|
Plagegeister aller Art und deren Bekämpfung: word und explorer reagieren nicht mehr bei eingabeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.10.2015, 14:12 | #1 |
| word und explorer reagieren nicht mehr bei eingabe hallo ich habe seit einiger zeit folgendes problem wenn ich in word oder im explorer was schreiben oder löschen möchte kann ich das nicht erst wenn ich den pc runter fahre und wieder rauf dann gehts eine weile wieder kann das ein virus sein im firefox geht alles gruß |
15.10.2015, 14:56 | #2 |
/// the machine /// TB-Ausbilder | word und explorer reagieren nicht mehr bei eingabe hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
15.10.2015, 20:16 | #3 |
| word und explorer reagieren nicht mehr bei eingabeCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:15-10-2015 durchgeführt von mel (Administrator) auf MAX (15-10-2015 21:08:39) Gestartet von C:\Users\mel\Desktop Geladene Profile: UpdatusUser & mel (Verfügbare Profile: UpdatusUser & mel) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\splwow64.exe (TuneUp Software) C:\Users\mel\Desktop\TuneUpUtilities2014_de-DE.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TUInstallHelper.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-28] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1360600 2013-10-29] (Realtek Semiconductor) HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-584950875-1343600559-1796236776-1001\...\Run: [Power2GoExpress8] => NA HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd) HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\MountPoints2: {2e0fefc4-6791-11e5-841e-2025641469ab} - "G:\AutoRun.exe" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\MountPoints2: {2e0ff5a2-6791-11e5-841e-2025641469ab} - "F:\AutoRun.exe" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\MountPoints2: {2f460703-0ac6-11e5-83e3-2025641469ab} - "F:\AutoRun.exe" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\MountPoints2: {30bc08ef-678c-11e5-841d-2025641469ab} - "G:\AutoRun.exe" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\MountPoints2: {3fb54c2d-4cdf-11e5-83ff-2025641469ab} - "F:\AutoRun.exe" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\MountPoints2: {8bec76b6-5d3a-11e4-8320-0c8bfda662b9} - "F:\AutoRun.exe" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\MountPoints2: {8bec7754-5d3a-11e4-8320-0c8bfda662b9} - "F:\AutoRun.exe" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\MountPoints2: {ca3e1589-a02f-11e4-8378-2025641469ab} - "F:\AutoRun.exe" BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{2D7D7085-9498-4093-AC34-2DBFD52ED2F0}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{504E0C1A-A790-427E-B99E-99BEC4D7CC87}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{C581E33F-E410-4F83-A9D0-0481B4DF653D}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{C67A933F-83E8-40E4-8630-5B61FE4CDC99}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{ED5F2D1D-1D12-41F0-8E08-22353BAC0946}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-584950875-1343600559-1796236776-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab) BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab) Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab) Toolbar: HKU\S-1-5-21-584950875-1343600559-1796236776-1002 -> Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab) FireFox: ======== FF ProfilePath: C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\ofeodm54.default FF NewTab: FF DefaultSearchEngine: Bing® FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing® FF Homepage: hxxps://communicator.strato.de/ox6/ox.html# hxxps://login.yahoo.com/ about:newtab FF Keyword.URL: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_207.dll [2015-10-15] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-15] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Extension: Bing Search - C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\ofeodm54.default\Extensions\bingsearch.full@microsoft.com [2015-04-28] FF Extension: WOT - C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\ofeodm54.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-08-18] FF Extension: Adblock Plus Pop-up Addon - C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\ofeodm54.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-08-18] FF Extension: NoSquint - C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\ofeodm54.default\Extensions\nosquint@urandom.ca.xpi [2014-07-12] FF Extension: Adblock Plus - C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\ofeodm54.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-09] FF Extension: Adblock Edge - C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\ofeodm54.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-08-18] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-09-28] FF HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\ofeodm54.default\extensions\cliqz@cliqz.com => nicht gefunden Chrome: ======= CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-09-28] (Kaspersky Lab ZAO) R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink) R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] () R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-28] (NVIDIA Corporation) R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-06-16] (TuneUp Software) S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-19] (Intel Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [171192 2015-06-30] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227000 2015-07-04] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [937656 2015-06-30] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-09-28] (AO Kaspersky Lab) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [78008 2015-06-26] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO) R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49776 2014-07-25] (Visicom Media Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation) R3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider) S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation ) S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [33448 2014-12-30] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.) S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31912 2014-12-30] (Razer Inc) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-05-27] (TuneUp Software) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X] S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-10-15 21:08 - 2015-10-15 21:09 - 00019549 _____ C:\Users\mel\Desktop\FRST.txt 2015-10-15 21:08 - 2015-10-15 21:08 - 00000000 ____D C:\FRST 2015-10-15 21:07 - 2015-10-15 21:07 - 02196992 _____ (Farbar) C:\Users\mel\Desktop\FRST64.exe 2015-10-15 16:44 - 2015-10-15 20:31 - 00020252 _____ C:\Windows\WindowsUpdate.log 2015-10-15 10:37 - 2015-10-15 11:19 - 00001491 _____ C:\Windows\setupact.log 2015-10-15 10:37 - 2015-10-15 10:37 - 00000000 _____ C:\Windows\setuperr.log 2015-10-15 10:36 - 2015-10-15 10:36 - 00486520 _____ C:\Windows\system32\FNTCACHE.DAT 2015-10-15 10:29 - 2015-10-15 10:29 - 01682432 _____ C:\Users\mel\Desktop\adwcleaner_5.013.exe 2015-10-15 09:38 - 2015-10-15 09:38 - 28598072 _____ (TuneUp Software) C:\Users\mel\Desktop\TuneUpUtilities2014_de-DE.exe 2015-10-15 09:37 - 2015-10-15 09:48 - 00000000 ____D C:\Users\mel\AppData\Roaming\Opera Software 2015-10-15 09:37 - 2015-10-15 09:48 - 00000000 ____D C:\Users\mel\AppData\Local\Opera Software 2015-10-15 09:37 - 2015-10-15 09:48 - 00000000 ____D C:\Program Files (x86)\Opera 2015-10-15 09:36 - 2015-10-15 09:36 - 00541848 _____ C:\Users\mel\Desktop\TuneUpUtilities2014_de-DE_CB-DL-Manager.exe 2015-10-15 08:45 - 2015-10-15 08:45 - 00000000 ____D C:\Users\mel\AppData\Roaming\dlg 2015-10-15 08:43 - 2015-10-15 08:43 - 00001316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk 2015-10-15 08:41 - 2015-10-15 09:53 - 00002904 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini 2015-10-15 08:41 - 2015-10-15 09:53 - 00002904 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini 2015-10-15 08:40 - 2015-10-15 08:40 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2015-10-15 08:40 - 2015-10-15 08:40 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2015-10-15 07:02 - 2015-10-15 07:02 - 08776392 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-10-14 13:23 - 2015-08-06 19:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx 2015-10-14 13:23 - 2015-08-06 18:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx 2015-10-14 13:19 - 2015-08-07 23:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-10-14 13:19 - 2015-08-07 23:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-10-14 13:19 - 2015-08-07 23:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-10-14 13:19 - 2015-08-07 16:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-10-14 13:19 - 2015-08-06 18:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-10-14 13:19 - 2015-08-06 18:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2015-10-14 13:19 - 2015-07-16 20:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll 2015-10-14 13:18 - 2015-08-22 15:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2015-10-14 13:18 - 2015-08-22 15:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-10-14 13:18 - 2015-08-22 15:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-10-14 13:18 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-10-14 13:11 - 2015-09-29 14:31 - 07457624 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-10-14 13:11 - 2015-09-29 14:31 - 01658536 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-10-14 13:11 - 2015-09-29 14:31 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-10-14 13:11 - 2015-09-29 14:31 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-10-14 13:11 - 2015-09-29 14:31 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-10-14 13:11 - 2015-09-24 18:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll 2015-10-14 13:11 - 2015-09-24 18:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll 2015-10-14 13:11 - 2015-09-10 20:02 - 25851392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-10-14 13:11 - 2015-09-10 19:09 - 20358144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-10-14 13:11 - 2015-08-27 04:43 - 22372152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-10-14 13:11 - 2015-08-27 04:42 - 19795904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-10-14 13:11 - 2015-08-07 23:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-10-14 13:11 - 2015-08-07 23:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-10-14 13:10 - 2015-09-29 14:29 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-10-14 13:10 - 2015-09-28 20:45 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-10-14 13:10 - 2015-09-28 20:26 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-10-14 13:10 - 2015-09-28 20:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-10-14 13:10 - 2015-09-28 20:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-10-14 13:10 - 2015-09-28 20:25 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-10-14 13:10 - 2015-09-28 20:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-10-14 13:10 - 2015-09-28 20:22 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-10-14 13:10 - 2015-09-28 20:22 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-10-14 13:10 - 2015-09-28 20:15 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-10-14 13:10 - 2015-09-28 20:13 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-10-14 13:10 - 2015-09-28 20:12 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-10-14 13:10 - 2015-09-10 19:19 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-10-14 13:10 - 2015-09-10 19:18 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-10-14 13:10 - 2015-09-10 19:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-10-14 13:10 - 2015-09-10 19:14 - 05990400 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-10-14 13:10 - 2015-09-10 19:06 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-10-14 13:10 - 2015-09-10 19:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-10-14 13:10 - 2015-09-10 18:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-10-14 13:10 - 2015-09-10 18:39 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-10-14 13:10 - 2015-09-10 18:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-10-14 13:10 - 2015-09-10 18:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-10-14 13:10 - 2015-09-10 18:35 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-10-14 13:10 - 2015-09-10 18:33 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-10-14 13:10 - 2015-09-10 18:28 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-10-14 13:10 - 2015-09-10 18:28 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-10-14 13:10 - 2015-09-10 18:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-10-14 13:10 - 2015-09-10 18:24 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-10-14 13:10 - 2015-09-10 18:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-10-14 13:10 - 2015-09-10 18:19 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-10-14 13:10 - 2015-09-10 18:19 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-10-14 13:10 - 2015-09-10 18:19 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-10-14 13:10 - 2015-09-10 18:17 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-10-14 13:10 - 2015-09-10 18:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-10-14 13:10 - 2015-09-10 18:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-10-14 13:10 - 2015-09-10 18:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-10-14 13:10 - 2015-09-10 18:02 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-10-14 13:10 - 2015-09-10 18:01 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-10-14 13:10 - 2015-09-10 18:00 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-10-14 13:10 - 2015-09-10 17:57 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-10-14 13:10 - 2015-09-10 17:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-10-14 13:10 - 2015-09-10 17:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-10-14 13:10 - 2015-09-10 17:55 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-10-14 13:10 - 2015-09-10 17:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-10-14 13:10 - 2015-09-10 17:45 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-10-14 13:10 - 2015-09-10 17:34 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-10-14 13:10 - 2015-09-10 17:31 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-10-14 13:10 - 2015-09-10 17:27 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-10-14 13:10 - 2015-09-10 17:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-10-05 18:30 - 2015-10-05 18:30 - 00000990 _____ C:\Users\mel\Desktop\wulf -Externe-festplatte - Verknüpfung.lnk 2015-10-04 11:12 - 2015-10-04 11:15 - 00000000 ____D C:\Users\mel\Documents\Fax 2015-10-02 21:23 - 2015-10-03 01:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-09-29 17:32 - 2015-09-29 17:34 - 00000000 ____D C:\Users\mel\Desktop\bilder 2015-09-28 09:16 - 2015-09-28 09:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2015-09-28 09:12 - 2015-07-04 02:18 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2015-09-28 09:12 - 2015-06-30 01:05 - 00937656 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2015-09-28 09:12 - 2015-06-30 01:05 - 00171192 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2015-09-27 10:13 - 2015-09-28 16:07 - 00000000 ____D C:\Users\mel\AppData\Roaming\unav 2015-09-27 10:13 - 2015-09-27 10:13 - 00000000 ____D C:\Users\mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UNAV 2015-09-27 10:13 - 2015-09-27 10:13 - 00000000 ____D C:\Program Files (x86)\UNAV 2015-09-27 00:26 - 2015-10-15 14:46 - 00000000 ____D C:\Users\mel\Desktop\alles ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-10-15 21:07 - 2014-07-09 13:32 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E0E2EEF3-06A2-4B4A-AD68-D8AA0370F1BD} 2015-10-15 21:02 - 2014-07-12 20:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-10-15 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-10-15 20:03 - 2013-11-15 17:20 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-10-15 17:50 - 2014-07-11 19:09 - 07937024 ___SH C:\Users\mel\Desktop\Thumbs.db 2015-10-15 16:44 - 2014-07-09 13:29 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-584950875-1343600559-1796236776-1002 2015-10-15 14:58 - 2013-09-12 13:28 - 00766620 _____ C:\Windows\system32\perfh007.dat 2015-10-15 14:58 - 2013-09-12 13:28 - 00159902 _____ C:\Windows\system32\perfc007.dat 2015-10-15 14:58 - 2013-09-12 13:00 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI 2015-10-15 11:25 - 2014-07-09 13:26 - 00000000 ___DO C:\Users\mel\SkyDrive 2015-10-15 11:19 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-15 10:41 - 2015-09-14 18:42 - 00000000 ____D C:\AdwCleaner 2015-10-15 10:23 - 2014-07-09 22:02 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-10-15 10:06 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-10-15 09:52 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-10-15 08:43 - 2015-01-25 11:05 - 00000000 ____D C:\Program Files\paint.net 2015-10-15 07:51 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData 2015-10-15 07:35 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2015-10-15 07:30 - 2014-07-16 18:38 - 00000000 ____D C:\Windows\system32\MRT 2015-10-15 07:20 - 2013-11-15 17:01 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-10-15 07:02 - 2014-07-12 20:41 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-10-14 10:16 - 2015-04-17 11:13 - 00000000 ___RD C:\Users\mel\kai 2015-10-13 20:40 - 2014-07-09 13:22 - 00000000 ____D C:\Users\mel\AppData\Local\VirtualStore 2015-10-11 22:17 - 2014-07-09 13:20 - 00000000 ____D C:\Users\mel 2015-10-09 00:24 - 2015-04-28 18:55 - 00000000 ____D C:\Users\mel\AppData\Roaming\Skype 2015-10-09 00:06 - 2015-01-12 01:03 - 00000000 ____D C:\Users\mel\AppData\Local\ManyCam 2015-10-08 20:12 - 2014-11-24 21:25 - 00000000 ____D C:\Users\mel\Documents\FinePrint-Dateien 2015-10-08 18:37 - 2015-04-04 19:07 - 00000000 ___SD C:\Windows\system32\GWX 2015-10-07 21:26 - 2015-04-04 19:07 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-10-05 16:51 - 2014-08-07 23:15 - 00013312 _____ C:\Users\mel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-10-04 11:12 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-10-03 10:25 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2015-10-03 01:52 - 2014-07-09 20:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-10-02 16:24 - 2014-12-10 21:51 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-10-02 16:24 - 2014-12-10 21:51 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-10-02 12:48 - 2015-05-26 19:17 - 00000000 ____D C:\ProgramData\CanonIJPLM 2015-09-28 10:07 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpd.sys 2015-09-28 09:58 - 2015-09-01 20:10 - 00000000 ____D C:\ProgramData\Avira 2015-09-28 09:58 - 2013-11-26 15:59 - 00000000 ____D C:\ProgramData\Package Cache 2015-09-28 09:19 - 2014-07-19 13:22 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2015-09-28 09:16 - 2014-07-19 14:02 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2015-09-26 22:49 - 2015-08-15 12:42 - 00000000 ____D C:\Program Files (x86)\Rainlendar2 ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-08-07 23:15 - 2015-10-05 16:51 - 0013312 _____ () C:\Users\mel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-18 12:28 - 2014-09-30 19:40 - 0004096 ____H () C:\Users\mel\AppData\Local\keyfile3.drm 2013-11-26 15:54 - 2013-11-26 15:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-11-13 17:08 - 2013-11-13 17:09 - 0000104 _____ () C:\ProgramData\{01FB4998-33C4-4431-85ED-079E3EEFE75D}.log 2013-11-13 17:09 - 2013-11-13 17:10 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-11-13 17:04 - 2013-11-13 17:06 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-11-13 17:02 - 2013-11-13 17:02 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-11-13 17:07 - 2013-11-13 17:08 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log 2013-11-13 17:02 - 2013-11-13 17:04 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log 2013-11-13 17:06 - 2013-11-13 17:06 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log Einige Dateien in TEMP: ==================== C:\Users\mel\AppData\Local\Temp\res.dll C:\Users\mel\AppData\Local\Temp\secureup.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-10-11 08:45 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:15-10-2015 durchgeführt von mel (2015-10-15 21:10:04) Gestartet von C:\Users\mel\Desktop Windows 8.1 (X64) (2014-07-09 11:21:22) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-584950875-1343600559-1796236776-500 - Administrator - Disabled) Gast (S-1-5-21-584950875-1343600559-1796236776-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-584950875-1343600559-1796236776-1004 - Limited - Enabled) mel (S-1-5-21-584950875-1343600559-1796236776-1002 - Administrator - Enabled) => C:\Users\mel UpdatusUser (S-1-5-21-584950875-1343600559-1796236776-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B} AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated) Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG) Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.) Canon MG7100 series Benutzerregistrierung (HKLM-x32\...\Canon MG7100 series Benutzerregistrierung) (Version: - *Canon Inc.) Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: - Canon Inc.) Canon MG7100 series On-screen Manual (HKLM-x32\...\Canon MG7100 series On-screen Manual) (Version: 7.6.1 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform) Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Content Manager (HKLM-x32\...\Content Manager) (Version: 3.18.4.510611 - NNG Llc.) CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.) CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc) FinePrint (HKLM\...\FinePrint) (Version: 8.11 - FinePrint Software, LLC) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Fotoğraf Galerisi (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Free M4a to MP3 Converter 8.3 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free YouTube to MP3 Converter version 3.12.49.1022 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.49.1022 - DVDVideoSoft Ltd.) Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden GeForce Experience NvStream Client Components (Version: 0.1.87 - NVIDIA Corporation) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden ManyCam 4.0.110 (HKLM-x32\...\ManyCam) (Version: 4.0.110 - Visicom Media Inc.) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) MobileWiFi (HKLM-x32\...\MobileWiFi) (Version: TOOL-ConnLaucher_WIN1.12.08.00 - Huawei Technologies Co.,Ltd) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 41.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 de)) (Version: 41.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla) Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.) NVIDIA GeForce Experience 1.6.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6.1 - NVIDIA Corporation) NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA Virtual Audio 1.2.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.5 - NVIDIA Corporation) paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24735 - Razer Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.) SHIELD Streaming (Version: 1.05.28 - NVIDIA Corporation) Hidden Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) sv.net (HKLM-x32\...\sv.net) (Version: 15.1 - ITSG GmbH) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.324 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.324 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.324 - TuneUp Software) Hidden Valokuvavalikoima (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-584950875-1343600559-1796236776-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Wiederherstellungspunkte ========================= 29-09-2015 17:55:54 Geplanter Prüfpunkt 07-10-2015 21:25:24 Windows Update 08-10-2015 20:43:45 Wiederherstellungsvorgang 15-10-2015 07:12:31 Windows Update 15-10-2015 09:44:52 Driver Reviver (15/10/2015 09:44) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0203F563-4605-48CE-AFA0-C8C0D073E83A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {04BAC4EB-EDC5-4784-A783-2953F5146DC8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-15] (Adobe Systems Incorporated) Task: {04C291C9-4D89-415F-9B2B-970A20080608} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {824F99CF-F08F-436A-AA1C-804580FADBAA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {B4F674EE-364A-45AC-813F-EF0514518F3C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd) Task: {C5B2A2F1-8535-4DF9-BD99-0B58063B8511} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-06-16] (TuneUp Software) Task: {D894E091-F2ED-4D4A-9AE5-3D901F2D193D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) Task: {DEA439DD-C8EB-408C-BF21-74E83B6984F3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-10-15] (Microsoft Corporation) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2013-10-28 04:02 - 2013-10-28 04:02 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2015-02-05 01:24 - 2015-02-05 01:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2014-05-21 00:33 - 2015-08-09 04:50 - 00404376 _____ () C:\Windows\system32\igfxTray.exe 2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll 2014-09-18 18:28 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-09-18 18:28 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-09-18 18:28 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-09-18 18:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-09-18 18:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2013-11-15 17:39 - 2013-09-16 13:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-06-16 13:09 - 2014-06-16 13:09 - 00611128 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUKernel.bpl 2014-06-16 13:09 - 2014-06-16 13:09 - 00152888 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUBasic.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00820024 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\MainControls.bpl 2014-06-16 13:09 - 2014-06-16 13:09 - 00119096 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUTransl.bpl 2014-06-16 13:09 - 2014-06-16 13:09 - 00129336 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\SchedAgent_2007.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00278840 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\AppInitialization.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00493368 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\Html.bpl 2014-06-16 13:09 - 2014-06-16 13:09 - 00449848 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\GR32_D6.bpl 2014-06-16 13:09 - 2014-06-16 13:09 - 00335672 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUCompression.bpl 2014-06-16 13:09 - 2014-06-16 13:09 - 00307000 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\ntrtl60.bpl 2014-06-16 13:09 - 2014-06-16 13:09 - 00307000 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\DEC.bpl 2014-06-16 13:09 - 2014-06-16 13:09 - 00210744 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\XMLComponents.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00470328 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\SysInfo.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00069944 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxGDIPlusD12.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00044856 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxCoreD12.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00154424 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\cefcomponent.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00144184 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUIcoEngineerDirTree.bpl 2014-06-16 13:09 - 2014-06-16 13:09 - 00076600 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUShell.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00423224 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\VisControls.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00215864 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\ProgramRating.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00047928 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUApplications.bpl 2014-06-16 13:11 - 2014-06-16 13:11 - 00140088 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\CommonForms.bpl 2014-06-16 13:11 - 2014-06-16 13:11 - 00458040 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\PowerManager.bpl 2014-06-16 13:11 - 2014-06-16 13:11 - 00632632 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUDiskCleanerClass.bpl 2014-06-16 13:09 - 2014-06-16 13:09 - 00161080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\PerlRegEx.bpl 2014-06-16 13:09 - 2014-06-16 13:09 - 00033080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUBase.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00107320 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUShredder.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00656184 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\MSI_D6.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00068408 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\SysControls.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 01145144 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxBarD12.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00852280 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\cxLibraryD12.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00055608 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxThemeD12.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00609080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\VirtualTreesR.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00092984 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUApps.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00489272 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\Traces.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00083256 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUOperaClass.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00042808 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUSafariClass.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00065848 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUIECacheClass.bpl 2014-06-16 13:10 - 2014-06-16 13:10 - 00016184 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxComnD12.bpl 2014-06-16 13:09 - 2014-06-16 13:09 - 00042808 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TURar.bpl 2014-06-16 13:14 - 2014-06-16 13:14 - 00585528 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgreplibx.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Users\mel\SkyDrive:ms-properties ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\webcompanion.com -> hxxp://webcompanion.com ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-584950875-1343600559-1796236776-1002\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run: => "BTMTrayAgent" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RtHDVCpl" HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby" HKLM\...\StartupApproved\Run: => "CanonMyPrinter" HKLM\...\StartupApproved\Run: => "CanonSolutionMenu" HKLM\...\StartupApproved\Run: => "IntelliPoint" HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8" HKLM\...\StartupApproved\Run32: => "CLVirtualDrive" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "YouCam Service" HKLM\...\StartupApproved\Run32: => "BTMTrayAgent" HKLM\...\StartupApproved\Run32: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "Nvtmru" HKLM\...\StartupApproved\Run32: => "SynTPEnh" HKLM\...\StartupApproved\Run32: => "CanonSolutionMenu" HKLM\...\StartupApproved\Run32: => "SDTray" HKLM\...\StartupApproved\Run32: => "Razer Synapse" HKLM\...\StartupApproved\Run32: => "CanonQuickMenu" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "AppLauncher" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "Mobile Partner" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "!DefaultSetup" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "BingSvc" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{6AE7B4B4-D8EC-4095-9EDE-1D0407493CB4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{77936D80-6A89-494F-A543-3C0D774614C7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{8C8323B7-A320-497D-AA70-C0FD492FAAC6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe FirewallRules: [{7C57A8A5-6887-4930-B692-5BDA66AD2CE3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe FirewallRules: [{BC1581EF-EB52-4DB3-806D-6AB1A096F9F0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{B090FAC3-34CA-4D99-8374-176423707E40}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{BD8567CD-18AF-4F3B-9890-47FAD209DC7A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{AD3D86C8-9D08-4282-B600-06D66D58F91E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{B1D6920A-FDB1-460D-8785-F074E9A97829}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{5C60FF39-F4AA-45AB-8D65-47390638EE55}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{97D0BC8D-D025-4BD4-B9AB-97DA6D31A164}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{A9BFB1E9-D569-44EA-AF31-55A7547AA540}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7E049A2E-B2DF-4709-AD14-6F2ED864A133}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{25A0087E-A324-4CD1-B43C-A00645ACB95D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{E3E15ABE-7E25-46C3-B74C-A8ECEFE11768}] => (Allow) LPort=2869 FirewallRules: [{DDAFEAA6-701A-4EF4-85AC-03714C95D7AB}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{1924D0C4-B7FE-4BBD-B224-ED70D683CBF1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{2473D294-E314-4539-B98E-BE5D7954EDA6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: ManyCam Virtual Microphone Description: ManyCam Virtual Microphone Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Visicom Media Inc. Service: mcaudrv_simple Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (10/15/2015 04:25:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: TUInstallHelper.exe, Version: 14.0.1000.324, Zeitstempel: 0x539ed118 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4bc8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0008713d ID des fehlerhaften Prozesses: 0x1dd8 Startzeit der fehlerhaften Anwendung: 0xTUInstallHelper.exe0 Pfad der fehlerhaften Anwendung: TUInstallHelper.exe1 Pfad des fehlerhaften Moduls: TUInstallHelper.exe2 Berichtskennung: TUInstallHelper.exe3 Vollständiger Name des fehlerhaften Pakets: TUInstallHelper.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TUInstallHelper.exe5 Error: (10/15/2015 03:20:05 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm avpui.exe, Version 16.0.0.625 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 660 Startzeit: 01d1072b56138094 Endzeit: 60000 Anwendungspfad: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe Berichts-ID: 44cfe640-733f-11e5-8437-2025641469ab Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (10/15/2015 11:20:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe, Version: 14.0.1000.324, Zeitstempel: 0x539ed142 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4c16b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000f1280 ID des fehlerhaften Prozesses: 0xd80 Startzeit der fehlerhaften Anwendung: 0xTuneUpUtilitiesService64.exe0 Pfad der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe1 Pfad des fehlerhaften Moduls: TuneUpUtilitiesService64.exe2 Berichtskennung: TuneUpUtilitiesService64.exe3 Vollständiger Name des fehlerhaften Pakets: TuneUpUtilitiesService64.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TuneUpUtilitiesService64.exe5 Error: (10/15/2015 10:42:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: TUInstallHelper.exe, Version: 14.0.1000.324, Zeitstempel: 0x539ed118 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4bc8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0008713d ID des fehlerhaften Prozesses: 0x718 Startzeit der fehlerhaften Anwendung: 0xTUInstallHelper.exe0 Pfad der fehlerhaften Anwendung: TUInstallHelper.exe1 Pfad des fehlerhaften Moduls: TUInstallHelper.exe2 Berichtskennung: TUInstallHelper.exe3 Vollständiger Name des fehlerhaften Pakets: TUInstallHelper.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TUInstallHelper.exe5 Error: (10/15/2015 10:39:43 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe, Version: 14.0.1000.324, Zeitstempel: 0x539ed142 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4c16b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000f1280 ID des fehlerhaften Prozesses: 0xd88 Startzeit der fehlerhaften Anwendung: 0xTuneUpUtilitiesService64.exe0 Pfad der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe1 Pfad des fehlerhaften Moduls: TuneUpUtilitiesService64.exe2 Berichtskennung: TuneUpUtilitiesService64.exe3 Vollständiger Name des fehlerhaften Pakets: TuneUpUtilitiesService64.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TuneUpUtilitiesService64.exe5 Error: (10/15/2015 10:38:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe, Version: 14.0.1000.324, Zeitstempel: 0x539ed142 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4c16b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000f1280 ID des fehlerhaften Prozesses: 0xdf8 Startzeit der fehlerhaften Anwendung: 0xTuneUpUtilitiesService64.exe0 Pfad der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe1 Pfad des fehlerhaften Moduls: TuneUpUtilitiesService64.exe2 Berichtskennung: TuneUpUtilitiesService64.exe3 Vollständiger Name des fehlerhaften Pakets: TuneUpUtilitiesService64.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TuneUpUtilitiesService64.exe5 Error: (10/15/2015 10:24:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: TUInstallHelper.exe, Version: 14.0.1000.324, Zeitstempel: 0x539ed118 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4bc8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0008713d ID des fehlerhaften Prozesses: 0x98c Startzeit der fehlerhaften Anwendung: 0xTUInstallHelper.exe0 Pfad der fehlerhaften Anwendung: TUInstallHelper.exe1 Pfad des fehlerhaften Moduls: TUInstallHelper.exe2 Berichtskennung: TUInstallHelper.exe3 Vollständiger Name des fehlerhaften Pakets: TUInstallHelper.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TUInstallHelper.exe5 Systemfehler: ============= Error: (10/15/2015 07:32:22 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LEASPC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2D7D7085-9498-4093-AC34-2DBFD52ED2F0}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (10/15/2015 05:47:17 PM) (Source: disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden. Error: (10/15/2015 05:47:17 PM) (Source: disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden. Error: (10/15/2015 05:47:17 PM) (Source: disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden. Error: (10/15/2015 05:47:17 PM) (Source: disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden. Error: (10/15/2015 05:47:17 PM) (Source: disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden. Error: (10/15/2015 05:47:17 PM) (Source: disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden. Error: (10/15/2015 11:20:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (10/15/2015 11:17:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\IWMSSvc.dll Error: (10/15/2015 11:17:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\IWMSSvc.dll ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz Prozentuale Nutzung des RAM: 39% Installierter physikalischer RAM: 8100.68 MB Verfügbarer physikalischer RAM: 4872.64 MB Summe virtueller Speicher: 9380.68 MB Verfügbarer virtueller Speicher: 5794.78 MB ==================== Laufwerke ================================ Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:511.71 GB) NTFS Drive d: (Recover) (Fixed) (Total:60 GB) (Free:42.07 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: F2E9FFFD) Partition: GPT. ==================== Ende von Addition.txt ============================ und was sieht mann nun daraus |
16.10.2015, 19:16 | #4 |
/// the machine /// TB-Ausbilder | word und explorer reagieren nicht mehr bei eingabe Dass es auf den ersten Blick nicht an Malware liegt. Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.10.2015, 20:22 | #5 |
| word und explorer reagieren nicht mehr bei eingabeCode:
ATTFilter --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.3.9200 Windows 8.1 x64 Account is Administrative Internet Explorer version: 11.0.9600.18053 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 8494178304, free: 6059188224 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.3.9200 Windows 8.1 x64 Account is Administrative Internet Explorer version: 11.0.9600.18053 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 8494178304, free: 6037094400 Downloaded database version: v2015.10.17.04 Downloaded database version: v2015.10.16.01 Downloaded database version: v2015.10.16.01 ======================================= Initializing... Driver version: 0.3.0.4 ------------ Kernel report ------------ 10/17/2015 19:32:40 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\Drivers\cng.sys \SystemRoot\system32\DRIVERS\kl1.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\cm_km.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\DRIVERS\klbackupdisk.sys \SystemRoot\system32\DRIVERS\FLTMGR.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\iaStorA.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\DRIVERS\klbackupflt.sys \SystemRoot\system32\DRIVERS\klflt.sys \SystemRoot\system32\DRIVERS\klif.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\klhk.sys \SystemRoot\system32\DRIVERS\klpd.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\klwfp.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\klim6.sys \SystemRoot\system32\DRIVERS\klwtp.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\system32\DRIVERS\kneps.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\System32\drivers\ucx01000.sys \SystemRoot\system32\DRIVERS\TeeDriverx64.sys \SystemRoot\system32\DRIVERS\NETwbw02.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\system32\DRIVERS\Rt630x64.sys \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\klmouflt.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\system32\DRIVERS\klkbdflt.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\CmBatt.sys \SystemRoot\System32\drivers\BATTC.SYS \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\PegaRadioSwitch.sys \SystemRoot\System32\drivers\mshidkmdf.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mcvidrv.sys \SystemRoot\system32\DRIVERS\STREAM.SYS \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\drivers\ew_jubusenum.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\iwdbus.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\system32\DRIVERS\ibtusb.sys \SystemRoot\system32\DRIVERS\btmhsf.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_iaStorA.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\DRIVERS\kldisk.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \??\C:\Windows\system32\drivers\rzpmgrk.sys \??\C:\Windows\system32\drivers\rzpnk.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\WSDPrint.sys \SystemRoot\system32\DRIVERS\WSDScan.sys \SystemRoot\System32\drivers\rzdaendpt.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\rzudd.sys \SystemRoot\System32\drivers\rzvkeyboard.sys \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\usbscan.sys \SystemRoot\System32\drivers\usbprint.sys \SystemRoot\System32\drivers\USBSTOR.SYS \SystemRoot\System32\drivers\WUDFRd.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys ----------- End ----------- Done! Scan started Database versions: main: v2015.10.17.04 rootkit: v2015.10.16.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffe000b1f7c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe000b1f7cb20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe000b1f7c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffe000af7f4c60, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffe000af7f4060, DeviceName: \Device\00000036\, DriverName: \Driver\iaStorA\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1) Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: F2E9FFFD GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 2724766353 GPT Header CurrentLba = 1 BackupLba 1953525167 GPT Header FirstUsableLba 34 LastUsableLba 1953525134 GPT Header Guid b74ebf6c-9042-4f92-aa69-e112931c29be GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 2724766353 Backup GPT header CurrentLba = 1953525167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134 Backup GPT header Guid b74ebf6c-9042-4f92-aa69-e112931c29be Backup GPT header Contains 128 partition entries starting at LBA 1953525135 Backup GPT header Partition entry size = 128 Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 389581e1-d835-4aa9-8ce9-c514391c7d65 FirstLBA 2048 Last LBA 1023999 Attributes 0 Partition Name Basic data partition Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID a4090d79-aaa5-4089-8fb7-52b06b75caba FirstLBA 1024000 Last LBA 1228799 Attributes 0 Partition Name EFI system partition GPT Partition 1 is bootable Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID e21738f1-7b77-4d98-85f3-1de579aa0b7 FirstLBA 1228800 Last LBA 1490943 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type 8d7f0cc6-879e-47f6-a767-ed8fd3b659 Partition ID b2121636-3377-4d0e-afd4-df94d773988 FirstLBA 1490944 Last LBA 3588095 Attributes 1 Partition Name Basic data partition Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 4a19f411-df55-4095-8dff-78f348af978 FirstLBA 3588096 Last LBA 1827692543 Attributes 0 Partition Name Basic data partition Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 17c99bb3-1bd0-42b3-a05f-cbafdf29d7b FirstLBA 1827692544 Last LBA 1953513471 Attributes 0 Partition Name Basic data partition Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffe000b8ab8770, DeviceName: \Device\Harddisk1\DR7\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe000bc09a040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe000b8ab8770, DeviceName: \Device\Harddisk1\DR7\, DriverName: \Driver\disk\ DevicePointer: 0xffffe000b8b210e0, DeviceName: \Device\0000012f\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 512 Drive: 2, DevicePointer: 0xffffe000ba9fe060, DeviceName: \Device\Harddisk2\DR8\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe000b8d9e880, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe000ba9fe060, DeviceName: \Device\Harddisk2\DR8\, DriverName: \Driver\disk\ DevicePointer: 0xffffe000bae471f0, DeviceName: \Device\00000133\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk2\DR8\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1FF51C96 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1953519616 Partition is not bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BASICRENDER.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\COMPOSITEBUS.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\SPACEPORT.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1) File "C:\Windows\System32\BthHFSrv.dll" is compressed (flags = 1) ======================================= File "C:\Windows\System32\fsquirt.exe" is compressed (flags = 1) File "C:\Windows\System32\CIRCoInst.dll" is compressed (flags = 1) File "C:\Windows\System32\iscsilog.dll" is compressed (flags = 1) File "C:\Windows\System32\streamci.dll" is compressed (flags = 1) File "C:\Windows\System32\SysFxUI.dll" is compressed (flags = 1) File "C:\Windows\System32\WMALFXGFXDSP.dll" is compressed (flags = 1) File "C:\Windows\System32\WpdMtp.dll" is compressed (flags = 1) File "C:\Windows\System32\WpdMtpUS.dll" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam... Removal finished |
18.10.2015, 06:54 | #6 |
/// the machine /// TB-Ausbilder | word und explorer reagieren nicht mehr bei eingabe Bitte Windows Repair laufen lassen: Windows reparieren - so geht's - Anleitungen
__________________ --> word und explorer reagieren nicht mehr bei eingabe |
09.12.2015, 14:39 | #7 |
| word und explorer reagieren nicht mehr bei eingabe hallo so jetzt habe ich mal das ganze beobachtet es geht tatsächlich besser nur wenn der pc,in ruhe zustand schält und ich will das passwort wieder eingeben muss ich erst auf einloggen klicke dann wieder zurück und das passwort eingeben dann gehts gruß kai |
10.12.2015, 12:13 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | word und explorer reagieren nicht mehr bei eingabe Hi Ich übernehme für schrauber Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
11.12.2015, 17:29 | #9 |
| word und explorer reagieren nicht mehr bei eingabe FRST Logs was ist das |
11.12.2015, 23:42 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | word und explorer reagieren nicht mehr bei eingabe Du willst mich jetzt aber nicht verarschen oder FRST wurde dir bereits von schrauber vor knapp zwei Monaten aufgegeben
__________________ Logfiles bitte immer in CODE-Tags posten |
12.12.2015, 11:18 | #11 |
| word und explorer reagieren nicht mehr bei eingabe f deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit das meinst du Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015 durchgeführt von mel (Administrator) auf MAX (12-12-2015 11:12:16) Gestartet von C:\Users\mel\Desktop Geladene Profile: mel (Verfügbare Profile: UpdatusUser & mel) Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\MountPoints2: {8bec7754-5d3a-11e4-8320-0c8bfda662b9} - "F:\AutoRun.exe" BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-30] (Lavasoft Limited) Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-30] (Lavasoft Limited) Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-30] (Lavasoft Limited) Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-30] (Lavasoft Limited) Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-30] (Lavasoft Limited) Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-30] (Lavasoft Limited) Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-30] (Lavasoft Limited) Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-30] (Lavasoft Limited) Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-30] (Lavasoft Limited) Winsock: Catalog9-x64 16 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-30] (Lavasoft Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{0d0e76c8-2e8a-44b8-82c7-6b4e6d257ecf}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{2d7d7085-9498-4093-ac34-2dbfd52ed2f0}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{504e0c1a-a790-427e-b99e-99bec4d7cc87}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{c581e33f-e410-4f83-a9d0-0481b4df653d}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-584950875-1343600559-1796236776-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-584950875-1343600559-1796236776-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-21-584950875-1343600559-1796236776-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D113015-A6B219395BABB4E59ADF&form=CONBDF&conlogo=CT3332005&q={searchTerms} SearchScopes: HKU\S-1-5-21-584950875-1343600559-1796236776-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D113015-A6B219395BABB4E59ADF&form=CONBDF&conlogo=CT3332005&q={searchTerms} BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab) BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab) Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab) Toolbar: HKU\S-1-5-21-584950875-1343600559-1796236776-1002 -> Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab) FireFox: ======== FF ProfilePath: C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\jmma439x.default-1445013746277 FF DefaultSearchEngine: DuckDuckGo FF Homepage: hxxps://communicator.strato.de/ox6/ox.html# hxxps://login.yahoo.com/?.src=ym&.intl=de&.lang=de-DE&.done=https%3a//mail.yahoo.com about:newtab FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF user.js: detected! => C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\jmma439x.default-1445013746277\user.js [2015-12-10] FF Extension: BetterPrivacy - C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\jmma439x.default-1445013746277\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-11-29] FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-12-02] FF Extension: Adblock Plus - C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\jmma439x.default-1445013746277\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox FF HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\ofeodm54.default\extensions\cliqz@cliqz.com => nicht gefunden Chrome: ======= CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-09-28] (Kaspersky Lab ZAO) S4 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink) S4 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [363432 2015-10-06] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-11-30] (Lavasoft Limited) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-28] (NVIDIA Corporation) R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-11-30] () S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247968 2015-08-21] (Synaptics Incorporated) S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-06-16] (TuneUp Software) S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-08] (AO Kaspersky Lab) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO) S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [123640 2015-08-30] (Intel Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-10-20] (AO Kaspersky Lab) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-10-20] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-02] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-09-28] (AO Kaspersky Lab) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-10-20] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO) R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49776 2014-07-25] (Visicom Media Inc.) R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation) R3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider) S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [33448 2014-12-30] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.) S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31912 2014-12-30] (Razer Inc) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44192 2015-08-21] (Synaptics Incorporated) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-05-27] (TuneUp Software) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-12 11:12 - 2015-12-12 11:13 - 00017136 _____ C:\Users\mel\Desktop\FRST.txt 2015-12-12 11:11 - 2015-12-12 11:12 - 02369024 _____ (Farbar) C:\Users\mel\Desktop\FRST64.exe 2015-12-12 11:05 - 2015-12-12 11:05 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-12-12 11:04 - 2015-12-12 11:04 - 00343472 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-11 11:50 - 2015-12-11 11:50 - 00863631 _____ C:\Users\mel\Desktop\n.mp4 2015-12-11 11:48 - 2015-12-11 11:48 - 00066621 _____ C:\Users\mel\Desktop\Mein Film.mp4 2015-12-11 11:45 - 2015-12-11 11:52 - 00002687 _____ C:\Users\mel\Desktop\Mein Film.wlmp 2015-12-11 11:06 - 2015-12-08 10:53 - 19987776 _____ C:\Users\mel\Desktop\MVI_9740.AVI 2015-12-11 11:05 - 2015-12-11 11:07 - 00000000 ____D C:\Users\mel\Desktop\bilder 2015-12-10 09:33 - 2015-12-10 10:11 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2015-12-10 09:33 - 2015-12-10 09:35 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-12-10 09:33 - 2015-12-10 09:33 - 00001482 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-12-10 09:33 - 2015-12-10 09:33 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking 2015-12-10 09:33 - 2015-12-10 09:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-12-10 09:33 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe 2015-12-09 22:02 - 2015-12-09 22:02 - 09498816 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2015-12-06 11:58 - 2015-12-06 12:00 - 00282106 _____ C:\TDSSKiller.3.1.0.7_06.12.2015_11.58.18_log.txt 2015-12-06 11:58 - 2015-12-06 11:58 - 00000434 _____ C:\TDSSKiller.3.1.0.5_06.12.2015_11.58.08_log.txt 2015-12-06 09:35 - 2015-12-06 09:35 - 00001120 _____ C:\Users\mel\Desktop\kai - Verknüpfung.lnk 2015-12-03 09:27 - 2015-12-03 09:27 - 00008436 _____ C:\Users\mel\Documents\cc_20151203_092729.reg 2015-12-03 08:25 - 2015-08-21 20:18 - 00044192 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys 2015-12-03 08:19 - 2015-12-03 08:19 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2015-12-02 13:01 - 2015-12-02 13:01 - 00934272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys 2015-12-02 07:15 - 2015-12-02 07:15 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2015-12-01 19:56 - 2015-12-01 19:56 - 00033608 _____ C:\Users\mel\Documents\cc_20151201_195650.reg 2015-11-30 22:23 - 2015-11-30 22:23 - 00001583 _____ C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO2015).lnk 2015-11-30 22:23 - 2015-11-30 22:23 - 00001347 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 2015.lnk 2015-11-30 22:15 - 2015-11-30 22:17 - 00008144 _____ C:\TDSSKiller.3.1.0.7_30.11.2015_22.15.11_log.txt 2015-11-30 22:14 - 2015-11-30 22:14 - 00000434 _____ C:\TDSSKiller.3.1.0.5_30.11.2015_22.14.04_log.txt 2015-11-30 20:33 - 2015-12-10 10:11 - 00000000 ____D C:\Users\mel\AppData\Roaming\Uniblue 2015-11-30 20:33 - 2015-11-30 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue 2015-11-30 20:33 - 2015-11-30 20:33 - 00000000 ____D C:\Program Files (x86)\Uniblue 2015-11-30 19:08 - 2015-12-01 21:33 - 00000000 ____D C:\ProgramData\Avg 2015-11-30 19:08 - 2015-11-30 22:11 - 00000000 ____D C:\Users\mel\AppData\Local\AvgSetupLog 2015-11-30 19:08 - 2015-11-30 19:08 - 00000000 ____D C:\Users\mel\AppData\Local\Avg 2015-11-30 19:05 - 2015-11-30 19:05 - 00000000 ____D C:\Users\mel\AppData\Local\NetworkTiles 2015-11-30 18:55 - 2015-12-03 08:31 - 00002162 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2015-11-30 18:55 - 2015-11-30 18:55 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-11-30 18:55 - 2015-11-30 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-11-30 18:55 - 2015-11-30 18:55 - 00000000 ____D C:\Program Files\CCleaner 2015-11-30 18:54 - 2015-11-30 18:54 - 00000000 ____D C:\Users\mel\AppData\Roaming\Lavasoft 2015-11-30 18:54 - 2015-11-30 18:54 - 00000000 ____D C:\Users\mel\AppData\Local\Lavasoft 2015-11-30 18:54 - 2015-11-30 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-11-30 18:54 - 2015-11-30 18:54 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2015-11-30 18:53 - 2015-11-30 18:58 - 00002812 _____ C:\WINDOWS\System32\Tasks\Browsing Secure Updater 2015-11-30 18:53 - 2015-11-30 18:53 - 00000000 ____D C:\ProgramData\Lavasoft 2015-11-30 18:53 - 2015-11-30 18:53 - 00000000 ____D C:\Program Files (x86)\Browsing Secure 2015-11-30 18:44 - 2015-11-30 18:44 - 00000000 ____D C:\Users\mel\AppData\Local\MicrosoftEdge 2015-11-30 18:23 - 2015-11-30 18:23 - 00002385 _____ C:\Users\mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-11-30 18:23 - 2015-11-30 18:23 - 00000000 ___RD C:\Users\mel\OneDrive 2015-11-30 18:23 - 2015-11-30 18:23 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2015-11-30 18:21 - 2015-11-30 18:21 - 00000000 ____D C:\Users\mel\AppData\Local\ActiveSync 2015-11-30 18:20 - 2015-11-30 18:20 - 00000000 ____D C:\Users\mel\AppData\Local\Publishers 2015-11-30 18:19 - 2015-11-30 18:19 - 00000000 ____D C:\Users\mel\AppData\Local\Comms 2015-11-30 18:19 - 2015-11-30 18:19 - 00000000 ____D C:\ProgramData\USOShared 2015-11-30 18:18 - 2015-11-30 18:18 - 00000020 ___SH C:\Users\mel\ntuser.ini 2015-11-30 18:18 - 2015-11-30 18:18 - 00000000 ____D C:\Users\mel\AppData\Local\TileDataLayer 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Videos 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Vorlagen 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Startmenü 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Eigene Dateien 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Druckumgebung 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Programme 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\ProgramData\Vorlagen 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\ProgramData\Startmenü 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\ProgramData\Dokumente 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Dokumente und Einstellungen 2015-11-30 14:41 - 2015-11-30 14:41 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat 2015-11-30 14:40 - 2015-12-12 11:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-11-30 14:30 - 2015-12-12 11:09 - 01802588 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-11-30 14:21 - 2015-11-30 14:21 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-11-30 14:15 - 2015-11-30 14:15 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2015-11-30 14:12 - 2015-12-09 22:21 - 00000000 ____D C:\Users\mel 2015-11-30 14:12 - 2015-11-30 14:31 - 00000000 ____D C:\Users\UpdatusUser 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Videos 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Vorlagen 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Startmenü 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Netzwerkumgebung 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Lokale Einstellungen 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Eigene Dateien 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Druckumgebung 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Documents\Eigene Videos 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Documents\Eigene Musik 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Documents\Eigene Bilder 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\AppData\Local\Verlauf 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\AppData\Local\Anwendungsdaten 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Anwendungsdaten 2015-11-30 14:09 - 2015-11-30 14:09 - 00000000 ____H C:\ProgramData\DP45977C.lfl 2015-11-30 14:09 - 2015-11-30 14:09 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2015-11-30 14:09 - 2015-11-30 14:09 - 00000000 ____D C:\Program Files\Realtek 2015-11-30 14:08 - 2015-11-30 14:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2015-11-30 14:07 - 2015-11-30 14:07 - 00000000 ___HD C:\ProgramData\CanonBJ 2015-11-30 14:06 - 2015-11-30 14:06 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2015-11-30 14:06 - 2015-10-30 08:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2015-11-30 14:03 - 2015-11-30 18:56 - 00000000 ___DC C:\WINDOWS\Panther 2015-11-30 13:59 - 2015-12-01 17:52 - 00000000 ____D C:\Windows.old 2015-11-30 13:58 - 2015-11-30 13:58 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2015-11-30 13:56 - 2015-11-30 13:56 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2015-11-30 13:56 - 2015-11-30 13:56 - 00000000 ____D C:\Program Files\Reference Assemblies 2015-11-30 13:56 - 2015-11-30 13:56 - 00000000 ____D C:\Program Files\MSBuild 2015-11-30 13:56 - 2015-11-30 13:56 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2015-11-30 13:56 - 2015-11-30 13:56 - 00000000 ____D C:\Program Files (x86)\MSBuild 2015-11-30 13:55 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-11-30 13:55 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-11-30 13:55 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-11-30 13:55 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-11-30 13:55 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-11-30 13:55 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-11-30 12:44 - 2015-11-30 14:44 - 00013338 _____ C:\WINDOWS\diagwrn.xml 2015-11-30 12:44 - 2015-11-30 14:44 - 00013338 _____ C:\WINDOWS\diagerr.xml 2015-11-27 11:44 - 2015-11-27 11:44 - 00222377 _____ C:\Users\mel\Documents\farbkarte_2009.pdf 2015-11-26 17:01 - 2015-11-26 17:01 - 00187713 _____ C:\Users\mel\Documents\207454_Wulf.pdf 2015-11-22 12:34 - 2015-11-22 12:34 - 00006741 _____ C:\Users\mel\Documents\höger abmeldung.pdf 2015-11-20 13:55 - 2015-11-20 13:55 - 04241007 _____ C:\Users\mel\Documents\sunparadise VG_17-1.pdf 2015-11-20 13:21 - 2015-11-30 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2015-11-20 13:21 - 2015-11-20 13:21 - 00000000 ____D C:\Program Files\DIFX 2015-11-20 13:20 - 2015-11-20 13:21 - 00000000 ____D C:\Users\mel\AppData\Roaming\Garmin 2015-11-20 13:20 - 2015-11-20 13:21 - 00000000 ____D C:\Program Files (x86)\Garmin 2015-11-18 22:41 - 2015-11-18 22:41 - 00225429 _____ C:\Users\mel\Documents\Verlegeprofile-fuer-VSG-Glas-80-mm.pdf 2015-11-18 22:40 - 2015-11-18 22:40 - 00241377 _____ C:\Users\mel\Documents\Wintergartenprofile_isolierglas_80mm.pdf ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-12 11:12 - 2015-10-15 20:08 - 00000000 ____D C:\FRST 2015-12-12 11:09 - 2015-10-30 19:35 - 00777804 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-12 11:09 - 2015-10-30 19:35 - 00156080 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-12 11:09 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2015-12-12 11:06 - 2015-10-30 07:28 - 00000000 ____D C:\Windows 2015-12-12 11:05 - 2014-08-17 08:10 - 00000000 __SHD C:\Users\mel\IntelGraphicsProfiles 2015-12-12 11:05 - 2013-11-15 16:20 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-12-12 11:03 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-12-12 11:02 - 2014-07-12 19:41 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-12 08:56 - 2014-07-09 12:32 - 00004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E0E2EEF3-06A2-4B4A-AD68-D8AA0370F1BD} 2015-12-11 16:41 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-11 11:58 - 2014-11-24 20:25 - 00000000 ____D C:\Users\mel\Documents\FinePrint-Dateien 2015-12-11 11:40 - 2014-08-07 22:15 - 00014336 _____ C:\Users\mel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-12-10 21:07 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-10 14:14 - 2014-07-09 12:22 - 00000000 ____D C:\Users\mel\AppData\Local\Packages 2015-12-10 11:21 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-10 09:49 - 2015-10-20 11:39 - 00000000 ____D C:\Users\mel\Desktop\viren 2015-12-09 22:02 - 2014-07-12 19:41 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-12-08 09:27 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-12-07 18:42 - 2015-09-26 23:26 - 00000000 ____D C:\Users\mel\Desktop\alles 2015-12-06 12:31 - 2015-10-17 18:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-12-06 11:59 - 2015-10-17 18:32 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-06 11:58 - 2015-10-17 18:31 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-12-06 09:36 - 2015-04-17 10:13 - 00000000 ___RD C:\Users\mel\kai 2015-12-02 17:50 - 2015-05-26 18:17 - 00000000 ____D C:\ProgramData\CanonIJPLM 2015-12-02 14:06 - 2014-10-27 08:08 - 01490944 _____ C:\WINDOWS\system32\wdfcoinstaller01007.dll 2015-11-30 22:47 - 2013-11-13 15:56 - 00000000 ____D C:\Program Files (x86)\Ashampoo 2015-11-30 22:46 - 2015-01-04 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2015-11-30 22:23 - 2013-11-13 15:58 - 00000000 ____D C:\ProgramData\ashampoo 2015-11-30 20:49 - 2015-10-15 07:41 - 00002904 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini 2015-11-30 20:49 - 2015-10-15 07:41 - 00002904 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini 2015-11-30 19:21 - 2014-07-09 12:26 - 00000000 __RDO C:\Users\mel\SkyDrive 2015-11-30 19:08 - 2014-07-18 11:41 - 00000974 _____ C:\Users\mel\Desktop\RegCleaner.lnk 2015-11-30 18:54 - 2015-10-15 07:40 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll 2015-11-30 18:54 - 2015-10-15 07:40 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll 2015-11-30 18:37 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow 2015-11-30 18:19 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2015-11-30 18:19 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PrintDialog 2015-11-30 18:19 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\MiracastView 2015-11-30 18:19 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2015-11-30 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\USOPrivate 2015-11-30 18:18 - 2014-07-09 14:17 - 00000000 __RHD C:\Users\Public\AccountPictures 2015-11-30 14:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache 2015-11-30 14:45 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2015-11-30 14:45 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows NT 2015-11-30 14:44 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2015-11-30 14:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Registration 2015-11-30 14:41 - 2015-01-20 18:33 - 00002076 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe 2015-11-30 14:41 - 2014-10-07 19:37 - 00001846 _____ C:\WINDOWS\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 2015-11-30 14:41 - 2014-07-09 14:12 - 00002318 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-584950875-1343600559-1796236776-500 2015-11-30 14:41 - 2014-07-09 12:29 - 00002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-584950875-1343600559-1796236776-1002 2015-11-30 14:32 - 2015-10-30 08:24 - 00000000 __RSD C:\WINDOWS\Media 2015-11-30 14:32 - 2015-10-30 08:24 - 00000000 __RHD C:\Users\Public\Libraries 2015-11-30 14:30 - 2013-11-15 16:34 - 01829522 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2015-11-30 14:24 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-11-30 14:24 - 2015-09-28 08:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2015-11-30 14:24 - 2015-09-27 09:13 - 00000000 ____D C:\Users\mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UNAV 2015-11-30 14:24 - 2015-09-10 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\svnet 2015-11-30 14:24 - 2015-05-26 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG7100 series Manual 2015-11-30 14:24 - 2015-05-26 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG7100 series Benutzerregistrierung 2015-11-30 14:24 - 2015-04-28 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-11-30 14:24 - 2015-03-04 09:22 - 00000000 ____D C:\WINDOWS\de 2015-11-30 14:24 - 2015-01-20 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus 2015-11-30 14:24 - 2015-01-05 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter 2015-11-30 14:24 - 2015-01-04 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain 2015-11-30 14:24 - 2014-12-04 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam 2015-11-30 14:24 - 2014-11-14 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2015-11-30 14:24 - 2014-11-09 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-11-30 14:24 - 2014-08-20 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-11-30 14:24 - 2014-08-10 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in 2015-11-30 14:24 - 2014-07-23 18:18 - 00000000 ____D C:\Users\mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2015-11-30 14:24 - 2014-07-18 11:46 - 00000000 ____D C:\Users\mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FinePrint 2015-11-30 14:24 - 2014-07-16 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-11-30 14:24 - 2014-07-09 12:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-11-30 14:24 - 2013-11-26 14:54 - 00000000 ____D C:\Program Files\Dolby Digital Plus 2015-11-30 14:24 - 2013-11-26 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-11-30 14:24 - 2013-11-15 16:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-11-30 14:24 - 2013-11-13 16:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema 2015-11-30 14:24 - 2013-09-20 11:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\tr 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\sv 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\sl 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\pl 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\nl 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\it 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\hu 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\fr 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\fi 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\es 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\el 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\da 2015-11-30 14:24 - 2013-08-22 21:57 - 00000000 ____D C:\WINDOWS\en-GB 2015-11-30 14:21 - 2013-08-22 14:36 - 00000000 ____D C:\Users\Default.migrated 2015-11-30 14:18 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe 2015-11-30 14:18 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\spool 2015-11-30 14:18 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-11-30 14:18 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod 2015-11-30 14:18 - 2014-07-20 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\%Report% 2015-11-30 14:18 - 2013-11-15 17:10 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles 2015-11-30 14:18 - 2013-11-15 17:02 - 00000000 ____D C:\WINDOWS\SysWOW64\sda 2015-11-30 14:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared 2015-11-30 14:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared 2015-11-30 14:16 - 2015-10-30 19:44 - 00000000 ____D C:\WINDOWS\ShellNew 2015-11-30 14:16 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2015-11-30 14:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2015-11-30 14:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\InputMethod 2015-11-30 14:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\IME 2015-11-30 14:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Help 2015-11-30 14:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer 2015-11-30 14:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS 2015-11-30 14:15 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-11-30 14:15 - 2015-05-26 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2015-11-30 14:15 - 2015-03-30 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer 2015-11-30 14:15 - 2013-11-26 14:45 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2015-11-30 14:15 - 2013-11-15 16:34 - 00000000 ____D C:\Program Files\Intel 2015-11-30 14:15 - 2013-11-15 16:24 - 00000000 ____D C:\Program Files (x86)\Intel 2015-11-30 14:11 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2015-11-30 14:04 - 2015-10-30 19:55 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2015-11-30 14:03 - 2015-10-30 08:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2015-11-30 13:56 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI 2015-11-30 13:56 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\MUI 2015-11-30 12:44 - 2015-10-30 20:27 - 00000000 ___HD C:\$WINDOWS.~BT 2015-11-30 08:51 - 2014-07-11 18:09 - 09196032 ___SH C:\Users\mel\Desktop\Thumbs.db 2015-11-27 11:25 - 2015-10-18 18:11 - 00001847 _____ C:\Users\mel\Desktop\wulf -Externe-festplatte - Verknüpfung.lnk 2015-11-15 10:31 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData 2015-11-14 08:37 - 2014-07-16 17:38 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-11-14 08:32 - 2013-11-15 16:01 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-08-07 22:15 - 2015-12-11 11:40 - 0014336 _____ () C:\Users\mel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-18 11:28 - 2014-09-30 18:40 - 0004096 _____ () C:\Users\mel\AppData\Local\keyfile3.drm 2015-11-30 14:09 - 2015-11-30 14:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-11-13 16:08 - 2013-11-13 16:09 - 0000104 _____ () C:\ProgramData\{01FB4998-33C4-4431-85ED-079E3EEFE75D}.log 2013-11-13 16:09 - 2013-11-13 16:10 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-11-13 16:04 - 2013-11-13 16:06 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-11-13 16:02 - 2013-11-13 16:02 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-11-13 16:07 - 2013-11-13 16:08 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log 2013-11-13 16:02 - 2013-11-13 16:04 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log 2013-11-13 16:06 - 2013-11-13 16:06 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-10 19:15 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-12-2015 durchgeführt von mel (2015-12-12 11:13:56) Gestartet von C:\Users\mel\Desktop Windows 10 Home (X64) (2015-11-30 17:17:38) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-584950875-1343600559-1796236776-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-584950875-1343600559-1796236776-503 - Limited - Disabled) Gast (S-1-5-21-584950875-1343600559-1796236776-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-584950875-1343600559-1796236776-1004 - Limited - Enabled) mel (S-1-5-21-584950875-1343600559-1796236776-1002 - Administrator - Enabled) => C:\Users\mel UpdatusUser (S-1-5-21-584950875-1343600559-1796236776-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B} AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG) Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG) Ashampoo WinOptimizer 2015 (HKLM-x32\...\{4209F371-3276-A8F7-B851-845A83732AB4}_is1) (Version: 11.00.60 - Ashampoo GmbH & Co. KG) Browsing Secure (HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\BrowsingSecure) (Version: - BrowsingSecure) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.) Canon MG7100 series Benutzerregistrierung (HKLM-x32\...\Canon MG7100 series Benutzerregistrierung) (Version: - *Canon Inc.) Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: - Canon Inc.) Canon MG7100 series On-screen Manual (HKLM-x32\...\Canon MG7100 series On-screen Manual) (Version: 7.6.1 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform) Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Content Manager (HKLM-x32\...\Content Manager) (Version: 3.18.4.510611 - NNG Llc.) CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.) CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc) FinePrint (HKLM\...\FinePrint) (Version: 8.11 - FinePrint Software, LLC) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Fotoğraf Galerisi (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Free M4a to MP3 Converter 8.3 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free YouTube to MP3 Converter version 3.12.49.1022 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.49.1022 - DVDVideoSoft Ltd.) Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) GeForce Experience NvStream Client Components (Version: 0.1.87 - NVIDIA Corporation) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden ManyCam 4.0.110 (HKLM-x32\...\ManyCam) (Version: 4.0.110 - Visicom Media Inc.) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) MobileWiFi (HKLM-x32\...\MobileWiFi) (Version: TOOL-ConnLaucher_WIN1.12.08.00 - Huawei Technologies Co.,Ltd) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.) NVIDIA GeForce Experience 1.6.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6.1 - NVIDIA Corporation) NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA Virtual Audio 1.2.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.5 - NVIDIA Corporation) paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24735 - Razer Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek) SHIELD Streaming (Version: 1.05.28 - NVIDIA Corporation) Hidden Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) sv.net (HKLM-x32\...\sv.net) (Version: 15.1 - ITSG GmbH) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated) TuneUp Utilities 2014 (x32 Version: 14.0.1000.324 - TuneUp Software) Hidden Valokuvavalikoima (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Web Companion (HKLM-x32\...\{21869846-65a9-4ae4-ae5c-fa1e2a47c5ba}) (Version: 2.1.1199.2443 - Lavasoft) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Wiederherstellungspunkte ========================= 30-11-2015 20:33:29 Uniblue PC Mechanic installation 07-12-2015 14:45:30 Windows Modules Installer ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2015-11-02 00:29 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0203F563-4605-48CE-AFA0-C8C0D073E83A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {04BAC4EB-EDC5-4784-A783-2953F5146DC8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated) Task: {0AEFA5BC-047B-4085-B9B4-3229CE88D885} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {1260C276-6B34-494C-B028-CBDBF3BB4579} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {1D574F6F-52FE-4991-BAF4-DDD02814F5CC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {2605EDBC-C9A2-4514-930E-4D2959987E8B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {2FD74334-CC8E-45D6-9B4C-F3104FC42794} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {473391CD-C37F-47AA-AA72-C293432ADC3E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {4A6F92D1-AB38-4D1F-A2E8-B397C3CDE5B7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {64BF7EC6-CC6F-4494-B3E8-23A512572B3F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) Task: {6C51E56C-0019-4373-883C-2797A29B204F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {71A3F48A-ECE5-461C-A274-005704136F63} - System32\Tasks\Browsing Secure Updater => C:\WINDOWS\system32\wscript.exe [2015-10-30] (Microsoft Corporation) Task: {75C9E233-80C7-4E14-85DC-B445EAEF43C0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {85568642-77FF-40D9-9688-37AE788BFA52} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {8D2F46E8-BD37-4EC3-B19D-D1BC7F718F6C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {9883592A-F260-46CB-93C2-350F69843A9A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {C5B2A2F1-8535-4DF9-BD99-0B58063B8511} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-06-16] (TuneUp Software) Task: {D7AF3D8F-B924-4E5A-ADE5-F6B2CE7910AD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd) Task: {F0CDC72C-09A3-4501-ACE8-5264C0BD3C5F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com <==== ACHTUNG ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-11-05 11:52 - 2006-02-23 11:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll 2015-11-05 11:52 - 2006-02-22 10:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll 2013-10-28 03:02 - 2013-10-28 03:02 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2015-02-05 00:24 - 2015-02-05 00:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2015-11-30 18:54 - 2015-11-30 18:54 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe 2015-11-30 18:54 - 2015-11-30 18:54 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll 2015-11-30 18:54 - 2015-11-30 18:54 - 00023824 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll 2015-10-30 08:17 - 2015-10-30 08:17 - 02652784 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-10-30 08:17 - 2015-10-30 08:17 - 02652784 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-10-30 08:17 - 2015-10-30 08:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2015-10-30 08:17 - 2015-10-30 08:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-10-30 08:18 - 2015-10-30 19:44 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-10-30 08:18 - 2015-10-30 19:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-10-30 08:18 - 2015-10-30 19:44 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-10-30 08:18 - 2015-10-30 19:44 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-08 22:18 - 2015-07-08 22:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll 2015-12-10 09:33 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2015-12-10 09:33 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2015-12-10 09:33 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2015-12-10 09:33 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2015-12-10 09:33 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2013-11-15 16:39 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\webcompanion.com -> hxxp://webcompanion.com ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-584950875-1343600559-1796236776-1002\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run: => "BTMTrayAgent" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RtHDVCpl" HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby" HKLM\...\StartupApproved\Run: => "CanonMyPrinter" HKLM\...\StartupApproved\Run: => "CanonSolutionMenu" HKLM\...\StartupApproved\Run: => "IntelliPoint" HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8" HKLM\...\StartupApproved\Run32: => "CLVirtualDrive" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "YouCam Service" HKLM\...\StartupApproved\Run32: => "BTMTrayAgent" HKLM\...\StartupApproved\Run32: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "Nvtmru" HKLM\...\StartupApproved\Run32: => "SynTPEnh" HKLM\...\StartupApproved\Run32: => "CanonSolutionMenu" HKLM\...\StartupApproved\Run32: => "SDTray" HKLM\...\StartupApproved\Run32: => "Razer Synapse" HKLM\...\StartupApproved\Run32: => "CanonQuickMenu" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "AppLauncher" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "Mobile Partner" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "!DefaultSetup" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "BingSvc" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "Web Companion" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "OneDrive" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{622D834C-1142-48F8-A529-F21031CEFA35}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B84FB0BC-7BFC-436C-8A4F-B46FA6E8C216}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{2473D294-E314-4539-B98E-BE5D7954EDA6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{1924D0C4-B7FE-4BBD-B224-ED70D683CBF1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{DDAFEAA6-701A-4EF4-85AC-03714C95D7AB}] => (Allow) LPort=1900 FirewallRules: [{E3E15ABE-7E25-46C3-B74C-A8ECEFE11768}] => (Allow) LPort=2869 FirewallRules: [{25A0087E-A324-4CD1-B43C-A00645ACB95D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{7E049A2E-B2DF-4709-AD14-6F2ED864A133}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A9BFB1E9-D569-44EA-AF31-55A7547AA540}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AD3D86C8-9D08-4282-B600-06D66D58F91E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{BD8567CD-18AF-4F3B-9890-47FAD209DC7A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{7C57A8A5-6887-4930-B692-5BDA66AD2CE3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe FirewallRules: [{8C8323B7-A320-497D-AA70-C0FD492FAAC6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe FirewallRules: [{77936D80-6A89-494F-A543-3C0D774614C7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{6AE7B4B4-D8EC-4095-9EDE-1D0407493CB4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: 3D-Videocontroller Description: 3D-Videocontroller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Intel(R) Wireless Bluetooth(R) Description: Intel(R) Wireless Bluetooth(R) Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Intel Corporation Service: BTHUSB Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/12/2015 08:54:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAX) Description: Bei der Aktivierung der App „Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen“ ist folgender Fehler aufgetreten: -2144980991. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Systemfehler: ============= Error: (12/12/2015 11:08:27 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (12/12/2015 11:03:01 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (12/12/2015 11:02:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenzugriff_50c58" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/12/2015 11:02:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenspeicher _50c58" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/12/2015 11:02:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Kontaktdaten_50c58" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/12/2015 11:02:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Synchronisierungshost_50c58" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/12/2015 09:18:27 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/12/2015 08:55:27 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (12/12/2015 12:53:41 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/11/2015 10:42:19 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} CodeIntegrity: =================================== Date: 2015-12-08 07:17:36.441 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-30 14:41:55.725 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-30 14:32:00.067 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-30 14:08:00.902 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz Prozentuale Nutzung des RAM: 25% Installierter physikalischer RAM: 8100.68 MB Verfügbarer physikalischer RAM: 6013.72 MB Summe virtueller Speicher: 9380.68 MB Verfügbarer virtueller Speicher: 7234.93 MB ==================== Laufwerke ================================ Drive c: (Boot) (Fixed) (Total:869.36 GB) (Free:588.12 GB) NTFS Drive d: (Recover) (Fixed) (Total:60 GB) (Free:42.19 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: F2E9FFFD) Partition: GPT. ==================== Ende von Addition.txt ============================ |
13.12.2015, 02:02 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | word und explorer reagieren nicht mehr bei eingabe Adware/Junkware/Toolbars entfernen 1. Schritt: Malwarebytes Downloade Dir bitte Malwarebytes Anti-Malware
(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 2. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
3. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
4. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
14.12.2015, 22:13 | #13 |
| word und explorer reagieren nicht mehr bei eingabeCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 14.12.2015 Suchlaufzeit: 10:25 Protokolldatei: MEDION.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.14.02 Rootkit-Datenbank: v2015.12.07.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: mel Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 391397 Abgelaufene Zeit: 21 Min., 50 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.1 (11.24.2015) Operating System: Windows 10 Home x64 Ran by mel (Administrator) on 14.12.2015 at 16:58:41,57 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 5 Failed to delete: C:\Program Files (x86)\lavasoft\web companion (Folder) Successfully deleted: C:\ProgramData\lavasoft\web companion (Folder) Successfully deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tuneup utilities 2014.lnk (Shortcut) Successfully deleted: C:\Users\mel\AppData\Roaming\lavasoft\web companion (Folder) Successfully deleted: C:\WINDOWS\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 14.12.2015 at 17:00:50,67 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:13-12-2015 durchgeführt von mel (Administrator) auf MAX (14-12-2015 17:04:23) Gestartet von C:\Users\mel\Desktop Geladene Profile: mel (Verfügbare Profile: UpdatusUser & mel) Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795912 2015-07-23] (NVIDIA Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [StereoLinksInstall] => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe [1064592 2015-07-23] (NVIDIA Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\MountPoints2: {30bc08ef-678c-11e5-841d-2025641469ab} - "F:\AutoRun.exe" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\MountPoints2: {8bec7754-5d3a-11e4-8320-0c8bfda662b9} - "F:\AutoRun.exe" BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{0d0e76c8-2e8a-44b8-82c7-6b4e6d257ecf}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{2d7d7085-9498-4093-ac34-2dbfd52ed2f0}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{504e0c1a-a790-427e-b99e-99bec4d7cc87}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{c581e33f-e410-4f83-a9d0-0481b4df653d}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{fdfbb685-c9d4-4e82-af11-e0804c033362}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-584950875-1343600559-1796236776-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-584950875-1343600559-1796236776-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-21-584950875-1343600559-1796236776-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab) BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab) Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab) Toolbar: HKU\S-1-5-21-584950875-1343600559-1796236776-1002 -> Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab) FireFox: ======== FF ProfilePath: C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\jmma439x.default-1445013746277 FF DefaultSearchEngine: DuckDuckGo FF Homepage: hxxps://communicator.strato.de/ox6/ox.html# hxxps://login.yahoo.com/?.src=ym&.intl=de&.lang=de-DE&.done=https%3a//mail.yahoo.com about:newtab FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation) FF Extension: BetterPrivacy - C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\jmma439x.default-1445013746277\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-11-29] FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-12-02] FF Extension: Adblock Plus - C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\jmma439x.default-1445013746277\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox FF HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\ofeodm54.default\extensions\cliqz@cliqz.com => nicht gefunden Chrome: ======= CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-09-28] (Kaspersky Lab ZAO) S4 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink) S4 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [363432 2015-10-06] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-11-30] (Lavasoft Limited) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-28] (NVIDIA Corporation) R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247968 2015-08-21] (Synaptics Incorporated) S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-06-16] (TuneUp Software) S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-08] (AO Kaspersky Lab) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO) S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [123640 2015-08-30] (Intel Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-10-20] (AO Kaspersky Lab) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-10-20] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-02] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-09-28] (AO Kaspersky Lab) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-10-20] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO) R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49776 2014-07-25] (Visicom Media Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation) R3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider) R3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [33448 2014-12-30] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.) R3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31912 2014-12-30] (Razer Inc) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44192 2015-08-21] (Synaptics Incorporated) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-05-27] (TuneUp Software) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-14 17:04 - 2015-12-14 17:05 - 00016512 _____ C:\Users\mel\Desktop\FRST.txt 2015-12-14 17:01 - 2015-12-14 17:03 - 02369536 _____ (Farbar) C:\Users\mel\Desktop\FRST64.exe 2015-12-14 17:00 - 2015-12-14 17:00 - 00000988 _____ C:\Users\mel\Desktop\JRT.txt 2015-12-14 12:52 - 2015-07-23 02:10 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2015-12-14 12:52 - 2015-07-23 01:44 - 00572048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2015-12-14 11:33 - 2015-12-14 11:33 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-12-14 11:32 - 2015-12-14 11:33 - 00343472 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-14 11:19 - 2015-12-14 11:19 - 01740288 _____ C:\Users\mel\Desktop\AdwCleaner_5.025.exe 2015-12-13 19:03 - 2015-12-13 19:12 - 01599336 _____ (Malwarebytes) C:\Users\mel\Desktop\JRT.exe 2015-12-13 11:46 - 2015-12-13 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-13 11:46 - 2015-12-13 11:46 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-13 11:46 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-12-13 11:46 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-12-13 11:46 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-12-13 11:44 - 2015-12-13 11:45 - 22908888 _____ (Malwarebytes ) C:\Users\mel\Desktop\mbam-setup-2.2.0.1024.exe 2015-12-11 11:50 - 2015-12-11 11:50 - 00863631 _____ C:\Users\mel\Desktop\n.mp4 2015-12-11 11:48 - 2015-12-11 11:48 - 00066621 _____ C:\Users\mel\Desktop\Mein Film.mp4 2015-12-11 11:45 - 2015-12-11 11:52 - 00002687 _____ C:\Users\mel\Desktop\Mein Film.wlmp 2015-12-11 11:06 - 2015-12-08 10:53 - 19987776 _____ C:\Users\mel\Desktop\MVI_9740.AVI 2015-12-11 11:05 - 2015-12-11 11:07 - 00000000 ____D C:\Users\mel\Desktop\bilder 2015-12-10 09:33 - 2015-12-10 10:11 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2015-12-10 09:33 - 2015-12-10 09:35 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-12-10 09:33 - 2015-12-10 09:33 - 00001482 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-12-10 09:33 - 2015-12-10 09:33 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking 2015-12-10 09:33 - 2015-12-10 09:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-12-10 09:33 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe 2015-12-09 22:02 - 2015-12-09 22:02 - 09498816 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2015-12-06 11:58 - 2015-12-06 12:00 - 00282106 _____ C:\TDSSKiller.3.1.0.7_06.12.2015_11.58.18_log.txt 2015-12-06 11:58 - 2015-12-06 11:58 - 00000434 _____ C:\TDSSKiller.3.1.0.5_06.12.2015_11.58.08_log.txt 2015-12-06 09:35 - 2015-12-06 09:35 - 00001120 _____ C:\Users\mel\Desktop\kai - Verknüpfung.lnk 2015-12-03 09:27 - 2015-12-03 09:27 - 00008436 _____ C:\Users\mel\Documents\cc_20151203_092729.reg 2015-12-03 08:25 - 2015-08-21 20:18 - 00044192 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys 2015-12-03 08:19 - 2015-12-03 08:19 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2015-12-02 13:01 - 2015-12-02 13:01 - 00934272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys 2015-12-02 07:15 - 2015-12-02 07:15 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2015-12-01 19:56 - 2015-12-01 19:56 - 00033608 _____ C:\Users\mel\Documents\cc_20151201_195650.reg 2015-11-30 22:23 - 2015-11-30 22:23 - 00001583 _____ C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO2015).lnk 2015-11-30 22:23 - 2015-11-30 22:23 - 00001347 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 2015.lnk 2015-11-30 22:15 - 2015-11-30 22:17 - 00008144 _____ C:\TDSSKiller.3.1.0.7_30.11.2015_22.15.11_log.txt 2015-11-30 22:14 - 2015-11-30 22:14 - 00000434 _____ C:\TDSSKiller.3.1.0.5_30.11.2015_22.14.04_log.txt 2015-11-30 19:08 - 2015-12-01 21:33 - 00000000 ____D C:\ProgramData\Avg 2015-11-30 19:08 - 2015-11-30 22:11 - 00000000 ____D C:\Users\mel\AppData\Local\AvgSetupLog 2015-11-30 19:08 - 2015-11-30 19:08 - 00000000 ____D C:\Users\mel\AppData\Local\Avg 2015-11-30 19:05 - 2015-11-30 19:05 - 00000000 ____D C:\Users\mel\AppData\Local\NetworkTiles 2015-11-30 18:55 - 2015-12-03 08:31 - 00002162 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2015-11-30 18:55 - 2015-11-30 18:55 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-11-30 18:55 - 2015-11-30 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-11-30 18:55 - 2015-11-30 18:55 - 00000000 ____D C:\Program Files\CCleaner 2015-11-30 18:54 - 2015-12-14 16:59 - 00000000 ____D C:\Users\mel\AppData\Roaming\Lavasoft 2015-11-30 18:54 - 2015-11-30 18:54 - 00000000 ____D C:\Users\mel\AppData\Local\Lavasoft 2015-11-30 18:54 - 2015-11-30 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-11-30 18:54 - 2015-11-30 18:54 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2015-11-30 18:53 - 2015-12-14 16:59 - 00000000 ____D C:\ProgramData\Lavasoft 2015-11-30 18:44 - 2015-11-30 18:44 - 00000000 ____D C:\Users\mel\AppData\Local\MicrosoftEdge 2015-11-30 18:23 - 2015-11-30 18:23 - 00002385 _____ C:\Users\mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-11-30 18:23 - 2015-11-30 18:23 - 00000000 ___RD C:\Users\mel\OneDrive 2015-11-30 18:23 - 2015-11-30 18:23 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2015-11-30 18:21 - 2015-11-30 18:21 - 00000000 ____D C:\Users\mel\AppData\Local\ActiveSync 2015-11-30 18:20 - 2015-11-30 18:20 - 00000000 ____D C:\Users\mel\AppData\Local\Publishers 2015-11-30 18:19 - 2015-11-30 18:19 - 00000000 ____D C:\Users\mel\AppData\Local\Comms 2015-11-30 18:19 - 2015-11-30 18:19 - 00000000 ____D C:\ProgramData\USOShared 2015-11-30 18:18 - 2015-11-30 18:18 - 00000020 ___SH C:\Users\mel\ntuser.ini 2015-11-30 18:18 - 2015-11-30 18:18 - 00000000 ____D C:\Users\mel\AppData\Local\TileDataLayer 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Videos 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Vorlagen 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Startmenü 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Eigene Dateien 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Druckumgebung 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Programme 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\ProgramData\Vorlagen 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\ProgramData\Startmenü 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\ProgramData\Dokumente 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien 2015-11-30 14:45 - 2015-11-30 14:45 - 00000000 _SHDL C:\Dokumente und Einstellungen 2015-11-30 14:41 - 2015-11-30 14:41 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat 2015-11-30 14:40 - 2015-12-14 11:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-11-30 14:30 - 2015-12-14 12:49 - 01802588 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-11-30 14:21 - 2015-11-30 14:21 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-11-30 14:15 - 2015-11-30 14:15 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2015-11-30 14:12 - 2015-12-09 22:21 - 00000000 ____D C:\Users\mel 2015-11-30 14:12 - 2015-11-30 14:31 - 00000000 ____D C:\Users\UpdatusUser 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Videos 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Vorlagen 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Startmenü 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Netzwerkumgebung 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Lokale Einstellungen 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Eigene Dateien 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Druckumgebung 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Documents\Eigene Videos 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Documents\Eigene Musik 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Documents\Eigene Bilder 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\AppData\Local\Verlauf 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\AppData\Local\Anwendungsdaten 2015-11-30 14:12 - 2015-11-30 14:12 - 00000000 _SHDL C:\Users\mel\Anwendungsdaten 2015-11-30 14:09 - 2015-11-30 14:09 - 00000000 ____H C:\ProgramData\DP45977C.lfl 2015-11-30 14:09 - 2015-11-30 14:09 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2015-11-30 14:09 - 2015-11-30 14:09 - 00000000 ____D C:\Program Files\Realtek 2015-11-30 14:08 - 2015-11-30 14:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2015-11-30 14:07 - 2015-11-30 14:07 - 00000000 ___HD C:\ProgramData\CanonBJ 2015-11-30 14:06 - 2015-11-30 14:06 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2015-11-30 14:06 - 2015-10-30 08:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2015-11-30 14:03 - 2015-11-30 18:56 - 00000000 ___DC C:\WINDOWS\Panther 2015-11-30 13:59 - 2015-12-01 17:52 - 00000000 ____D C:\Windows.old 2015-11-30 13:58 - 2015-11-30 13:58 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2015-11-30 13:56 - 2015-11-30 13:56 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2015-11-30 13:56 - 2015-11-30 13:56 - 00000000 ____D C:\Program Files\Reference Assemblies 2015-11-30 13:56 - 2015-11-30 13:56 - 00000000 ____D C:\Program Files\MSBuild 2015-11-30 13:56 - 2015-11-30 13:56 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2015-11-30 13:56 - 2015-11-30 13:56 - 00000000 ____D C:\Program Files (x86)\MSBuild 2015-11-30 13:55 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-11-30 13:55 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-11-30 13:55 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-11-30 13:55 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-11-30 13:55 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-11-30 13:55 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-11-30 12:44 - 2015-11-30 14:44 - 00013338 _____ C:\WINDOWS\diagwrn.xml 2015-11-30 12:44 - 2015-11-30 14:44 - 00013338 _____ C:\WINDOWS\diagerr.xml 2015-11-27 11:44 - 2015-11-27 11:44 - 00222377 _____ C:\Users\mel\Documents\farbkarte_2009.pdf 2015-11-26 17:01 - 2015-11-26 17:01 - 00187713 _____ C:\Users\mel\Documents\207454_Wulf.pdf 2015-11-22 12:34 - 2015-11-22 12:34 - 00006741 _____ C:\Users\mel\Documents\höger abmeldung.pdf 2015-11-20 13:55 - 2015-11-20 13:55 - 04241007 _____ C:\Users\mel\Documents\sunparadise VG_17-1.pdf 2015-11-20 13:21 - 2015-11-30 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2015-11-20 13:21 - 2015-11-20 13:21 - 00000000 ____D C:\Program Files\DIFX 2015-11-20 13:20 - 2015-11-20 13:21 - 00000000 ____D C:\Users\mel\AppData\Roaming\Garmin 2015-11-20 13:20 - 2015-11-20 13:21 - 00000000 ____D C:\Program Files (x86)\Garmin 2015-11-18 22:41 - 2015-11-18 22:41 - 00225429 _____ C:\Users\mel\Documents\Verlegeprofile-fuer-VSG-Glas-80-mm.pdf 2015-11-18 22:40 - 2015-11-18 22:40 - 00241377 _____ C:\Users\mel\Documents\Wintergartenprofile_isolierglas_80mm.pdf ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-14 17:04 - 2015-10-15 20:08 - 00000000 ____D C:\FRST 2015-12-14 17:02 - 2014-07-12 19:41 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-14 16:52 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-14 15:24 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-14 12:53 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2015-12-14 12:53 - 2014-07-30 10:19 - 00000000 ____D C:\TEMP 2015-12-14 12:53 - 2013-11-26 14:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-12-14 12:53 - 2013-11-26 14:46 - 00000000 ____D C:\ProgramData\NVIDIA 2015-12-14 12:53 - 2013-11-26 14:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2015-12-14 12:53 - 2013-11-26 14:45 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2015-12-14 12:49 - 2015-10-30 19:35 - 00777804 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-14 12:49 - 2015-10-30 19:35 - 00156080 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-14 12:46 - 2015-10-30 07:28 - 00000000 ____D C:\Windows 2015-12-14 11:42 - 2014-07-09 12:32 - 00004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E0E2EEF3-06A2-4B4A-AD68-D8AA0370F1BD} 2015-12-14 11:34 - 2013-11-15 16:20 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-12-14 11:33 - 2014-08-17 08:10 - 00000000 __SHD C:\Users\mel\IntelGraphicsProfiles 2015-12-14 11:32 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-12-14 11:26 - 2015-09-14 17:42 - 00000000 ____D C:\AdwCleaner 2015-12-14 10:25 - 2015-10-17 18:32 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-13 12:18 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\tracing 2015-12-13 11:46 - 2015-10-20 11:39 - 00000000 ____D C:\Users\mel\Desktop\viren 2015-12-13 11:46 - 2015-10-17 18:32 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-13 00:44 - 2015-11-05 07:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-11 11:58 - 2014-11-24 20:25 - 00000000 ____D C:\Users\mel\Documents\FinePrint-Dateien 2015-12-11 11:40 - 2014-08-07 22:15 - 00014336 _____ C:\Users\mel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-12-10 14:14 - 2014-07-09 12:22 - 00000000 ____D C:\Users\mel\AppData\Local\Packages 2015-12-10 11:21 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-09 22:02 - 2014-07-12 19:41 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-12-08 09:27 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-12-07 18:42 - 2015-09-26 23:26 - 00000000 ____D C:\Users\mel\Desktop\alles 2015-12-06 12:31 - 2015-10-17 18:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-12-06 09:36 - 2015-04-17 10:13 - 00000000 ___RD C:\Users\mel\kai 2015-12-02 17:50 - 2015-05-26 18:17 - 00000000 ____D C:\ProgramData\CanonIJPLM 2015-12-02 14:06 - 2014-10-27 08:08 - 01490944 _____ C:\WINDOWS\system32\wdfcoinstaller01007.dll 2015-11-30 22:47 - 2013-11-13 15:56 - 00000000 ____D C:\Program Files (x86)\Ashampoo 2015-11-30 22:46 - 2015-01-04 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2015-11-30 22:23 - 2013-11-13 15:58 - 00000000 ____D C:\ProgramData\ashampoo 2015-11-30 20:49 - 2015-10-15 07:41 - 00002904 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini 2015-11-30 20:49 - 2015-10-15 07:41 - 00002904 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini 2015-11-30 19:21 - 2014-07-09 12:26 - 00000000 __RDO C:\Users\mel\SkyDrive 2015-11-30 19:08 - 2014-07-18 11:41 - 00000974 _____ C:\Users\mel\Desktop\RegCleaner.lnk 2015-11-30 18:54 - 2015-10-15 07:40 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll 2015-11-30 18:54 - 2015-10-15 07:40 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll 2015-11-30 18:37 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow 2015-11-30 18:19 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2015-11-30 18:19 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PrintDialog 2015-11-30 18:19 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\MiracastView 2015-11-30 18:19 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2015-11-30 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\USOPrivate 2015-11-30 18:18 - 2014-07-09 14:17 - 00000000 __RHD C:\Users\Public\AccountPictures 2015-11-30 14:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache 2015-11-30 14:45 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2015-11-30 14:45 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows NT 2015-11-30 14:44 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2015-11-30 14:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Registration 2015-11-30 14:41 - 2015-01-20 18:33 - 00002076 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe 2015-11-30 14:41 - 2014-07-09 14:12 - 00002318 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-584950875-1343600559-1796236776-500 2015-11-30 14:41 - 2014-07-09 12:29 - 00002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-584950875-1343600559-1796236776-1002 2015-11-30 14:32 - 2015-10-30 08:24 - 00000000 __RSD C:\WINDOWS\Media 2015-11-30 14:32 - 2015-10-30 08:24 - 00000000 __RHD C:\Users\Public\Libraries 2015-11-30 14:30 - 2013-11-15 16:34 - 01829522 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2015-11-30 14:24 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-11-30 14:24 - 2015-09-28 08:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2015-11-30 14:24 - 2015-09-27 09:13 - 00000000 ____D C:\Users\mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UNAV 2015-11-30 14:24 - 2015-09-10 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\svnet 2015-11-30 14:24 - 2015-05-26 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG7100 series Manual 2015-11-30 14:24 - 2015-05-26 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG7100 series Benutzerregistrierung 2015-11-30 14:24 - 2015-04-28 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-11-30 14:24 - 2015-03-04 09:22 - 00000000 ____D C:\WINDOWS\de 2015-11-30 14:24 - 2015-01-20 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus 2015-11-30 14:24 - 2015-01-05 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter 2015-11-30 14:24 - 2015-01-04 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain 2015-11-30 14:24 - 2014-12-04 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam 2015-11-30 14:24 - 2014-11-14 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2015-11-30 14:24 - 2014-11-09 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-11-30 14:24 - 2014-08-20 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-11-30 14:24 - 2014-08-10 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in 2015-11-30 14:24 - 2014-07-23 18:18 - 00000000 ____D C:\Users\mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2015-11-30 14:24 - 2014-07-18 11:46 - 00000000 ____D C:\Users\mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FinePrint 2015-11-30 14:24 - 2014-07-16 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-11-30 14:24 - 2014-07-09 12:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-11-30 14:24 - 2013-11-26 14:54 - 00000000 ____D C:\Program Files\Dolby Digital Plus 2015-11-30 14:24 - 2013-11-26 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-11-30 14:24 - 2013-11-15 16:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-11-30 14:24 - 2013-11-13 16:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema 2015-11-30 14:24 - 2013-09-20 11:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\tr 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\sv 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\sl 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\pl 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\nl 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\it 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\hu 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\fr 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\fi 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\es 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\el 2015-11-30 14:24 - 2013-09-13 08:15 - 00000000 ____D C:\WINDOWS\da 2015-11-30 14:24 - 2013-08-22 21:57 - 00000000 ____D C:\WINDOWS\en-GB 2015-11-30 14:21 - 2013-08-22 14:36 - 00000000 ____D C:\Users\Default.migrated 2015-11-30 14:18 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe 2015-11-30 14:18 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\spool 2015-11-30 14:18 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-11-30 14:18 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod 2015-11-30 14:18 - 2014-07-20 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\%Report% 2015-11-30 14:18 - 2013-11-15 17:10 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles 2015-11-30 14:18 - 2013-11-15 17:02 - 00000000 ____D C:\WINDOWS\SysWOW64\sda 2015-11-30 14:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared 2015-11-30 14:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared 2015-11-30 14:16 - 2015-10-30 19:44 - 00000000 ____D C:\WINDOWS\ShellNew 2015-11-30 14:16 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2015-11-30 14:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2015-11-30 14:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\InputMethod 2015-11-30 14:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\IME 2015-11-30 14:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Help 2015-11-30 14:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer 2015-11-30 14:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS 2015-11-30 14:15 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-11-30 14:15 - 2015-05-26 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2015-11-30 14:15 - 2015-03-30 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer 2015-11-30 14:15 - 2013-11-15 16:34 - 00000000 ____D C:\Program Files\Intel 2015-11-30 14:15 - 2013-11-15 16:24 - 00000000 ____D C:\Program Files (x86)\Intel 2015-11-30 14:11 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2015-11-30 14:04 - 2015-10-30 19:55 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2015-11-30 14:03 - 2015-10-30 08:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2015-11-30 13:56 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI 2015-11-30 13:56 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\MUI 2015-11-30 12:44 - 2015-10-30 20:27 - 00000000 ___HD C:\$WINDOWS.~BT 2015-11-30 08:51 - 2014-07-11 18:09 - 09196032 ___SH C:\Users\mel\Desktop\Thumbs.db 2015-11-27 11:25 - 2015-10-18 18:11 - 00001847 _____ C:\Users\mel\Desktop\wulf -Externe-festplatte - Verknüpfung.lnk 2015-11-15 10:31 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData 2015-11-14 08:37 - 2014-07-16 17:38 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-11-14 08:32 - 2013-11-15 16:01 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-08-07 22:15 - 2015-12-11 11:40 - 0014336 _____ () C:\Users\mel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-18 11:28 - 2014-09-30 18:40 - 0004096 _____ () C:\Users\mel\AppData\Local\keyfile3.drm 2015-11-30 14:09 - 2015-11-30 14:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-11-13 16:08 - 2013-11-13 16:09 - 0000104 _____ () C:\ProgramData\{01FB4998-33C4-4431-85ED-079E3EEFE75D}.log 2013-11-13 16:09 - 2013-11-13 16:10 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-11-13 16:04 - 2013-11-13 16:06 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-11-13 16:02 - 2013-11-13 16:02 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-11-13 16:07 - 2013-11-13 16:08 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log 2013-11-13 16:02 - 2013-11-13 16:04 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log 2013-11-13 16:06 - 2013-11-13 16:06 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-10 19:15 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-12-2015 durchgeführt von mel (2015-12-14 17:05:33) Gestartet von C:\Users\mel\Desktop Windows 10 Home (X64) (2015-11-30 17:17:38) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-584950875-1343600559-1796236776-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-584950875-1343600559-1796236776-503 - Limited - Disabled) Gast (S-1-5-21-584950875-1343600559-1796236776-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-584950875-1343600559-1796236776-1004 - Limited - Enabled) mel (S-1-5-21-584950875-1343600559-1796236776-1002 - Administrator - Enabled) => C:\Users\mel UpdatusUser (S-1-5-21-584950875-1343600559-1796236776-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B} AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG) Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG) Ashampoo WinOptimizer 2015 (HKLM-x32\...\{4209F371-3276-A8F7-B851-845A83732AB4}_is1) (Version: 11.00.60 - Ashampoo GmbH & Co. KG) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.) Canon MG7100 series Benutzerregistrierung (HKLM-x32\...\Canon MG7100 series Benutzerregistrierung) (Version: - *Canon Inc.) Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: - Canon Inc.) Canon MG7100 series On-screen Manual (HKLM-x32\...\Canon MG7100 series On-screen Manual) (Version: 7.6.1 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform) Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Content Manager (HKLM-x32\...\Content Manager) (Version: 3.18.4.510611 - NNG Llc.) CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.) CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc) FinePrint (HKLM\...\FinePrint) (Version: 8.11 - FinePrint Software, LLC) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Fotoğraf Galerisi (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Free M4a to MP3 Converter 8.3 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free YouTube to MP3 Converter version 3.12.49.1022 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.49.1022 - DVDVideoSoft Ltd.) Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) GeForce Experience NvStream Client Components (Version: 0.1.87 - NVIDIA Corporation) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) ManyCam 4.0.110 (HKLM-x32\...\ManyCam) (Version: 4.0.110 - Visicom Media Inc.) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) MobileWiFi (HKLM-x32\...\MobileWiFi) (Version: TOOL-ConnLaucher_WIN1.12.08.00 - Huawei Technologies Co.,Ltd) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.) NVIDIA 3D Vision Treiber 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation) NVIDIA GeForce Experience 1.6.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) NVIDIA Virtual Audio 1.2.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.5 - NVIDIA Corporation) paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24735 - Razer Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek) SHIELD Streaming (Version: 1.05.28 - NVIDIA Corporation) Hidden Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) sv.net (HKLM-x32\...\sv.net) (Version: 15.1 - ITSG GmbH) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated) TuneUp Utilities 2014 (x32 Version: 14.0.1000.324 - TuneUp Software) Hidden Valokuvavalikoima (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Web Companion (HKLM-x32\...\{21869846-65a9-4ae4-ae5c-fa1e2a47c5ba}) (Version: 2.1.1199.2443 - Lavasoft) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Wiederherstellungspunkte ========================= 30-11-2015 20:33:29 Uniblue PC Mechanic installation 07-12-2015 14:45:30 Windows Modules Installer 13-12-2015 09:50:03 Uniblue DriverScanner installation 13-12-2015 19:13:06 JRT Pre-Junkware Removal 14-12-2015 16:58:49 JRT Pre-Junkware Removal ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2015-11-02 00:29 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0203F563-4605-48CE-AFA0-C8C0D073E83A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {04BAC4EB-EDC5-4784-A783-2953F5146DC8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated) Task: {0AEFA5BC-047B-4085-B9B4-3229CE88D885} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {1260C276-6B34-494C-B028-CBDBF3BB4579} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {1D574F6F-52FE-4991-BAF4-DDD02814F5CC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {2605EDBC-C9A2-4514-930E-4D2959987E8B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {2FD74334-CC8E-45D6-9B4C-F3104FC42794} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {473391CD-C37F-47AA-AA72-C293432ADC3E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {4A6F92D1-AB38-4D1F-A2E8-B397C3CDE5B7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {64BF7EC6-CC6F-4494-B3E8-23A512572B3F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) Task: {6C51E56C-0019-4373-883C-2797A29B204F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {71A3F48A-ECE5-461C-A274-005704136F63} - \Browsing Secure Updater -> Keine Datei <==== ACHTUNG Task: {75C9E233-80C7-4E14-85DC-B445EAEF43C0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {85568642-77FF-40D9-9688-37AE788BFA52} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {8D2F46E8-BD37-4EC3-B19D-D1BC7F718F6C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {9883592A-F260-46CB-93C2-350F69843A9A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {D7AF3D8F-B924-4E5A-ADE5-F6B2CE7910AD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd) Task: {F0CDC72C-09A3-4501-ACE8-5264C0BD3C5F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com <==== ACHTUNG ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-11-05 11:52 - 2006-02-23 11:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll 2015-11-05 11:52 - 2006-02-22 10:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll 2013-10-28 03:02 - 2013-10-28 03:02 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2015-02-05 00:24 - 2015-02-05 00:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2015-10-30 08:17 - 2015-10-30 08:17 - 02652784 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-10-30 08:17 - 2015-10-30 08:17 - 02652784 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-10-19 21:00 - 2015-10-19 21:00 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2015-10-30 08:17 - 2015-10-30 08:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2015-10-30 08:17 - 2015-10-30 08:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-10-30 08:18 - 2015-10-30 19:44 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-10-30 08:18 - 2015-10-30 19:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-10-30 08:18 - 2015-10-30 19:44 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-10-30 08:18 - 2015-10-30 19:44 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-08 22:18 - 2015-07-08 22:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll 2015-12-10 09:33 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2015-12-10 09:33 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2015-12-10 09:33 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2015-12-10 09:33 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2015-12-10 09:33 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2013-11-15 16:39 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\localhost -> localhost ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-584950875-1343600559-1796236776-1002\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run: => "BTMTrayAgent" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RtHDVCpl" HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby" HKLM\...\StartupApproved\Run: => "CanonMyPrinter" HKLM\...\StartupApproved\Run: => "CanonSolutionMenu" HKLM\...\StartupApproved\Run: => "IntelliPoint" HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8" HKLM\...\StartupApproved\Run32: => "CLVirtualDrive" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "YouCam Service" HKLM\...\StartupApproved\Run32: => "BTMTrayAgent" HKLM\...\StartupApproved\Run32: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "Nvtmru" HKLM\...\StartupApproved\Run32: => "SynTPEnh" HKLM\...\StartupApproved\Run32: => "CanonSolutionMenu" HKLM\...\StartupApproved\Run32: => "SDTray" HKLM\...\StartupApproved\Run32: => "Razer Synapse" HKLM\...\StartupApproved\Run32: => "CanonQuickMenu" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "AppLauncher" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "Mobile Partner" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "!DefaultSetup" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "BingSvc" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "Web Companion" HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\StartupApproved\Run: => "OneDrive" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{622D834C-1142-48F8-A529-F21031CEFA35}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B84FB0BC-7BFC-436C-8A4F-B46FA6E8C216}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{2473D294-E314-4539-B98E-BE5D7954EDA6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{1924D0C4-B7FE-4BBD-B224-ED70D683CBF1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{DDAFEAA6-701A-4EF4-85AC-03714C95D7AB}] => (Allow) LPort=1900 FirewallRules: [{E3E15ABE-7E25-46C3-B74C-A8ECEFE11768}] => (Allow) LPort=2869 FirewallRules: [{25A0087E-A324-4CD1-B43C-A00645ACB95D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{7E049A2E-B2DF-4709-AD14-6F2ED864A133}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A9BFB1E9-D569-44EA-AF31-55A7547AA540}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AD3D86C8-9D08-4282-B600-06D66D58F91E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{BD8567CD-18AF-4F3B-9890-47FAD209DC7A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{7C57A8A5-6887-4930-B692-5BDA66AD2CE3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe FirewallRules: [{8C8323B7-A320-497D-AA70-C0FD492FAAC6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe FirewallRules: [{77936D80-6A89-494F-A543-3C0D774614C7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{6AE7B4B4-D8EC-4095-9EDE-1D0407493CB4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: NVIDIA GeForce 825M Description: NVIDIA GeForce 825M Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: NVIDIA Service: nvlddmkm Problem: : This device cannot work properly until you restart your computer. (Code14) Resolution: Restart your computer. Name: Intel(R) Wireless Bluetooth(R) Description: Intel(R) Wireless Bluetooth(R) Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Intel Corporation Service: BTHUSB Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/14/2015 04:59:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (12/14/2015 02:21:06 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (12/14/2015 02:16:31 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (12/14/2015 12:46:21 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (12/14/2015 12:45:59 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (12/14/2015 11:42:13 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (12/14/2015 11:33:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 10.0.10586.0, Zeitstempel: 0x5632d7ba Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.10586.0, Zeitstempel: 0x5632d193 Ausnahmecode: 0xc0000008 Fehleroffset: 0x00000000000a88ea ID des fehlerhaften Prozesses: 0xa6c Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0 Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1 Pfad des fehlerhaften Moduls: svchost.exe_stisvc2 Berichtskennung: svchost.exe_stisvc3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_stisvc4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_stisvc5 Systemfehler: ============= Error: (12/14/2015 04:59:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/14/2015 04:53:05 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (12/14/2015 03:38:37 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/14/2015 03:24:07 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (12/14/2015 03:21:58 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (12/14/2015 03:20:46 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT-AUTORITÄT) Description: Für den Miniport "HUAWEI Mobile Connect - Network Card #3, {FDFBB685-C9D4-4E82-AF11-E0804C033362}" ist das Ereignis "74" aufgetreten. Error: (12/14/2015 02:58:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/14/2015 02:52:35 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT-AUTORITÄT) Description: Für den Miniport "HUAWEI Mobile Connect - Network Card #3, {FDFBB685-C9D4-4E82-AF11-E0804C033362}" ist das Ereignis "74" aufgetreten. Error: (12/14/2015 02:46:57 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (12/14/2015 02:46:53 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT-AUTORITÄT) Description: Für den Miniport "HUAWEI Mobile Connect - Network Card #3, {FDFBB685-C9D4-4E82-AF11-E0804C033362}" ist das Ereignis "74" aufgetreten. CodeIntegrity: =================================== Date: 2015-12-08 07:17:36.441 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-30 14:41:55.725 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-30 14:32:00.067 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-30 14:08:00.902 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz Prozentuale Nutzung des RAM: 46% Installierter physikalischer RAM: 8100.68 MB Verfügbarer physikalischer RAM: 4304.2 MB Summe virtueller Speicher: 9380.68 MB Verfügbarer virtueller Speicher: 2078.29 MB ==================== Laufwerke ================================ Drive c: (Boot) (Fixed) (Total:869.36 GB) (Free:585.74 GB) NTFS Drive d: (Recover) (Fixed) (Total:60 GB) (Free:42.19 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: F2E9FFFD) Partition: GPT. ==================== Ende von Addition.txt ============================ habe was vergessen Code:
ATTFilter # AdwCleaner v5.025 - Bericht erstellt am 14/12/2015 um 22:10:00 # Aktualisiert am 13/12/2015 von Xplode # Datenbank : 2015-12-13.2 [Server] # Betriebssystem : Windows 10 Home (x64) # Benutzername : mel - MAX # Gestartet von : C:\Users\mel\Desktop\AdwCleaner_5.025.exe # Option : Suchlauf # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** ***** [ Dateien ] ***** ***** [ DLL ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Internetbrowser ] ***** ########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [609 Bytes] ########## |
15.12.2015, 23:00 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | word und explorer reagieren nicht mehr bei eingabe FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-584950875-1343600559-1796236776-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG FF HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\ofeodm54.default\extensions\cliqz@cliqz.com => nicht gefunden Task: {0AEFA5BC-047B-4085-B9B4-3229CE88D885} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {1260C276-6B34-494C-B028-CBDBF3BB4579} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {1D574F6F-52FE-4991-BAF4-DDD02814F5CC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {2605EDBC-C9A2-4514-930E-4D2959987E8B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {2FD74334-CC8E-45D6-9B4C-F3104FC42794} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {473391CD-C37F-47AA-AA72-C293432ADC3E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {6C51E56C-0019-4373-883C-2797A29B204F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {71A3F48A-ECE5-461C-A274-005704136F63} - \Browsing Secure Updater -> Keine Datei <==== ACHTUNG Task: {85568642-77FF-40D9-9688-37AE788BFA52} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {8D2F46E8-BD37-4EC3-B19D-D1BC7F718F6C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {9883592A-F260-46CB-93C2-350F69843A9A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {F0CDC72C-09A3-4501-ACE8-5264C0BD3C5F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com <==== ACHTUNG C:\Windows.old emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
18.12.2015, 21:56 | #15 |
| word und explorer reagieren nicht mehr bei eingabeCode:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:17-12-2015 durchgeführt von mel (2015-12-18 21:48:10) Run:2 Gestartet von C:\Users\mel\Desktop Geladene Profile: mel (Verfügbare Profile: UpdatusUser & mel) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-584950875-1343600559-1796236776-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG FF HKU\S-1-5-21-584950875-1343600559-1796236776-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\ofeodm54.default\extensions\cliqz@cliqz.com => nicht gefunden Task: {0AEFA5BC-047B-4085-B9B4-3229CE88D885} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {1260C276-6B34-494C-B028-CBDBF3BB4579} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {1D574F6F-52FE-4991-BAF4-DDD02814F5CC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {2605EDBC-C9A2-4514-930E-4D2959987E8B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {2FD74334-CC8E-45D6-9B4C-F3104FC42794} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {473391CD-C37F-47AA-AA72-C293432ADC3E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {6C51E56C-0019-4373-883C-2797A29B204F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {71A3F48A-ECE5-461C-A274-005704136F63} - \Browsing Secure Updater -> Keine Datei <==== ACHTUNG Task: {85568642-77FF-40D9-9688-37AE788BFA52} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {8D2F46E8-BD37-4EC3-B19D-D1BC7F718F6C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {9883592A-F260-46CB-93C2-350F69843A9A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {F0CDC72C-09A3-4501-ACE8-5264C0BD3C5F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com <==== ACHTUNG C:\Windows.old emptytemp: ***************** HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Schlüssel nicht gefunden. HKU\S-1-5-21-584950875-1343600559-1796236776-1002\SOFTWARE\Policies\Microsoft\Internet Explorer => Schlüssel nicht gefunden. HKU\S-1-5-21-584950875-1343600559-1796236776-1002\Software\Mozilla\Firefox\Extensions\\cliqz@cliqz.com => Wert nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AEFA5BC-047B-4085-B9B4-3229CE88D885} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1260C276-6B34-494C-B028-CBDBF3BB4579} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D574F6F-52FE-4991-BAF4-DDD02814F5CC} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2605EDBC-C9A2-4514-930E-4D2959987E8B} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FD74334-CC8E-45D6-9B4C-F3104FC42794} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{473391CD-C37F-47AA-AA72-C293432ADC3E} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C51E56C-0019-4373-883C-2797A29B204F} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71A3F48A-ECE5-461C-A274-005704136F63} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browsing Secure Updater => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85568642-77FF-40D9-9688-37AE788BFA52} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D2F46E8-BD37-4EC3-B19D-D1BC7F718F6C} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9883592A-F260-46CB-93C2-350F69843A9A} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0CDC72C-09A3-4501-ACE8-5264C0BD3C5F} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => Schlüssel nicht gefunden. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk => Verknüpfung Eigenschaft erfolgreich entfernt. "C:\Windows.old" => nicht gefunden. EmptyTemp: => 87.3 MB temporäre Dateien entfernt. Das System musste neu gestartet werden. ==== Ende von Fixlog 21:48:18 ==== |
Themen zu word und explorer reagieren nicht mehr bei eingabe |
eingabe, einiger, explorer, firefox, folge, folgendes, löschen, nicht mehr, reagieren, runter, virus, weile |