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-07-14 17:24 - 2014-12-28 01:53 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2015-07-05 11:27 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2015-06-28 12:21 - 2015-02-01 20:23 - 00034816 ___SH C:\Users\ADMIN\Documents\Thumbs.db 2015-06-28 12:16 - 2013-10-19 15:50 - 00000000 ____D C:\Users\ADMIN 2015-06-27 09:01 - 2013-10-28 17:01 - 00000000 ____D C:\Users\ADMIN\Documents\SigmaDataCenter3 ==================== Files in the root of some directories ======= 2015-07-16 07:34 - 2015-07-16 07:34 - 0000000 _____ () C:\Users\ADMIN\AppData\Local\Temp.dat 2013-01-05 20:12 - 2013-01-05 21:41 - 0008116 _____ () C:\ProgramData\hpzinstall.log 2012-11-13 15:56 - 2012-11-13 15:56 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc 2014-11-06 21:02 - 2014-11-30 00:05 - 0000215 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc Some files in TEMP: ==================== C:\Users\ADMIN\AppData\Local\Temp\Quarantine.exe C:\Users\ADMIN\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-16 17:15 ==================== End of log ============================ und die Addition [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by ADMIN at 2015-07-19 17:23:49
Running from C:\Users\ADMIN\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
ADMIN (S-1-5-21-2824886842-1903998303-2860717336-1011 - Administrator - Enabled) => C:\Users\ADMIN
Administrator (S-1-5-21-2824886842-1903998303-2860717336-500 - Administrator - Disabled)
Admin_2 (S-1-5-21-2824886842-1903998303-2860717336-1017 - Administrator - Enabled) => C:\Users\Admin_2
Gast (S-1-5-21-2824886842-1903998303-2860717336-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2824886842-1903998303-2860717336-1010 - Limited - Enabled)
Johannes Weller (S-1-5-21-2824886842-1903998303-2860717336-1015 - Limited - Enabled) => C:\Users\Johannes Weller.WELLER´S
Sabine Weller (S-1-5-21-2824886842-1903998303-2860717336-1016 - Limited - Enabled) => C:\Users\Sabine Weller
UpdatusUser (S-1-5-21-2824886842-1903998303-2860717336-1008 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Anti-Malware (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Disabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
AIO_CDA_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Anleitung für Epson Connect (HKLM-x32\...\Epson Connect Guide) (Version: - )
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser-Security (HKLM-x32\...\Browser-Security) (Version: 1.0.6.0 - )
BTUpdater 1.3 (HKLM-x32\...\{7B667522-CC69-4191-8154-6C16DD8AE754}_is1) (Version: - Midland)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C7100 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
c7100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.8 (HKLM-x32\...\DPP) (Version: 3.8.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.40.0 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.7.0.0 - Canon Inc.)
Canon Utilities WFT Utility (HKLM-x32\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Classic Shell (HKLM\...\{BF8CC8E1-3D54-4A54-B985-5190F18AFDBB}) (Version: 4.0.0 - IvoSoft)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
DocToPDFConverter (HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\...\DocToPDFConverter) (Version: 01.00.00.00 - VolatoTech)
Download Navigator (HKLM-x32\...\{D0353B68-A142-4F89-A46E-1C9A7745D636}) (Version: 3.4.1 - SEIKO EPSON CORPORATION)
Druckerdeinstallation für EPSON WF-3540 Series (HKLM\...\EPSON WF-3540 Series) (Version: - SEIKO EPSON Corporation)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
EnBW StromRadar (HKLM-x32\...\{3BEB39C1-E448-45D2-97E2-A9B2A2DE7A54}) (Version: 2.2.4.1 - EnBW Energie Baden-Württemberg AG)
Epson Benutzerhandbuch WF-3540 Series (HKLM-x32\...\WF-3540 Series Useg) (Version: - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-3540 Series (HKLM-x32\...\WF-3540 Series Netg) (Version: - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Friendly Error (HKLM-x32\...\FriendlyError) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Earth (HKLM-x32\...\{9074AFC0-CFDA-11DE-B484-005056806466}) (Version: 5.1.3533.1731 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart All-In-One Driver Software (HKLM\...\{4F6C1178-3FC0-44BB-8F9A-28D8516DFEE2}) (Version: 14.0 - HP)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.9 - Magical Jelly Bean)
MailStore Home 8.0.2.8361 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.0.2.8361 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{6F29F195-B11C-3EAD-B883-997BB29DFA17}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MyTomTom 3.2.0.1116 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.1116 - TomTom)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Online Armor 7.0 (HKLM-x32\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Password Safe (HKLM-x32\...\Password Safe) (Version: - )
Personal Backup 5.5 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Polar Daemon (HKLM-x32\...\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}) (Version: 2.2.20000 - Polar Electro Oy)
Polar WebSync (HKLM-x32\...\{320453EE-6AEA-4E1A-8E64-72F33C0C928F}) (Version: 2.8.10006 - Polar Electro Oy)
Presto! PageManager 9.03 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
RegUtility version 4.1 (HKLM-x32\...\RegUtility_is1) (Version: 4.1 - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sigma Data Center 3.1 (HKLM-x32\...\Sigma Data Center3.1) (Version: 3.1 - Sigma Elektro GmbH)
Sigma Data Center 3.2 (HKLM-x32\...\Sigma Data Center3.2) (Version: 3.2 - Sigma Elektro GmbH)
Sigma Data Center 3.3 (HKLM-x32\...\Sigma Data Center3.3) (Version: 3.3 - Sigma Elektro GmbH)
Software Informer 1.2 (HKLM\...\Software Informer_is1) (Version: - Informer Technologies, Inc.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Tippmaster v3.5.0 (HKLM-x32\...\Tippmaster_is1) (Version: 3.5.0 - Hofmann & Gschwandtner GbR)
TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Tyre (HKLM\...\Tyre_is1) (Version: 6.4.1.4 - 't Schrijverke)
Tyre (HKLM-x32\...\Tyre_is1) (Version: 6.3.1.3 - 't Schrijverke)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VNC Server 5.2.3 (HKLM\...\{0D2201F0-2E7B-4C89-8C5D-03D3F5BB5042}) (Version: 5.2.3 - RealVNC Ltd)
VNC Viewer 5.2.3 (HKLM\...\{8824CB84-60DF-4CBC-AB3A-7C5AB2A41F31}) (Version: 5.2.3 - RealVNC Ltd)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports (04/27/2012 5.1.2600.5512) (HKLM\...\DCCAC4C88E429408A2DDF8C0C5BAEB9187FA5713) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
Wise Program Uninstaller 1.58 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.58 - WiseCleaner.com, Inc.)
WISO Mein Geld 2015 Professional .NET (HKLM-x32\...\WISO Mein Geld 2015 Professional .NET) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (x32 Version: 20.0.0.0 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{C5503285-CB32-4922-8C62-940D8F11A9AF}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{ED4D896D-EA6C-4FC4-8F2A-DB4BA4A24D8E}) (Version: 22.00.8811 - Buhl Data Service GmbH)
XMedia Recode Version 3.1.7.7 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.7 - XMedia Recode)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
05-07-2015 12:33:18 Geplanter Prüfpunkt
15-07-2015 21:18:56 RedDotView wird entfernt
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02797F86-78B4-4B09-987D-C80E2A1EC280} - \SpyHunter4Startup No Task File <==== ATTENTION
Task: {3ADF46ED-BF19-4897-97EE-CDBECFD552DA} - System32\Tasks\Opera scheduled Autoupdate 1437057596 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {403F192B-05D2-43E3-8869-620A29982E39} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5542B2D9-B689-43F9-A34B-7956340AA4B6} - System32\Tasks\{6555F7B7-4FEF-4B98-9DFB-E29E1E1B96CE} => pcalua.exe -a C:\Users\ADMIN\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cmi
Task: {79D5B119-27D0-476B-9DA2-1D4FD0B11983} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {824EFD4E-87E1-4095-A78D-A29EFA9A7F64} - System32\Tasks\tet3008 => C:\PROGRA~2\FASTSE~1\tet3008.exe
Task: {B1174188-13B8-48E9-B74E-1A850D5DE550} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {C2E93577-EF06-4A34-B343-6AD4EE804DB3} - System32\Tasks\{0F868CCB-3067-458A-8588-C2F3A59927E1} => pcalua.exe -a "C:\Users\ADMIN\Neuer Ordner\Adobe Photoshop CS2\Photoshop.exe"
Task: {E0427457-4F2C-4C55-9EA4-D85B424AC4CC} - System32\Tasks\WalkingBuddy => c:\programdata\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}\nsf36e3.tmp.exe <==== ATTENTION
Task: {F35425DA-FE48-4B87-8A2A-82E58A53B62C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\WalkingBuddy.job => c:\programdata\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}\nsf36e3.tmp.exe <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-12 15:20 - 2012-12-12 15:20 - 00419536 _____ () C:\Program Files (x86)\Polar\Daemon\polard.exe
2013-02-26 16:59 - 2013-02-26 16:59 - 06227512 _____ () C:\Program Files (x86)\Polar\WebSync\WebSync.exe
2013-11-19 21:24 - 2014-08-07 13:29 - 01427736 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-10-19 15:53 - 2013-10-19 15:53 - 00120224 _____ () C:\Users\ADMIN\AppData\Local\assembly\dl3\P614JHN7.VQO\W1HP4Z1K.AEP\71599d0e\0017145d_cd85cd01\HPItunesModule.DLL
2012-12-12 15:20 - 2012-12-12 15:20 - 03483856 _____ () C:\Program Files (x86)\Polar\Daemon\libpolar.dll
2012-11-02 00:03 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-02-26 16:59 - 2013-02-26 16:59 - 00110648 _____ () C:\Program Files (x86)\Polar\WebSync\PTransform.dll
2013-02-26 16:59 - 2013-02-26 16:59 - 03722296 _____ () C:\Program Files (x86)\Polar\WebSync\libpolar.dll
2010-02-10 16:06 - 2010-02-10 16:06 - 00334848 _____ () C:\Program Files (x86)\Polar\WebSync\QtXml4.dll
2010-02-10 16:22 - 2010-02-10 16:22 - 07971840 _____ () C:\Program Files (x86)\Polar\WebSync\QtGui4.dll
2010-02-10 16:07 - 2010-02-10 16:07 - 00929280 _____ () C:\Program Files (x86)\Polar\WebSync\QtNetwork4.dll
2011-01-14 16:01 - 2011-01-14 16:01 - 02142720 _____ () C:\Program Files (x86)\Polar\WebSync\QtCore4.dll
2010-02-10 18:45 - 2010-02-10 18:45 - 00025600 _____ () C:\Program Files (x86)\Polar\WebSync\imageformats\qgif4.dll
2010-02-10 18:45 - 2010-02-10 18:45 - 00119808 _____ () C:\Program Files (x86)\Polar\WebSync\imageformats\qjpeg4.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 09707800 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 03890288 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2013-11-19 21:24 - 2014-08-07 13:28 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2013-11-19 21:24 - 2014-08-07 13:28 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 02745624 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2013-11-19 21:24 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2013-11-19 21:24 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2013-11-19 21:24 - 2014-08-07 13:28 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 02123032 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01933080 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2013-11-19 21:24 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 04325144 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01573656 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 05300504 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01702168 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01810712 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01629464 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01340696 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01312536 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 07353112 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01287448 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2012-11-01 23:57 - 2012-07-18 10:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:373E1720
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 52.17.204.69 - 8.8.8.8
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SweetIM"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\...\StartupApproved\Run: => "YTDownloader"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{5F9756F8-F816-4DE6-A134-5D11177D7101}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{7981A029-D266-40E9-8499-7F3BBA171FF5}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{E3F9B456-71FC-4F76-BAC7-46FCB2AA86E3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{F7DAAC50-7E76-40D3-A44C-77B9B75D6369}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{4C0198E3-C12B-4A9E-B9A5-B6BF436F7333}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{29318F9F-FA7C-44E7-B609-8BFE5E8F60F2}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{187001C2-A9FD-4738-A9D7-89433C1FB225}] => (Allow) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\LicenseCheck.exe
FirewallRules: [{A82D82B7-05F7-4490-AA02-40D5399142A6}] => (Allow) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\LicenseCheck.exe
FirewallRules: [UDP Query User{8C6F5E26-8FA7-4115-8F61-D82EDFC9AE04}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{175BA418-B764-485D-9943-0AF872B5D9AA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{F506FFD2-183C-41C2-AC8D-FBDECFFD3363}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{190C1071-58EA-4882-9ACF-316A9638480C}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{184AF574-C0E6-446E-AD99-BD9058C97625}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{12EA3BDB-93C9-45BD-AB70-C117A9F831C3}] => (Allow) LPort=1900
FirewallRules: [{2BE7D240-AF5F-45D1-BADA-89C92BF70400}] => (Allow) LPort=2869
FirewallRules: [{79FE28F8-EED0-4967-8B27-92E8A8135D0F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B6AAA071-2BC3-4DB2-BEEA-39E7931D45B8}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{B15D2672-42B0-480B-B5F2-95CE3DFEA96B}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{0FC1CB29-1930-4B9D-9BEF-D9D32751DD9F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E0CA7CA3-1F8F-4424-859A-B665AEB49A9D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{85FF2813-CFC0-4F50-BABB-33F4BE24A9AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{BEA04FFC-BB6B-4A84-812B-F2E390B0C473}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{627C4A04-57BB-4398-9591-4C437921F320}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{89D838A2-B075-4070-B293-FF8275CF38EC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{46D60460-5EB4-4DA3-A2E1-24643B92E859}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{CA266968-5A05-41FE-A575-EB16DDEEC003}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{271D426C-C8A5-42B0-A682-C6BF0A804EF3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{B5EDCB63-5528-4F3B-AF7C-8E426A21B72F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{BA24CC07-2ECA-4A70-AF51-3A65385E3224}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{35630A5F-E721-41F6-BB13-F2EF8A017A76}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{BAC88955-5F3D-40B1-B76D-3150AF83DD89}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{1D4C01B2-5C30-4199-BECA-167220AAEF41}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{10CC3518-034E-4C35-A05A-641EC51A651A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{1EBE767D-BCE5-4A63-9AB2-5F20B4418CCE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{DC1CF583-EDB4-41EB-A277-897394E657CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{DE5BC789-275E-40FD-8D46-433D87D18079}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{27565CFB-E031-41E5-B9EB-039F3D82503E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{288FA507-0B1F-44F2-869F-9D70621F802C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{E564077B-B46E-40BB-8E20-9944DAF606D0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{5FB3B7CE-77ED-4CE9-AB9C-A784B8545EB9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0927140B-67CC-4CAF-BC42-0B3AA65B6865}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{049B4734-126A-4323-B687-166753E685C4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E2445DD-8DB1-42F9-A50D-2FC2A9DD074E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E9AA2FFA-0578-4A9F-B4F7-93916239CC10}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BAD961B2-CCF2-4BB3-8034-8FA9FB36D2A7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA6546CB-2854-4F31-8927-C8FBC13890AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2BEDD147-C820-4DAD-BE8A-FAB1A11C3044}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9D926CA5-8A9A-455B-8E03-B604543294D0}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{A963906A-A239-488F-9E3B-145A0AFB4129}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{074278CB-3606-43C3-9B87-77C5B90F38A0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CC38E1A2-EEDC-4BF2-8B9B-DA63DF25FCEB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E8709488-C5F5-45E3-9DAC-C70EA4C64314}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{C81AA1B7-32ED-4D91-9900-790D92CC808D}] => (Allow) LPort=53000
FirewallRules: [{FF8764D9-0B85-41FB-9073-5DAEC598DD1D}] => (Allow) LPort=52000
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/18/2015 04:39:37 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (8144) Instance: Bei Überprüfung der aus Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" bei Offset 12943360 (0x0000000000c58000) (Datenbankseite svchost0) für 32768 (0x00008000) Bytes gelesenen Datenbankseite ist durch eine Inkonsistenz der Seitenprüfsumme ein Fehler aufgetreten. Die gespeicherte Prüfsumme war [3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09], die berechnete Prüfsumme [0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]. Der Lesevorgang wird mit dem Fehler -1018 (0xfffffc06) beendet. Wenn dieser Zustand andauert, stellen Sie die Datenbank aus einer vorherigen Sicherung wieder her. Dieses Problem ist vermutlich durch fehlerhafte Hardware bedingt. Wenden Sie sich für weitere Unterstützung bei der Diagnose des Problems an Ihren Hardwarehersteller.
Error: (07/18/2015 04:34:42 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/16/2015 04:57:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.1.0.0, Zeitstempel: 0x552d3c4a
Name des fehlerhaften Moduls: mbamcore.dll, Version: 1.2.0.0, Zeitstempel: 0x552d380e
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000ed7de
ID des fehlerhaften Prozesses: 0xbe4
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3
Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5
Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20086281
Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20086281
Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/16/2015 06:52:28 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (8572) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.
Error: (07/16/2015 06:40:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AnyProtect.exe, Version 1.0.0.4 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2314
Startzeit: 01d0bf81840d8d1d
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Berichts-ID: da54f83c-2b74-11e5-8034-4c72b994d0f4
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (07/16/2015 06:39:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm nsl168.tmp, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 23a0
Startzeit: 01d0bf80c69f2627
Endzeit: 4294967295
Anwendungspfad: C:\Users\ADMIN\AppData\Local\Temp\nsl168.tmp
Berichts-ID: 9d0059ca-2b74-11e5-8034-4c72b994d0f4
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (07/16/2015 06:09:10 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (5604) Instance: Bei Überprüfung der aus Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" bei Offset 12943360 (0x0000000000c58000) (Datenbankseite svchost0) für 32768 (0x00008000) Bytes gelesenen Datenbankseite ist durch eine Inkonsistenz der Seitenprüfsumme ein Fehler aufgetreten. Die gespeicherte Prüfsumme war [3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09], die berechnete Prüfsumme [0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]. Der Lesevorgang wird mit dem Fehler -1018 (0xfffffc06) beendet. Wenn dieser Zustand andauert, stellen Sie die Datenbank aus einer vorherigen Sicherung wieder her. Dieses Problem ist vermutlich durch fehlerhafte Hardware bedingt. Wenden Sie sich für weitere Unterstützung bei der Diagnose des Problems an Ihren Hardwarehersteller.
System errors:
=============
Error: (07/19/2015 05:10:33 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (07/19/2015 05:10:33 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (07/19/2015 05:07:41 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (07/19/2015 05:07:33 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (07/19/2015 05:04:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/19/2015 05:04:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Connected Remote Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/19/2015 05:04:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/19/2015 05:04:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/19/2015 05:04:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/19/2015 05:04:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
Error: (07/18/2015 04:39:37 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost8144Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb12943360 (0x0000000000c58000)32768 (0x00008000)-1018 (0xfffffc06)[3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09][0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]394 (0x18A)
Error: (07/18/2015 04:34:42 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/16/2015 04:57:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.1.0.0552d3c4ambamcore.dll1.2.0.0552d380ec0000417000ed7debe401d0bfd64315b495C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamcore.dllf46336e1-2bca-11e5-8039-4c72b994d0f4
Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20086281
Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20086281
Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/16/2015 06:52:28 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail8572WindowsMail0:
Error: (07/16/2015 06:40:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AnyProtect.exe1.0.0.4231401d0bf81840d8d1d4294967295C:\Program Files (x86)\AnyProtectEx\AnyProtect.exeda54f83c-2b74-11e5-8034-4c72b994d0f4
Error: (07/16/2015 06:39:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: nsl168.tmp0.0.0.023a001d0bf80c69f26274294967295C:\Users\ADMIN\AppData\Local\Temp\nsl168.tmp9d0059ca-2b74-11e5-8034-4c72b994d0f4
Error: (07/16/2015 06:09:10 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost5604Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb12943360 (0x0000000000c58000)32768 (0x00008000)-1018 (0xfffffc06)[3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09][0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]394 (0x18A)
CodeIntegrity Errors:
===================================
Date: 2015-07-15 20:32:34.429
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-15 20:32:34.241
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-15 20:32:33.991
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-15 20:32:33.804
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-15 20:30:21.273
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-15 20:30:21.047
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-15 20:30:20.828
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-02 17:46:42.575
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
Date: 2014-10-29 18:58:01.953
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
Date: 2014-10-26 11:58:12.083
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 12227.56 MB
Available physical RAM: 8306.96 MB
Total Virtual: 14083.56 MB
Available Virtual: 9951.13 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1849.95 GB) (Free:1474.89 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.25 GB) (Free:1.32 GB) NTFS ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: D65FE7C9)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: ECA99B82)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)
==================== End of log ============================
|
|
19.07.2015, 16:39
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst] FRST-Fix
__________________Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\searchffv2@gmail.com [not found]
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com [not found]
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [not found]
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\AVJYFVOD75109374@HCDE39471360.com [not found]
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]
Task: {02797F86-78B4-4B09-987D-C80E2A1EC280} - \SpyHunter4Startup No Task File <==== ATTENTION
Task: {E0427457-4F2C-4C55-9EA4-D85B424AC4CC} - System32\Tasks\WalkingBuddy => c:\programdata\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}\nsf36e3.tmp.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\WalkingBuddy.job => c:\programdata\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}\nsf36e3.tmp.exe <==== ATTENTION
c:\programdata\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ |
|
19.07.2015, 16:50
| #19 |
| | Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst] hier das Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by ADMIN at 2015-07-19 17:45:57 Run:2
Running from C:\Users\ADMIN\Downloads
Loaded Profiles: ADMIN (Available Profiles: ADMIN & Johannes Weller & Sabine Weller & Admin_2)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\searchffv2@gmail.com [not found]
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com [not found]
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [not found]
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\AVJYFVOD75109374@HCDE39471360.com [not found]
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]
Task: {02797F86-78B4-4B09-987D-C80E2A1EC280} - \SpyHunter4Startup No Task File <==== ATTENTION
Task: {E0427457-4F2C-4C55-9EA4-D85B424AC4CC} - System32\Tasks\WalkingBuddy => c:\programdata\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}\nsf36e3.tmp.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\WalkingBuddy.job => c:\programdata\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}\nsf36e3.tmp.exe <==== ATTENTION
c:\programdata\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}
EmptyTemp:
*****************
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\searchffv2@gmail.com not found.
C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com not found.
C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com not found.
C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\AVJYFVOD75109374@HCDE39471360.com not found.
C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{02797F86-78B4-4B09-987D-C80E2A1EC280}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02797F86-78B4-4B09-987D-C80E2A1EC280}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0427457-4F2C-4C55-9EA4-D85B424AC4CC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0427457-4F2C-4C55-9EA4-D85B424AC4CC}" => key removed successfully
C:\Windows\System32\Tasks\WalkingBuddy => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WalkingBuddy" => key removed successfully
C:\WINDOWS\Tasks\WalkingBuddy.job => moved successfully.
"c:\programdata\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}" => File/Folder not found.
EmptyTemp: => 297 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 17:46:14 ====
|
|
19.07.2015, 16:51
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst] Okay, dann Kontrollscans mit ESET und SC bitte: ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.07.2015, 22:38
| #21 |
| | Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst] hier das ESET log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ee4b6612dfe3ef4684b25d77d205ce92
# end=init
# utc_time=2015-07-19 04:14:20
# local_time=2015-07-19 06:14:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 24875
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ee4b6612dfe3ef4684b25d77d205ce92
# end=updated
# utc_time=2015-07-19 04:17:09
# local_time=2015-07-19 06:17:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=ee4b6612dfe3ef4684b25d77d205ce92
# engine=24875
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-19 07:32:37
# local_time=2015-07-19 09:32:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 37206730 53457637 0 0
# compatibility_mode_1='Emsisoft Anti-Malware'
# compatibility_mode=16897 16777213 83 100 13496 238576645 0 0
# scanned=461463
# found=21
# cleaned=0
# scan_time=11727
sh=5734C43E70EA47546CD3C4658F3878A678081146 ft=1 fh=18e87f1cb750a8f9 vn="Variante von Win32/SpeedBit.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\System\SysMenu.dll.vir"
sh=09E369F9EA069BC141F0D34DC18AEC3ABBA77F6B ft=1 fh=241f3ea108f7cde2 vn="Variante von Win32/Adware.Vonteera.L Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Convertor\Convertor.exe.vir"
sh=A10442EFD31C595DF97A4D1C1F089131740489F3 ft=1 fh=42ed3c92687a494b vn="Win32/Adware.Flinject.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FastSearch\tet3008.exe.vir"
sh=4C80B8272D2039580353E878D89F98C7E7A6C1D1 ft=1 fh=aa996b4324fb3c71 vn="Variante von Win32/ELEX.CY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\CmdShell.exe.vir"
sh=1C88A7C4FD5E9BBE5F558AB731149EC1E59A67AC ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\ffsearch_toolbar!1.0.0.1031.xpi.vir"
sh=230933730A30AE6BF14753EFB3CF28451B4D2B56 ft=1 fh=53206f85c831ab5f vn="Variante von Win32/ELEX.EE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\ProtectService.exe.vir"
sh=84378464F31AB4FA30B94E1220D7C85360130293 ft=1 fh=48b8d5336470e5b5 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\SupTab.dll.vir"
sh=09E369F9EA069BC141F0D34DC18AEC3ABBA77F6B ft=1 fh=241f3ea108f7cde2 vn="Variante von Win32/Adware.Vonteera.L Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Winsta\bin\Winsta.exe.vir"
sh=383F7B0F14ABA78B188E0E313F2936A4F7D7930B ft=1 fh=d841ec8e80dcb271 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=0048B23017CA4BD195FCB26ABB3CDD32DAC8C7A1 ft=1 fh=f5d7eb83b4da4203 vn="Variante von Win32/Adware.MultiPlug.NG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}\nsf36e3.tmp.exe.vir"
sh=4F174CCC115CB1A790B1DA6B3D75EE4D7DCA896F ft=1 fh=09af7c3bb57fc95b vn="Variante von Win32/Adware.SpeedingUpMyPC.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{c3721e45-20ba-f03e-c372-21e4520b7914}\hqghumeaylnlf.exe.vir"
sh=B4450C96172B08E942FA291973FBF835B07A30C5 ft=1 fh=14d0cf0229e4805e vn="Win32/Adware.ConvertAd.TT Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ADMIN\AppData\Local\E7E25121-1436991423-BACC-826D-3BF07DDA202C\onse321A.tmp.vir"
sh=B6D1BFE8A2165C8795C22ECAEFB74D566BC87D1F ft=1 fh=ba85a776c276c689 vn="Variante von Win32/Adware.ConvertAd.VC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ADMIN\AppData\Local\E7E25121-1436991423-BACC-826D-3BF07DDA202C\rnse3219.exe.vir"
sh=491164FE123DB6DA6E777864326D6213AD986A78 ft=1 fh=3cc6bbefcd819d9d vn="Win32/Adware.ConvertAd.UC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ADMIN\AppData\Local\E7E25121-1436991423-BACC-826D-3BF07DDA202C\snse3218.tmp.vir"
sh=32BE00C9B8BD83BF621E433EC87DE21B08F82098 ft=1 fh=a4fbdca8e8e73dc7 vn="Variante von Win32/PriceGong.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ADMIN\AppData\Local\SmartWeb\__u.exe.vir"
sh=3C6235A2342A488A2DD67B6E26F7BE3A84C43292 ft=0 fh=0000000000000000 vn="Win32/AnyProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ADMIN\AppData\Roaming\AnyProtectEx\swf\swf1RI.swf.vir"
sh=3C6235A2342A488A2DD67B6E26F7BE3A84C43292 ft=0 fh=0000000000000000 vn="Win32/AnyProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ADMIN\AppData\Roaming\AnyProtectEx\swf\swffODo.swf.vir"
sh=3C6235A2342A488A2DD67B6E26F7BE3A84C43292 ft=0 fh=0000000000000000 vn="Win32/AnyProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ADMIN\AppData\Roaming\AnyProtectEx\swf\swflWh.swf.vir"
sh=45D4139A25C04BCF7CAA7001A1932C74599329C8 ft=1 fh=0490809061bcea9d vn="Variante von Win32/Adware.ConvertAd.IE Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ADMIN\AppData\Roaming\ASPackage\ASPackage.exe.vir"
sh=FF8409689078D41CA5A07A7683B3F0AC74B0426C ft=1 fh=6a49e596e9ec9d44 vn="Win32/Adware.Regutility.A Anwendung" ac=I fn="C:\Program Files (x86)\RegUtility\Regutility.exe"
sh=A074678AD3A6FD1D9E12922AD06505D65EBEACF8 ft=1 fh=5ebbc150c1988340 vn="Variante von Win32/Toolbar.Visicom.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ADMIN\Downloads\toolbarcleaner_setup.exe"
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ee4b6612dfe3ef4684b25d77d205ce92
# end=init
# utc_time=2015-07-19 04:14:20
# local_time=2015-07-19 06:14:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 24875
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ee4b6612dfe3ef4684b25d77d205ce92
# end=updated
# utc_time=2015-07-19 04:17:09
# local_time=2015-07-19 06:17:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=ee4b6612dfe3ef4684b25d77d205ce92
# engine=24875
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-19 07:32:37
# local_time=2015-07-19 09:32:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 37206730 53457637 0 0
# compatibility_mode_1='Emsisoft Anti-Malware'
# compatibility_mode=16897 16777213 83 100 13496 238576645 0 0
# scanned=461463
# found=21
# cleaned=0
# scan_time=11727
sh=5734C43E70EA47546CD3C4658F3878A678081146 ft=1 fh=18e87f1cb750a8f9 vn="Variante von Win32/SpeedBit.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\System\SysMenu.dll.vir"
sh=09E369F9EA069BC141F0D34DC18AEC3ABBA77F6B ft=1 fh=241f3ea108f7cde2 vn="Variante von Win32/Adware.Vonteera.L Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Convertor\Convertor.exe.vir"
sh=A10442EFD31C595DF97A4D1C1F089131740489F3 ft=1 fh=42ed3c92687a494b vn="Win32/Adware.Flinject.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FastSearch\tet3008.exe.vir"
sh=4C80B8272D2039580353E878D89F98C7E7A6C1D1 ft=1 fh=aa996b4324fb3c71 vn="Variante von Win32/ELEX.CY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\CmdShell.exe.vir"
sh=1C88A7C4FD5E9BBE5F558AB731149EC1E59A67AC ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\ffsearch_toolbar!1.0.0.1031.xpi.vir"
sh=230933730A30AE6BF14753EFB3CF28451B4D2B56 ft=1 fh=53206f85c831ab5f vn="Variante von Win32/ELEX.EE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\ProtectService.exe.vir"
sh=84378464F31AB4FA30B94E1220D7C85360130293 ft=1 fh=48b8d5336470e5b5 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\SupTab.dll.vir"
sh=09E369F9EA069BC141F0D34DC18AEC3ABBA77F6B ft=1 fh=241f3ea108f7cde2 vn="Variante von Win32/Adware.Vonteera.L Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Winsta\bin\Winsta.exe.vir"
sh=383F7B0F14ABA78B188E0E313F2936A4F7D7930B ft=1 fh=d841ec8e80dcb271 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=0048B23017CA4BD195FCB26ABB3CDD32DAC8C7A1 ft=1 fh=f5d7eb83b4da4203 vn="Variante von Win32/Adware.MultiPlug.NG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}\nsf36e3.tmp.exe.vir"
sh=4F174CCC115CB1A790B1DA6B3D75EE4D7DCA896F ft=1 fh=09af7c3bb57fc95b vn="Variante von Win32/Adware.SpeedingUpMyPC.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{c3721e45-20ba-f03e-c372-21e4520b7914}\hqghumeaylnlf.exe.vir"
sh=B4450C96172B08E942FA291973FBF835B07A30C5 ft=1 fh=14d0cf0229e4805e vn="Win32/Adware.ConvertAd.TT Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ADMIN\AppData\Local\E7E25121-1436991423-BACC-826D-3BF07DDA202C\onse321A.tmp.vir"
sh=B6D1BFE8A2165C8795C22ECAEFB74D566BC87D1F ft=1 fh=ba85a776c276c689 vn="Variante von Win32/Adware.ConvertAd.VC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ADMIN\AppData\Local\E7E25121-1436991423-BACC-826D-3BF07DDA202C\rnse3219.exe.vir"
sh=491164FE123DB6DA6E777864326D6213AD986A78 ft=1 fh=3cc6bbefcd819d9d vn="Win32/Adware.ConvertAd.UC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ADMIN\AppData\Local\E7E25121-1436991423-BACC-826D-3BF07DDA202C\snse3218.tmp.vir"
sh=32BE00C9B8BD83BF621E433EC87DE21B08F82098 ft=1 fh=a4fbdca8e8e73dc7 vn="Variante von Win32/PriceGong.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ADMIN\AppData\Local\SmartWeb\__u.exe.vir"
sh=3C6235A2342A488A2DD67B6E26F7BE3A84C43292 ft=0 fh=0000000000000000 vn="Win32/AnyProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ADMIN\AppData\Roaming\AnyProtectEx\swf\swf1RI.swf.vir"
sh=3C6235A2342A488A2DD67B6E26F7BE3A84C43292 ft=0 fh=0000000000000000 vn="Win32/AnyProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ADMIN\AppData\Roaming\AnyProtectEx\swf\swffODo.swf.vir"
sh=3C6235A2342A488A2DD67B6E26F7BE3A84C43292 ft=0 fh=0000000000000000 vn="Win32/AnyProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ADMIN\AppData\Roaming\AnyProtectEx\swf\swflWh.swf.vir"
sh=45D4139A25C04BCF7CAA7001A1932C74599329C8 ft=1 fh=0490809061bcea9d vn="Variante von Win32/Adware.ConvertAd.IE Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ADMIN\AppData\Roaming\ASPackage\ASPackage.exe.vir"
sh=FF8409689078D41CA5A07A7683B3F0AC74B0426C ft=1 fh=6a49e596e9ec9d44 vn="Win32/Adware.Regutility.A Anwendung" ac=I fn="C:\Program Files (x86)\RegUtility\Regutility.exe"
sh=A074678AD3A6FD1D9E12922AD06505D65EBEACF8 ft=1 fh=5ebbc150c1988340 vn="Variante von Win32/Toolbar.Visicom.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ADMIN\Downloads\toolbarcleaner_setup.exe"
hier hoffentlich das richtige Checkup.txt: Code:
ATTFilter Results of screen317's Security Check version 1.004 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Emsisoft Anti-Malware Windows Defender Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 67 Java version 32-bit out of Date! Adobe Flash Player 18.0.0.209 Adobe Reader XI Mozilla Firefox 28.0 Firefox out of Date! Google Chrome (43.0.2357.132) Google Chrome (43.0.2357.134) ````````Process Check: objlist.exe by Laurent```````` Tall Emu Online Armor OAcat.exe Emsisoft Anti-Malware a2service.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
|
20.07.2015, 08:21
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst] Firefox und Java aktualisieren. Dein AV ist auch out of date  FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files (x86)\RegUtility\Regutility.exe
C:\Users\ADMIN\Downloads\toolbarcleaner_setup.exe
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.07.2015, 10:52
| #23 |
| | Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst] hier das Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by ADMIN at 2015-07-20 11:49:15 Run:3
Running from C:\Users\ADMIN\Downloads
Loaded Profiles: ADMIN & Johannes Weller & Sabine Weller & Admin_2 (Available Profiles: ADMIN & Johannes Weller & Sabine Weller & Admin_2)
Boot Mode: Normal
==============================================
fixlist content:
*****************
C:\Program Files (x86)\RegUtility\Regutility.exe
C:\Users\ADMIN\Downloads\toolbarcleaner_setup.exe
EmptyTemp:
*****************
C:\Program Files (x86)\RegUtility\Regutility.exe => moved successfully.
C:\Users\ADMIN\Downloads\toolbarcleaner_setup.exe => moved successfully.
EmptyTemp: => 80 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 11:49:19 ====
|
|
20.07.2015, 11:00
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst] Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.07.2015, 11:11
| #25 |
| | Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst] Hallo, der Rechner benimmt sich wieder ordentlich - hat zumindest den Anschein. Eine Frage hab ich zu diesem Ghostery. Das ist ja für Mozzilla. Bisher surfe ich zu 80% mit dem Explorer. Gibt es da auch was bergleichbares oder soll ich mir den einfach abgewöhnen?? |
|
20.07.2015, 11:51
| #26 | ||||||||||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst] Ich würd ja immer den Firefox nehmen. Dann wären wir durch! Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Abschließend müssen wir noch ein paar Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.  Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  Ghostery Erkennt und blockiert Tracker, Web Bugs, Pixel und Beacons und weitere Scripte, die das Surfverhalten ausspähen/beobachten. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.07.2015, 17:08
| #27 |
| | Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst] Hallo, ich war gestern krank, deswegen geht es erst heute weiter. Da ich weder Combofix noch Defogger benutze habe mache ich jetzt mit dem DelFix weiter - ist das richtig?? |
|
21.07.2015, 18:16
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst] Ja, so wie es da steht - "falls verwendet"
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.07.2015, 05:21
| #29 |
| | Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst] So, alles erledigt. PC funktioniert wieder. Und ich hoffe, dass bleibt lange so. Werde deine Tipps anwenden. Liebe Grüße Binchen |
|
| Themen zu Windows 8.1 - selbstinstallierende Programm spamen PC voll |
| beenden, bild, eingefangen, erkennen, folge, folgendes, gelaufen, guten, hintergrund, installierte, interne, internet, klick, laden, morgen, neu, problem, programm, schnell, seite, seiten, super, systemsteuerung, viren, viren usw., voll, windows |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
